[harrykewell]

First of all, I'm from Hong Kong and I'm new here, sorry if my english is difficult to understand.

Last week, when i browsing a web, there was many "Critical error" message pop up suddenly.
There's also a System restore window that keeps popping up, there has a Windows logo on it which made me trust it is a reliable progam so i run it.

After the scan, my computer was detected 12 problems, such as:
Disk Drive C unreadable; Display card is overheat; Hard drive rotational speed has been decreased by 20%; Damaged hard drive clusters detected....etc

A moment later, i reboot the computer.
This time, i saw the desktop turned black, desktop icons were gone, C drive files has gone and the startup menu is empty.
The System restore window & many error message pop up again!

Fortunately, i still can using the internet. I've download some programs to fix those problem like: RogueKiller, Trojankiller, SpywareTerminator... but no any big help. So i need your help!

Thank you in advance!

Attached Files

•  OTL.Txt   134.34KB   158 downloads

Edited by harrykewell, 14 November 2011 - 03:45 AM.

[Advertisements]

Hi, harrykewell! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
• You must reply within four days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Since you have no internet right now on the infected computer please run this program on the clean computer with the USB flash drive you are using to transfer files back and forth:

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Step 1.

Download RogueKiller to your desktop.

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Rerun RogueKiller

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


Step 3.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



Step 4.

• Download OTL to your Desktop
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Standard output is selected.
• Select Scan all users
• Under Extra Registry select Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  msconfig
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  iexplorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  C:\Windows\assembly\tmp\U\*.* /s
  CREATERESTOREPOINT
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
  
• When the scan completes, it will open OTL.Txt in Notepad window and the Extras.txt file on the task bar.
• Please copy (Edit->Select All, Edit->Copy) the content of this file, the Extras.txt file, and post them with your next reply.

Step 5.

Please Post:

both RkReport.txt files
aswMBR log
OTL.txt
Extras.txt

[CompCav]

Hi, harrykewell! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
• You must reply within four days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Since you have no internet right now on the infected computer please run this program on the clean computer with the USB flash drive you are using to transfer files back and forth:

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Step 1.

Download RogueKiller to your desktop.

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Rerun RogueKiller

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


Step 3.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



Step 4.

• Download OTL to your Desktop
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Standard output is selected.
• Select Scan all users
• Under Extra Registry select Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  msconfig
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  iexplorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  C:\Windows\assembly\tmp\U\*.* /s
  CREATERESTOREPOINT
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
  
• When the scan completes, it will open OTL.Txt in Notepad window and the Extras.txt file on the task bar.
• Please copy (Edit->Select All, Edit->Copy) the content of this file, the Extras.txt file, and post them with your next reply.

Step 5.

Please Post:

both RkReport.txt files
aswMBR log
OTL.txt
Extras.txt

[harrykewell]

Hi CompCav! Thanks for your response!

RogueKiller V6.1.9 [11/16/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Compaq_Owner [Admin rights]
Mode: Remove -- Date : 11/17/2011 14:06:49

中?Bad processes: 0 中?

中?Registry Entries: 4 中?
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{84B1A40F-6ED0-4C62-9169-71CADB07BAAB} : NameServer (218.102.60.110 218.102.52.81) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{84B1A40F-6ED0-4C62-9169-71CADB07BAAB} : NameServer (218.102.60.110 218.102.52.81) -> NOT REMOVED, USE DNSFIX
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)

中?Particular Files / Folders: 中?

中?Driver: [LOADED] 中?

中?Infection : 中?

中?HOSTS File: 中?
127.0.0.1 localhost
74.125.39.99 clients2.google.com
74.125.39.99 chrome.google.com
74.125.39.99 tools.google.com


Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V6.1.9 [11/16/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Compaq_Owner [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/17/2011 14:35:17

中?Bad processes: 0 中?

中?Driver: [LOADED] 中?

中?File attributes restored: 中?
Desktop: Success 0 / Fail 2
Quick launch: Success 0 / Fail 0
Programs: Success 30831 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 24 / Fail 2
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 134 / Fail 2
Backup: [FOUND] Success 0 / Fail 167

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

中?Infection : Fake HDD 中?

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-17 15:08:11
-----------------------------
15:08:11.015 OS Version: Windows 5.1.2600 Service Pack 3
15:08:11.015 Number of processors: 1 586 0x401
15:08:11.015 ComputerName: YOUR-B6B8C81848 UserName: Compaq_Owner
15:08:15.109 Initialize success
15:08:37.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:08:37.078 Disk 0 Vendor: ST380013AS 3.40 Size: 76319MB BusType: 3
15:08:39.093 Disk 0 MBR read successfully
15:08:39.093 Disk 0 MBR scan
15:08:39.093 Disk 0 unknown MBR code
15:08:39.093 Disk 0 scanning sectors +156301472
15:08:40.890 Disk 0 scanning C:\WINDOWS\system32\drivers
15:09:00.859 Service scanning
15:09:03.156 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:09:04.078 Modules scanning
15:09:15.046 Disk 0 trace - called modules:
15:09:15.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys sptd.sys hal.dll >>UNKNOWN [0x81d3d8ac]<<
15:09:15.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81cef030]
15:09:15.078 3 CLASSPNP.SYS[f952afd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x81d02b28]
15:09:15.453 Scan finished successfully
15:09:35.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\桌面\MBR.dat"
15:09:36.593 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\桌面\aswMBR.txt"

OTL logfile created on: 17/11/2011 15:12:24 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Owner\桌面
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

247.30 Mb Total Physical Memory | 58.01 Mb Available Physical Memory | 23.46% Memory free
763.69 Mb Paging File | 283.33 Mb Available in Paging File | 37.10% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.49 Gb Total Space | 23.53 Gb Free Space | 33.38% Space Free | Partition Type: NTFS
Drive D: | 4.02 Gb Total Space | 0.24 Gb Free Space | 5.96% Space Free | Partition Type: FAT32

Computer Name: YOUR-B6B8C81848 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 13:25:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\桌面\OTL.exe
PRC - [2011/11/08 14:23:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/11/08 14:23:29 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/28 03:09:56 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2011/03/04 14:51:49 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:13:27 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/15 18:54:48 | 000,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/15 18:54:45 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2006/01/10 16:54:42 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2005/10/31 11:18:48 | 000,101,888 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\ESPNRunTime\DIGServices.exe
PRC - [2004/07/29 08:34:22 | 002,551,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/07/29 07:40:18 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2011/06/09 11:15:02 | 000,709,992 | ---- | M] () -- C:\WINDOWS\system32\kindling.dll
MOD - [2010/06/17 15:30:08 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/02/27 17:49:46 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.CHT
MOD - [2008/02/01 15:53:38 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Foxy\LinkMaker.dll
MOD - [2006/07/20 22:59:59 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Wyyo Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/08 14:23:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/11/08 14:23:30 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/11/08 14:23:29 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/11/08 14:23:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/28 03:09:56 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2011/06/29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/10 16:54:42 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2005/07/31 22:08:57 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)


========== Driver Services (SafeList) ==========

DRV - [2011/11/17 14:41:10 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/11/08 14:23:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/11/08 14:23:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010/12/18 19:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/07/30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/06/17 15:30:08 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:30:03 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/12/20 17:40:12 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/01/10 16:54:17 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2005/11/22 00:35:00 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20051122.048\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/07/28 14:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 11:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 11:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 11:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 11:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/09/30 05:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 17:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/12 18:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/07/30 03:04:26 | 002,216,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2003/07/18 23:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 18:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/05 00:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 05:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://hk.news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.hk/
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
IE - HKU\S-1-5-21-244719459-1331797888-486331773-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.hk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:1.5.0.850
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.4.0.4340
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF [2009/07/30 13:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\1.5.0.850\FF [2009/07/30 13:57:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/06/13 18:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/10 01:19:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/26 17:57:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/26 17:57:24 | 000,000,000 | ---D | M]

[2009/12/19 16:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2011/10/29 14:51:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\n3n2wduz.default\extensions
[2009/12/19 16:08:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\n3n2wduz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/07/09 10:20:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\n3n2wduz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/07/12 10:50:09 | 000,000,000 | ---D | M] (Megaupload Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\n3n2wduz.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2011/09/26 17:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/10/03 15:38:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/11 22:53:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/11 16:31:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/11 13:14:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/12/19 16:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N3N2WDUZ.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N3N2WDUZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N3N2WDUZ.DEFAULT\EXTENSIONS\[email protected]
[2009/03/15 19:25:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/03 14:45:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/01/08 08:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll
[2011/09/03 09:27:31 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2011/09/03 09:27:31 | 000,001,222 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2011/09/03 09:27:31 | 000,001,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2011/09/03 09:27:31 | 000,000,843 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2011/09/03 09:27:31 | 000,001,161 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-zh-TW.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: npruntime scriptable example plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npuuseep.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Koji NISHIDA = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf\2_0\
CHR - Extension: \u95DC\u71C8\u770B\u5F71\u7247 = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.11_0\
CHR - Extension: \u76F8\u7247\u5FEB\u89BD = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gcdnkhmbcjbngnfkdoegbeeibikpkkop\1.0.1.6_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2010/10/13 20:23:52 | 000,000,831 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.39.99 clients2.google.com
O1 - Hosts: 74.125.39.99 chrome.google.com
O1 - Hosts: 74.125.39.99 tools.google.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (ShowHKToolbar Class) - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! 工具列) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\..\Toolbar\WebBrowser: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O3 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\..\Toolbar\WebBrowser: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll File not found
O3 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\..\Toolbar\WebBrowser: (Yahoo! 工具列) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe File not found
O4 - HKU\S-1-5-21-244719459-1331797888-486331773-1007..\Run: [Acme.PCHButton] C:\Program Files\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKU\S-1-5-21-244719459-1331797888-486331773-1007..\Run: [BoontyBox] File not found
O4 - HKU\S-1-5-21-244719459-1331797888-486331773-1007..\Run: [Steam] "C:\Program Files\新資料夾\Steam.exe" -silent File not found
O4 - HKU\S-1-5-21-244719459-1331797888-486331773-1007..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\祔襠紱攫忒.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Foxy 下載 - C:\Program Files\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: Foxy 搜尋 - C:\Program Files\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: Google 網頁註解... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: 加到 Windows Live Favorites(W) - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm File not found
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} https://favorites.li...?v=13,0,0831,02 (FavImport Class)
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} http://www.clubbox.c.../NowStarter.cab (NowStarter Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (dnlplayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.0.cab (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} http://file.nx.com/a...ic_new/nxpm.cab (Nexon Package Manager Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33527649-30BB-4C61-9D70-638D64A6670E} http://www.littlefig...k/LaunchLFO.ocx (LaunchLFO Control)
O16 - DPF: {47F7AB40-86FD-4385-991D-895E2E3E1255} http://2008.i-cable....deo/p2pactx.cab (p2pactx Control)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://download.tvan.../cab/tvants.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.co....cab?10,0,911,0 (MSN Photo Upload Tool)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com...ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} http://download.ppst...powerplayer.cab (PowerPlayer Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1133767466234 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1133767443718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} http://img.funtigo.c...ureUploader.cab (Seekford Solutions, Inc.'s ssiPictureUploader Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...5/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CB8C846C-955F-407F-BC0B-22D1D573DD78} http://weblogin.funt...gin_ActiveX.CAB (Funtown_Weblogin.Weblogin_ActiveX)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...wn.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84B1A40F-6ED0-4C62-9169-71CADB07BAAB}: NameServer = 218.102.60.110 218.102.52.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6DBAB60-4AF9-4B3C-822A-0823421AC102}: DhcpNameServer = 192.168.8.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/05 10:39:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | --S- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{33c7faca-9afb-11de-a97a-0011d8288acf}\Shell - "" = AutoRun
O33 - MountPoints2\{33c7faca-9afb-11de-a97a-0011d8288acf}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{37165260-eb37-11db-a206-0011d8288acf}\Shell - "" = AutoRun
O33 - MountPoints2\{37165260-eb37-11db-a206-0011d8288acf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{dd379c7d-9ca4-11e0-ae46-0011d8288acf}\Shell - "" = AutoRun
O33 - MountPoints2\{dd379c7d-9ca4-11e0-ae46-0011d8288acf}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Compaq_Owner^「開始」功能表^程式集^啟動^Dropbox.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Compaq_Owner^「開始」功能表^程式集^啟動^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Compaq_Owner^「開始」功能表^程式集^啟動^NextOffice 8.3.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BitTorrent - hkey= - key= - C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: PPAP - hkey= - key= - C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
MsConfig - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
MsConfig - StartUpReg: sXe Injected - hkey= - key= - File not found
MsConfig - StartUpReg: UUSeeMediaCenter - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 15:08:04 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\桌面\aswMBR.exe
[2011/11/17 14:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\桌面\RK_Quarantine
[2011/11/14 13:26:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\桌面\OTL.exe
[2011/11/13 20:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Spyware Terminator
[2011/11/13 20:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/11/13 20:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「開始」功能表\程式集\Spyware Terminator 2012
[2011/11/13 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011/11/10 19:09:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2011/11/10 17:54:18 | 000,499,712 | --S- | C] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\ItjhoTuqFV.exe
[2011/11/07 15:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「開始」功能表\程式集\GridinSoft
[2011/11/07 15:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/06 23:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\「開始」功能表\程式集\System Restore
[2011/11/06 23:22:22 | 000,353,280 | ---- | C] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/11/06 23:20:56 | 000,466,944 | --S- | C] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\kuRLTCDnyhmgyh.exe
[2011/11/06 23:18:58 | 000,462,848 | --S- | C] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\EMSTOQkqCSJFM.exe
[2011/10/27 20:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microangelo Toolset 6
[2011/10/27 20:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\「開始」功能表\程式集\Microangelo Toolset 6
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/17 15:09:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\桌面\MBR.dat
[2011/11/17 15:08:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\桌面\aswMBR.exe
[2011/11/17 15:01:01 | 000,000,650 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-244719459-1331797888-486331773-1007UA.job
[2011/11/17 14:42:03 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/17 14:41:10 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/17 14:00:30 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/11/17 11:31:47 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/17 11:31:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2011/11/17 11:31:38 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/11/17 11:31:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/17 11:31:26 | 259,379,200 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/16 20:40:04 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/11/16 17:12:11 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/11/16 16:37:28 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F1074E1F-2FDC-417F-9830-4B4940F1801D}.job
[2011/11/16 10:10:05 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/11/16 09:01:08 | 000,000,598 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-244719459-1331797888-486331773-1007Core.job
[2011/11/15 10:37:32 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 13:25:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\桌面\OTL.exe
[2011/11/14 10:10:46 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/14 10:10:45 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\桌面\Google Chrome.lnk
[2011/11/10 18:01:38 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/10 18:01:37 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/10 17:50:53 | 000,499,712 | --S- | M] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\ItjhoTuqFV.exe
[2011/11/10 10:52:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/10 10:45:59 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/11/08 14:23:34 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/11/08 14:23:34 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/11/07 14:37:55 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/11/07 13:35:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/06 23:52:21 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/06 23:22:23 | 000,353,280 | ---- | M] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/11/06 23:20:22 | 000,466,944 | --S- | M] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\kuRLTCDnyhmgyh.exe
[2011/11/06 23:18:21 | 000,462,848 | --S- | M] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\EMSTOQkqCSJFM.exe
[2011/10/27 15:23:07 | 000,092,560 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\bookmarks_11_10_27.html
[2011/10/25 18:24:23 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Adobe Reader 9.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/17 15:09:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\桌面\MBR.dat
[2011/11/13 20:37:40 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/11/10 10:45:57 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/11/07 02:13:53 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Sony Ericsson PC Companion 2.0.lnk
[2011/11/07 02:13:53 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Adobe Reader 9.lnk
[2011/11/07 02:13:53 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\PPTV.lnk
[2011/11/07 02:13:53 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Mozilla Firefox.lnk
[2011/11/07 02:13:52 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/07 02:13:52 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/11/07 02:13:52 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\啟動 Internet Explorer 瀏覽器.lnk
[2011/11/07 02:13:52 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/07 02:13:52 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Poladroid 9.6.0.lnk
[2011/11/07 02:13:52 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/07 02:13:52 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV 厙釐萇弝.lnk
[2011/11/07 02:13:52 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PPStream.lnk
[2011/11/07 02:13:52 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/11/07 02:13:52 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa2.lnk
[2011/11/07 02:13:52 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxy.lnk
[2011/11/07 02:13:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\顯示桌面.scf
[2011/11/07 02:13:52 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.bestie
[2011/11/07 02:13:51 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/11/07 02:13:51 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\DcOo CS1.6 笢恅唳.lnk
[2011/11/07 02:13:51 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\DcOo CS1.6.lnk
[2011/11/07 02:13:47 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\Windows 筆記本檢視器.lnk
[2011/11/07 02:13:47 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\WordPad.lnk
[2011/11/07 02:13:47 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\祔襠紱攫忒.lnk
[2011/11/07 02:13:47 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\Windows Messenger.lnk
[2011/11/07 02:13:45 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\Poladroid 0.9.6r0.lnk
[2011/11/07 02:13:44 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/11/07 02:13:44 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\Microsoft Works 工作總管.lnk
[2011/11/07 02:13:40 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\Adobe Reader 9.lnk
[2011/11/07 01:10:08 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/06 23:52:19 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/06 23:24:45 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/06 23:24:44 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/06 23:23:30 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/27 15:23:05 | 000,092,560 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\bookmarks_11_10_27.html
[2011/06/09 11:15:02 | 000,709,992 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011/04/13 04:47:38 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\bdsecustat.dat
[2011/04/05 23:49:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/01/01 20:42:21 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/10/27 20:18:30 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/10/27 20:07:34 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/10/27 20:07:13 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/10/05 10:56:27 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Poladroid prefs.plist
[2010/06/18 08:37:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/14 22:55:38 | 000,000,204 | -H-- | C] () -- C:\WINDOWS\struct~.ini
[2010/05/04 20:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UnACE.dll
[2009/12/23 15:35:23 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/11/04 23:51:38 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2009/11/04 23:51:34 | 000,000,305 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2009/10/24 09:09:28 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\MediaList.ini
[2009/10/21 22:14:24 | 000,000,042 | -H-- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2009/07/20 01:39:28 | 008,801,704 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009/06/15 02:38:00 | 000,000,159 | -H-- | C] () -- C:\WINDOWS\powerlist.ini
[2009/06/15 02:38:00 | 000,000,113 | -H-- | C] () -- C:\WINDOWS\PPSMediaList.ini
[2009/06/15 02:35:06 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\msgtn.ini
[2009/03/26 15:36:59 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\WinDll.dll
[2009/02/04 17:50:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsis_loader.dll
[2009/01/01 13:42:28 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\Unhtml.dll
[2008/11/15 08:54:06 | 001,023,456 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2008/08/26 12:12:22 | 000,213,072 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2008/03/01 20:23:20 | 001,278,545 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\NMM-MetaData.db
[2007/06/28 14:26:39 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/05/14 14:31:39 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007/01/19 16:31:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2006/10/29 17:58:50 | 000,000,600 | -H-- | C] () -- C:\WINDOWS\nstower.ini
[2006/09/24 12:09:39 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\sversion.ini
[2006/09/24 12:02:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2006/09/17 20:34:46 | 000,002,452 | -H-- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/09/16 09:42:53 | 000,002,056 | -H-- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/09/13 19:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006/08/25 13:51:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006/07/30 15:18:26 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\vidwiz.ini
[2006/07/30 15:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2006/07/30 15:16:15 | 000,000,751 | -H-- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/07/30 15:16:15 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\dswplug.ini
[2006/07/30 15:16:15 | 000,000,011 | -H-- | C] () -- C:\WINDOWS\Msdevctl.ini
[2006/05/31 15:59:23 | 000,020,992 | ---- | C] () -- C:\WINDOWS\igBrowse.exe
[2006/05/31 15:59:23 | 000,018,432 | ---- | C] () -- C:\WINDOWS\igUninst.exe
[2006/05/31 15:59:22 | 000,668,938 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/05/31 15:59:22 | 000,001,345 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/03/01 00:09:07 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/02/16 16:30:24 | 000,000,078 | -H-- | C] () -- C:\WINDOWS\System32\fscagent.ini
[2006/01/11 16:27:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\srkey.exe
[2005/12/29 11:48:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/12/16 22:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/16 22:00:13 | 000,002,947 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/11/30 08:21:20 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2005/11/11 18:39:06 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/05/01 00:08:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/04/30 23:15:45 | 000,000,144 | -H-- | C] () -- C:\WINDOWS\Eudcedit.ini
[2005/04/17 17:18:49 | 000,020,992 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/16 13:23:19 | 000,000,536 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/03/16 16:08:42 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/08 14:37:12 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/03/08 12:15:24 | 000,007,260 | -H-- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/03/08 12:15:13 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2005/03/08 12:15:06 | 000,000,414 | -H-- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/12/01 11:13:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/12/01 11:13:35 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/12/01 10:40:41 | 000,261,056 | ---- | C] () -- C:\WINDOWS\winhelp.exe
[2004/12/01 10:38:58 | 000,112,200 | ---- | C] () -- C:\WINDOWS\System32\prfi0404.dat
[2004/12/01 10:38:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\prfd0404.dat
[2004/12/01 10:38:51 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/12/01 10:38:51 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/12/01 10:38:47 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/12/01 10:38:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/12/01 10:38:35 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/01 10:38:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/12/01 10:38:02 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/20 10:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 10:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/03/17 21:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 21:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2004/01/06 01:20:45 | 000,000,872 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/06 01:20:25 | 000,445,578 | ---- | C] () -- C:\WINDOWS\System32\prfh0404.dat
[2004/01/06 01:20:25 | 000,265,490 | ---- | C] () -- C:\WINDOWS\System32\prfc0404.dat
[2004/01/06 01:20:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/06 01:20:07 | 000,443,078 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/06 01:20:06 | 000,072,344 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/06 01:08:57 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/05 12:11:45 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/01/05 12:11:01 | 000,013,107 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/05 12:10:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/05 11:50:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/01/05 11:50:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/01/05 11:50:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/01/05 11:50:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/01/05 11:50:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/01/05 11:50:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/01/05 11:32:51 | 000,003,216 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/05 11:25:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/01/05 11:25:24 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/01/05 11:21:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/01/05 11:21:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/01/05 11:21:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/01/05 10:54:03 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/05 10:54:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/05 10:53:44 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/05 10:44:36 | 000,000,823 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/05 10:42:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/05 10:36:09 | 000,021,456 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/05 10:30:20 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/05 10:27:59 | 000,284,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/11 06:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/06/02 16:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/02 17:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/31 23:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Baidu
[2005/07/31 22:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2008/09/07 23:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/10/31 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/11/01 11:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2006/05/14 23:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESPN
[2011/06/13 18:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2004/01/05 11:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/04/23 21:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2011/05/01 11:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kingsoft
[2011/05/02 10:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kuaikuai
[2010/01/19 20:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/03/01 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2005/08/03 20:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2006/09/23 18:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/06/17 08:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2009/11/07 10:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2010/08/11 11:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/11/16 09:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/12/23 15:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/12 10:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2009/06/26 11:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/01 23:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\881903
[2010/06/23 12:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AddressBar
[2010/02/16 23:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Baidu
[2011/11/02 16:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent
[2010/06/14 22:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\CCTV
[2006/12/22 09:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DeskSoft
[2011/09/19 13:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DNA
[2011/09/26 17:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Dropbox
[2009/11/04 23:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FlashgetSetup
[2010/10/07 16:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Foxy
[2009/02/08 15:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GanymedeNet
[2009/06/21 02:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GetRightToGo
[2005/11/30 08:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Intervideo
[2005/03/08 12:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2011/06/13 18:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nokia
[2009/10/10 23:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PC Suite
[2011/04/23 23:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PPlive
[2009/11/05 20:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PPLiveVA
[2010/04/21 03:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PPStream
[2006/04/20 19:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Raptisoft
[2004/01/05 23:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2005/10/18 17:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SecondLife
[2011/04/13 03:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SE_logs
[2011/06/09 08:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sony
[2009/12/23 15:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SpinTop
[2011/11/13 20:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Spyware Terminator
[2005/03/30 11:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2011/05/31 23:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TTPlayer
[2009/05/10 03:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\winstron
[2004/01/05 11:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intervideo
[2004/01/05 23:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2011/11/16 10:10:05 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/11/16 20:40:04 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/11/16 17:12:11 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/11/17 14:00:30 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/11/17 11:31:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
[2011/11/16 16:37:28 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F1074E1F-2FDC-417F-9830-4B4940F1801D}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2004/08/12 04:00:00 | 000,976,896 | ---- | M] (Microsoft Corporation) MD5=211358AE74733075C22142B3AC519A19 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/18 19:39:41 | 000,977,920 | ---- | M] (Microsoft Corporation) MD5=3DDB98936B29019549C6FBABD86846E7 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/15 18:54:48 | 000,978,432 | ---- | M] (Microsoft Corporation) MD5=88057E7B74236C11098E4D4EEAC7DF5E -- C:\WINDOWS\explorer.exe
[2008/04/15 18:54:48 | 000,978,432 | ---- | M] (Microsoft Corporation) MD5=88057E7B74236C11098E4D4EEAC7DF5E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/15 18:54:48 | 000,978,432 | ---- | M] (Microsoft Corporation) MD5=88057E7B74236C11098E4D4EEAC7DF5E -- C:\WINDOWS\SoftwareDistribution\Download\44efa6227a0729b233508b6f95c3fb71\explorer.exe
[2007/06/18 19:41:21 | 000,977,920 | ---- | M] (Microsoft Corporation) MD5=D1822278F43E2850E03EF36D29686D4F -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/15 18:54:55 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=3AECECC06B3C127F625A73BB6E01668C -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/15 18:54:55 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=3AECECC06B3C127F625A73BB6E01668C -- C:\WINDOWS\SoftwareDistribution\Download\44efa6227a0729b233508b6f95c3fb71\svchost.exe
[2008/04/15 18:54:55 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=3AECECC06B3C127F625A73BB6E01668C -- C:\WINDOWS\system32\svchost.exe
[2004/08/12 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8AB5BC670D2B17DB59789500524E08FE -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/12 04:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=55FC3F751B389187404BA70EAF989F9D -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/15 18:54:57 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=A66E0579B78B8C1A62330BB124C9CD23 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/15 18:54:57 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=A66E0579B78B8C1A62330BB124C9CD23 -- C:\WINDOWS\SoftwareDistribution\Download\44efa6227a0729b233508b6f95c3fb71\userinit.exe
[2008/04/15 18:54:57 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=A66E0579B78B8C1A62330BB124C9CD23 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/15 18:54:59 | 000,493,568 | ---- | M] (Microsoft Corporation) MD5=0D07E75030839CF4A0A0D854484A7FEF -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/15 18:54:59 | 000,493,568 | ---- | M] (Microsoft Corporation) MD5=0D07E75030839CF4A0A0D854484A7FEF -- C:\WINDOWS\SoftwareDistribution\Download\44efa6227a0729b233508b6f95c3fb71\winlogon.exe
[2008/04/15 18:54:59 | 000,493,568 | ---- | M] (Microsoft Corporation) MD5=0D07E75030839CF4A0A0D854484A7FEF -- C:\WINDOWS\system32\winlogon.exe
[2004/08/12 04:00:00 | 000,487,936 | ---- | M] (Microsoft Corporation) MD5=5A9C3615AF0188E61F25ACEDCD904C92 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 14:45:09 | 000,711,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 14:45:09 | 000,711,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 14:45:09 | 000,711,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 14:45:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 14:45:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 14:45:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google 瀏覽器\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google 瀏覽器\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google 瀏覽器\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google 瀏覽器\shell\open\command\\: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 14:45:09 | 000,711,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 14:45:09 | 000,711,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 14:45:09 | 000,711,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 14:45:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 14:45:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 14:45:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google 瀏覽器\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google 瀏覽器\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google 瀏覽器\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google 瀏覽器\shell\open\command\\: "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/08 11:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 19:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 17/11/2011 15:12:24 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Owner\桌面
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

247.30 Mb Total Physical Memory | 58.01 Mb Available Physical Memory | 23.46% Memory free
763.69 Mb Paging File | 283.33 Mb Available in Paging File | 37.10% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.49 Gb Total Space | 23.53 Gb Free Space | 33.38% Space Free | Partition Type: NTFS
Drive D: | 4.02 Gb Total Space | 0.24 Gb Free Space | 5.96% Space Free | Partition Type: FAT32

Computer Name: YOUR-B6B8C81848 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)
Directory [PlayList] -- "C:\Program Files\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"22462:TCP" = 22462:TCP:*:Enabled:Foxy (192.168.2.2:22462) 22462 TCP
"22462:UDP" = 22462:UDP:*:Enabled:Foxy (192.168.2.2:22462) 22462 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\Nexon\Common\Patcher.exe" = C:\Program Files\Nexon\Common\Patcher.exe:*:Enabled:Nexon Patcher -- (Nexon)
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS厙釐萇弝
"C:\Program Files\Foxy\Foxy.exe" = C:\Program Files\Foxy\Foxy.exe:*:Enabled:Foxy -- (Foxy, Inc.)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Program Files\Foxy\DcOo CS1.6\cstrike.exe" = C:\Program Files\Foxy\DcOo CS1.6\cstrike.exe:*:Enabled:Half-Life Launcher
"C:\Documents and Settings\Compaq_Owner\Application Data\SopCast\adv\SopAdver.exe" = C:\Documents and Settings\Compaq_Owner\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\Documents and Settings\Compaq_Owner\桌面\DcOo CS1.6 笢恅唳\cstrike.exe" = C:\Documents and Settings\Compaq_Owner\桌面\DcOo CS1.6 笢恅唳\cstrike.exe:*:Enabled:Half-Life Launcher
"C:\Documents and Settings\Compaq_Owner\My Documents\DcOo CS1.6 笢恅唳\cstrike.exe" = C:\Documents and Settings\Compaq_Owner\My Documents\DcOo CS1.6 笢恅唳\cstrike.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\Nakido\nakido.exe" = C:\Program Files\Nakido\nakido.exe:*:Enabled:Nakido
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Foxy\Download\DcOo CS1.6\cstrike.exe" = C:\Program Files\Foxy\Download\DcOo CS1.6\cstrike.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\MSNShell\Bin\engie.exe" = C:\Program Files\MSNShell\Bin\engie.exe:*:Enabled:MSNShell
"C:\Documents and Settings\Compaq_Owner\桌面\DcOo CS1.6\cstrike.exe" = C:\Documents and Settings\Compaq_Owner\桌面\DcOo CS1.6\cstrike.exe:*:Enabled:Half-Life Launcher
"C:\Documents and Settings\Compaq_Owner\My Documents\DcOo CS1.6\cstrike.exe" = C:\Documents and Settings\Compaq_Owner\My Documents\DcOo CS1.6\cstrike.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\Octoshape Streaming Services\Compaq_Owner\OctoshapeClient.exe" = C:\Program Files\Octoshape Streaming Services\Compaq_Owner\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe" = C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe:*:Enabled:HongKong Toolbar Manager Module -- (Hong Kong Commercial Broadcasting Co. Ltd.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 厙釐樓厒
"C:\Program Files\PPLive\PPLive.exe" = C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive
"C:\Program Files\PPLive\PPLiveU.exe" = C:\Program Files\PPLive\PPLiveU.exe:*:Enabled:PPLiveU
"C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\fgcn_548.exe" = C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\fgcn_548.exe:*:Enabled:fg_ol_silent
"C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe" = C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe:*:Enabled:PPAP
"C:\Program Files\PPLiveVA\PPLiveVA.exe" = C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:PPLiveVA
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\PPLive\PPTV\PPLiveU.exe" = C:\Program Files\PPLive\PPTV\PPLiveU.exe:*:Enabled:PPLiveU -- (PPLive Corporation)
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive -- (PPLive Corporation)
"C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\FunTown\FunTown\_agznewhk.exe" = C:\FunTown\FunTown\_agznewhk.exe:*:Enabled:AgzNew Autopatch Application -- ()
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
"C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe" = C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe:*:Enabled:MediaCenter
"C:\Program Files\360\360sd\LiveUpdate360.exe" = C:\Program Files\360\360sd\LiveUpdate360.exe:*:Enabled:LiveUpdate360
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe" = C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- (Gabest)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule
"C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe:*:Enabled:PPLiveVA
"C:\Program Files\PPLive\PPVA\PPLiveVA.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA.exe:*:Enabled:PPLiveVA
"C:\Program Files\PPLive\PPVA\FlvPick.exe" = C:\Program Files\PPLive\PPVA\FlvPick.exe:*:Enabled:FlvPick
"C:\Program Files\PPLive\PPVA\crashreporter.exe" = C:\Program Files\PPLive\PPVA\crashreporter.exe:*:Enabled:CrashUpload
"C:\Program Files\PPLive\PPVA\PPVADownload.exe" = C:\Program Files\PPLive\PPVA\PPVADownload.exe:*:Enabled:Download
"C:\Program Files\PPLive\PPVA\DownloadProgress.exe" = C:\Program Files\PPLive\PPVA\DownloadProgress.exe:*:Enabled:DownloadProgress
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP 裝置安裝 -- (Hewlett-Packard Co.)
"C:\Program Files\SogouExplorer\sogouexplorer.exe" = C:\Program Files\SogouExplorer\sogouexplorer.exe:*:Enabled:SogouExplorer
"C:\Program Files\KuaiKuai\KKGame\kkgame.exe" = C:\Program Files\KuaiKuai\KKGame\kkgame.exe:*:Enabled:快快游?
"C:\Program Files\TTPlayer\TTPlayer.exe" = C:\Program Files\TTPlayer\TTPlayer.exe:*:Enabled:千千?听 -- (Alen Soft)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\LittleFighter2\LF2_v2.0a\lf2.exe" = C:\Program Files\LittleFighter2\LF2_v2.0a\lf2.exe:*:Enabled:lf2
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\新資料夾\Steam.exe" = C:\Program Files\新資料夾\Steam.exe:*:Enabled:Steam
"C:\Documents and Settings\Compaq_Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Compaq_Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\Spyware Terminator\SpywareTerminator.exe" = C:\Program Files\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0C9B0475-F65F-45AB-8D88-2AE7C195E907}" = Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
"{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1" = Media Access Startup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1" = Internet Saving Optimizer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 上載工具
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226DED00-5B8B-4877-AEF6-C41E00B57E36}" = Windows Live Mail
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32D36E99-46CF-4C1B-B260-368202E0853D}" = Windows Live Call
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40D5E798-3DBC-4695-8CC3-45BEAF1C3941}" = Windows Live 影像中心
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows 筆記本檢視器
"{459DDD17-D825-4FBF-B437-693E7D44F5B3}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ADB6E0C-4831-4D04-A909-66C5A7B8E714}" = HP Deskjet 2050 J510 series 產品改善研究
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71414EC2-0684-4A15-A85A-E0E259D117AF}" = Microangelo Toolset 6
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7562546C-8E4A-423D-92A2-AAE3F9E0D883}" = MsTTS51Eng
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series 說明
"{84ACFFA3-56A2-4BD8-BEDA-7E34CBA0EF8C}" = HP Deskjet 2050 J510 series 基本裝置軟體
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0010-0404-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Chinese (Traditional)) 14
"{90140000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2010
"{90140000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2010
"{90140000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
"{90140000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
"{90140000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
"{90140000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2010
"{90140000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2010
"{90140000-00A1-0404-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A35682B-4C64-4F37-B1A0-3E21063C80DC}" = Windows Live Messenger
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1028-7B44-A94000000001}" = Adobe Reader 9.4.6 - Chinese Traditional
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{B47A9C26-F1D1-4498-A337-6C4C58F2E5E8}" = Microsoft Producer for Microsoft Office PowerPoint
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5096216-7703-409E-B85A-8A6EE7395128}}_is1" = System Search Dispatcher
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2711393-0008-45FD-9D60-6903AEC0F0FF}" = Windows Live Sync
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{F0466972-52CD-4032-ACE5-B7777AF62608}" = Microsoft Works
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F353BD3E-1BBC-491C-A0A7-A93D6B56FFD4}" = Windows Live 程式集
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows 驅動程式封裝 - Nokia Modem (11/03/2006 6.82.0.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows 驅動程式封裝 - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows 驅動程式封裝 - Nokia Modem (10/07/2010 4.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Premium
"BackWeb-6750491 Uninstaller" = Compaq Connections
"BitTorrent" = BitTorrent
"CdaC13Ba" = SafeCast Shared Components
"DcOo CS1.6笢恅唳_is1" = Counter Strike 1.6
"DivX Setup" = DivX 安裝
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows 驅動程式封裝 - Nokia Modem (06/09/2010 7.01.0.8)
"ESPN RunTime" = ESPN RunTime
"Foxy_is1" = Foxy v1.9.10
"FunTown_is1" = FunTown
"GTA San Andreas_is1" = 1.0
"Help and Support Additions" = Help and Support Additions
"Hong Kong Toolbar_is1" = Hong Kong Toolbar 5.0.1.7
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"igLoader_is1" = igLoader 2,0,0,2
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 zh-TW)" = Mozilla Firefox 6.0.2 (x86 zh-TW)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN 工具列
"NETVIGATOR BROADBAND" = NETVIGATOR BROADBAND
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia 電腦端套件
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa2" = Picasa 2
"PPLite" = PPLite 1.0.0.0028
"PPLive" = PPTV厙釐萇弝 V2.7.3.0009
"QHLive Player2.0" = QHLive Player
"RealAlt_is1" = Real Alternative 2.0.2
"Security Task Manager" = Security Task Manager 1.7h
"SopCast" = SopCast 3.2.4
"SpeedFan" = SpeedFan (remove only)
"TTPlayer" = 千千靜聽 5.7正式版
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live 程式集
"WinRAR archiver" = WinRAR 壓縮工具
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! 工具列
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-244719459-1331797888-486331773-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Draw 4 App" = Draw 4 App
"Google Chrome" = Google Chrome
"MilitaryGame App" = MilitaryGame App
"Notepad App" = Notepad App
"SwingSet2 App" = SwingSet2 App

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/9/2011 16:38:24 | Computer Name = YOUR-B6B8C81848 | Source = crypt32 | ID = 131080
Description = 從 <http://www.download....uthrootseq.txt>
自動更新廠商根清單順序數字發生失敗，錯誤: 已逾時，因此傳回此操作。

Error - 2/9/2011 20:54:22 | Computer Name = YOUR-B6B8C81848 | Source = crypt32 | ID = 131080
Description = 從 <http://www.download....uthrootseq.txt>
自動更新廠商根清單順序數字發生失敗，錯誤: 已逾時，因此傳回此操作。

Error - 2/9/2011 21:49:49 | Computer Name = YOUR-B6B8C81848 | Source = Application Error | ID = 1000
Description = 失敗的應用程式 ppap.exe，版本 3.0.0.5551，失敗的模組 peer.dll，版本 2.2.0.543，錯誤位址 0x0014af98。

Error - 2/9/2011 23:12:44 | Computer Name = YOUR-B6B8C81848 | Source = crypt32 | ID = 131080
Description = 從 <http://www.download....uthrootseq.txt>
自動更新廠商根清單順序數字發生失敗，錯誤: 已逾時，因此傳回此操作。

Error - 3/9/2011 10:42:03 | Computer Name = YOUR-B6B8C81848 | Source = Application Error | ID = 1000
Description = 失敗的應用程式 iexplore.exe，版本 8.0.6001.18702，失敗的模組 msctfime.ime，版本 5.1.2600.5768，錯誤位址
0x00012e39。

Error - 3/9/2011 11:50:58 | Computer Name = YOUR-B6B8C81848 | Source = Avira AntiVir | ID = 4112
Description = 向 Windows NT 系統要求資源的期間發生錯誤。 尚未配置資源 <ThreadInit>。 可能是由於記憶體不足的錯誤或其他系統失敗所造成。
傳回的錯誤代碼:0x18

Error - 4/9/2011 1:16:25 | Computer Name = YOUR-B6B8C81848 | Source = crypt32 | ID = 131080
Description = 從 <http://www.download....uthrootseq.txt>
自動更新廠商根清單順序數字發生失敗，錯誤: 已逾時，因此傳回此操作。

Error - 4/9/2011 7:21:36 | Computer Name = YOUR-B6B8C81848 | Source = crypt32 | ID = 131080
Description = 從 <http://www.download....uthrootseq.txt>
自動更新廠商根清單順序數字發生失敗，錯誤: 已逾時，因此傳回此操作。

Error - 4/9/2011 20:44:54 | Computer Name = YOUR-B6B8C81848 | Source = crypt32 | ID = 131080
Description = 從 <http://www.download....uthrootseq.txt>
自動更新廠商根清單順序數字發生失敗，錯誤: 已逾時，因此傳回此操作。

[ System Events ]
Error - 14/11/2011 22:37:04 | Computer Name = YOUR-B6B8C81848 | Source = Service Control Manager | ID = 7000
Description = Application Layer Gateway Service 服務無法啟動，因為發生下列錯誤: %%1053

Error - 14/11/2011 22:50:23 | Computer Name = YOUR-B6B8C81848 | Source = Service Control Manager | ID = 7022
Description = Avira AntiVir Guard 服務在啟動時暫停。

Error - 14/11/2011 22:50:23 | Computer Name = YOUR-B6B8C81848 | Source = Service Control Manager | ID = 7001
Description = Avira AntiVir MailGuard 服務依存的 Avira AntiVir Guard 服務因為發生下列錯誤而無法啟動:
%%1070

Error - 14/11/2011 22:50:23 | Computer Name = YOUR-B6B8C81848 | Source = Service Control Manager | ID = 7001
Description = Avira AntiVir WebGuard 服務依存的 Avira AntiVir Guard 服務因為發生下列錯誤而無法啟動:
%%1070

Error - 16/11/2011 0:39:14 | Computer Name = YOUR-B6B8C81848 | Source = Service Control Manager | ID = 7022
Description = Avira AntiVir Guard 服務在啟動時暫停。

Error - 16/11/2011 0:39:14 | Computer Name = YOUR-B6B8C81848 | Source = Service Control Manager | ID = 7001
Description = Avira AntiVir MailGuard 服務依存的 Avira AntiVir Guard 服務因為發生下列錯誤而無法啟動:
%%1070

Error - 16/11/2011 0:39:14 | Computer Name = YOUR-B6B8C81848 | Source = Service Control Manager | ID = 7001
Description = Avira AntiVir WebGuard 服務依存的 Avira AntiVir Guard 服務因為發生下列錯誤而無法啟動:
%%1070

Error - 16/11/2011 23:34:45 | Computer Name = YOUR-B6B8C81848 | Source = Service Control Manager | ID = 7022
Description = Avira AntiVir Guard 服務在啟動時暫停。

Error - 16/11/2011 23:34:45 | Computer Name = YOUR-B6B8C81848 | Source = Service Control Manager | ID = 7001
Description = Avira AntiVir MailGuard 服務依存的 Avira AntiVir Guard 服務因為發生下列錯誤而無法啟動:
%%1070

Error - 16/11/2011 23:34:45 | Computer Name = YOUR-B6B8C81848 | Source = Service Control Manager | ID = 7001
Description = Avira AntiVir WebGuard 服務依存的 Avira AntiVir Guard 服務因為發生下列錯誤而無法啟動:
%%1070


< End of report >

[CompCav]

Step 1.

Rerun RogueKiller

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


Step 2.

OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :OTL
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
  FF - prefs.js..extensions.enabledItems: [email protected]:1.0
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll File not found
  O3 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O3 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-21-244719459-1331797888-486331773-1007\..\Toolbar\WebBrowser: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll File not found
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\Run: [VTTimer] VTTimer.exe File not found
  O4 - HKU\S-1-5-21-244719459-1331797888-486331773-1007..\Run: [BoontyBox] File not found
  O4 - HKU\S-1-5-21-244719459-1331797888-486331773-1007..\Run: [Steam] "C:\Program Files\新資料夾\Steam.exe" -silent File not found
  O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\祔襠紱攫忒.lnk = File not found
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.0.cab (Reg Error: Key error.)
  O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://download.tvan.../cab/tvants.cab (Reg Error: Key error.)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
  O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
  [2011/11/06 23:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\「開始」功能表\程式集\System Restore
  [2011/11/06 23:22:22 | 000,353,280 | ---- | C] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
  [2011/11/06 23:20:56 | 000,466,944 | --S- | C] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\kuRLTCDnyhmgyh.exe
  [2011/11/06 23:18:58 | 000,462,848 | --S- | C] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\EMSTOQkqCSJFM.exe
  [2011/11/17 14:00:30 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
  [2011/11/17 11:31:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
  [2011/11/16 20:40:04 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
  [2011/11/16 17:12:11 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
  [2011/11/16 10:10:05 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
  [2011/11/10 18:01:38 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
  [2011/11/10 18:01:37 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
  [2011/11/10 17:50:53 | 000,499,712 | --S- | M] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\ItjhoTuqFV.exe
  [2011/11/07 14:37:55 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
  [2011/11/06 23:52:21 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
  [2011/11/06 23:22:23 | 000,353,280 | ---- | M] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
  [2011/11/06 23:20:22 | 000,466,944 | --S- | M] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\kuRLTCDnyhmgyh.exe
  [2011/11/06 23:18:21 | 000,462,848 | --S- | M] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\EMSTOQkqCSJFM.exe
  @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040
  @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
  
  
  :Files
  ipconfig /flushdns /c
  xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
  xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
  xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
  xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
  at*.job
  
  
  
  :Commands
  [purity]
  [resethosts]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 3.

Have all your icons and files been restored? If so skip to step 4.

If not then please do the following steps:

Download and run the following program:

unhide.exe

Then, Set Explorer to Defaults:

Right-click your Start button and go to "Explore".
Select Tools from the menu
Select Folder Options
Select the View tab
Click on Restore Defaults
Select Apply to All Folders | Yes | Apply | OK.


Step 4.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks





When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now



Step 5.

Run TDSSKiller

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
• Click the Start Scan button.
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 6.

Please post:

RkReport.txt
OTL fix log
Combofix.txt
TDSSKiller log


Are all your menu items, desktop icons and files restored?

What problems are you still having?

[harrykewell]

Yes. Actually the desktop icons and files are restored, but the menu is still missing the 'Control panel' and something more.--->Like this

Also, when ComboFix is running, the Avira AntiVirus pop up some message(something like detected some bad things and ask me block or skip it) few times. But i'm sure that i have already disable the AntiVirus program.

After i choose skip the message, explorer.exe was closed and the computer was freeze, so i reboot the computer.

Should i re-run combofix? My logs are at the below. Thanks for your help!

RogueKiller V6.1.9 [11/16/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Compaq_Owner [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/18/2011 14:45:50

中?Bad processes: 0 中?

中?Driver: [LOADED] 中?

中?File attributes restored: 中?
Desktop: Success 0 / Fail 2
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 20 / Fail 2
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 16 / Fail 2
Backup: [FOUND] Success 0 / Fail 167

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

中?Infection : Fake HDD 中?

Finished : << RKreport[1].txt >>
RKreport[1].txt

========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-244719459-1331797888-486331773-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-244719459-1331797888-486331773-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-244719459-1331797888-486331773-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-244719459-1331797888-486331773-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VTTimer deleted successfully.
Registry value HKEY_USERS\S-1-5-21-244719459-1331797888-486331773-1007\Software\Microsoft\Windows\CurrentVersion\Run\\BoontyBox deleted successfully.
Registry value HKEY_USERS\S-1-5-21-244719459-1331797888-486331773-1007\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\祔襠紱攫忒.lnk moved successfully.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\WINDOWS\Downloaded Program Files\QTPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.0.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Starting removal of ActiveX control {4C833081-D026-4FF8-968F-7EAB660D2FBA}
C:\WINDOWS\Downloaded Program Files\SETUP.INF moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4C833081-D026-4FF8-968F-7EAB660D2FBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C833081-D026-4FF8-968F-7EAB660D2FBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4C833081-D026-4FF8-968F-7EAB660D2FBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C833081-D026-4FF8-968F-7EAB660D2FBA}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\Compaq_Owner\「開始」功能表\程式集\System Restore folder moved successfully.
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\kuRLTCDnyhmgyh.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\EMSTOQkqCSJFM.exe moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\PCConfidential.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr moved successfully.
C:\Documents and Settings\All Users\Application Data\ItjhoTuqFV.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.
File C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe not found.
File C:\Documents and Settings\All Users\Application Data\kuRLTCDnyhmgyh.exe not found.
File C:\Documents and Settings\All Users\Application Data\EMSTOQkqCSJFM.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Compaq_Owner\桌面\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Owner\桌面\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Program Updates.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\設定程式存取及預設值.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Adobe Reader 9.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office PowerPoint Viewer 2003.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Works 工作總管.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Poladroid 0.9.6r0.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Windows Messenger.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Windows 筆記本檢視器.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\WordPad.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Avira\AntiVir Desktop\AntiVir 說明.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Avira\AntiVir Desktop\網際網路上的 AntiVir.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Avira\AntiVir Desktop\開始 AntiVir.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Avira\AntiVir Desktop\顯示讀我檔案.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\DivX Plus\DivX Plus Converter.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\DivX Plus\DivX Plus Player.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\DivX Plus\DivX 支援.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\DivX Plus\檢查是否存在 更新.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\DivX Plus\為什麼購買 DivX Pro.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\DivX Plus\編碼器設定.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\DivX Plus\註冊產品.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\DivX Plus\郵政DivX視頻到您的網站.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\GridinSoft\GridinSoft Inc. on the Web.url
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\GridinSoft\Trojan Killer on the Web.url
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\GridinSoft\Trojan Killer.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\GTA San Andreas\GTA San Andreas.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\GTA San Andreas\uninstall.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP 更新.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP Deskjet 2050 J510 series\HP Deskjet 2050 J510 series.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP Deskjet 2050 J510 series\HP Scan.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP Deskjet 2050 J510 series\HP 產品改善研究.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP Deskjet 2050 J510 series\產品支援網站.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP Deskjet 2050 J510 series\解除安裝.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP Deskjet 2050 J510 series\說明.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP Deskjet 2050 J510 series\購買耗材.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP Deskjet 2050 J510 series\連接新的印表機.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP Photo Creations\HP Photo Creations.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\HP\HP Photo Creations\解除安裝 HP Photo Creations.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microangelo Toolset 6\Microangelo Animator.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microangelo Toolset 6\Microangelo Explorer.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microangelo Toolset 6\Microangelo Librarian.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microangelo Toolset 6\Microangelo Studio.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microangelo Toolset 6\Microangelo Toolset Help.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office\Microsoft Excel 2010.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office\Microsoft PowerPoint 2010.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office\Microsoft Producer for PowerPoint.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office\Microsoft Word 2010.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office\Microsoft Office 2010 工具\Microsoft Office 2010 上傳中心.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office\Microsoft Office 2010 工具\Microsoft Office 2010 語言喜好設定.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office\Microsoft Office 2010 工具\Microsoft Office Picture Manager.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office\Microsoft Office 2010 工具\Microsoft 多媒體藝廊.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office\Microsoft Office 2010 工具\Office Anytime Upgrade.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Microsoft Office\Microsoft Office 2010 工具\VBA Project 數位憑證.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\Compaq 復原工具 CD.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\Compaq 應用程式復原.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\Compaq 支援資訊.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\Compaq 系統復原.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\Compaq 電腦系統復原 CD-DVD 製作程式.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\安全與舒適指南.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\系統還原.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\軟體修理精靈.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\Compaq Connections\Compaq Connections.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\Compaq Connections\停用 Compaq Connections.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PC 說明和工具\Compaq Connections\關於「Compaq 連結」 (Compaq Connections).lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PPLive\PPTV 厙釐萇弝.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PPLive\PPTV厙桴.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\PPLive\迠婥 PPTV.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Sony Ericsson\Sony Ericsson PC Companion\Sony Ericsson PC Companion 2.0.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Sony Ericsson\Sony Ericsson PC Companion\www.sonyericsson.com.url
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Sony Ericsson\Sony Ericsson PC Companion\解除安裝.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Steam\Steam Support Center.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Steam\Steam.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Windows Live\Windows Live Call.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Windows Live\Windows Live Mail.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Windows Live\Windows Live Messenger .lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Windows Live\Windows Live Messenger.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Windows Live\Windows Live Writer.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\Windows Live\Windows Live 影像中心.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\啟動\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\啟動\祔襠紱攫忒.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\戲谷娛樂館\戲谷娛樂館.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\戲谷娛樂館\移除戲谷娛樂館.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\系統管理工具\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\系統管理工具\Microsoft .NET Framework 1.1 精靈.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\系統管理工具\Microsoft .NET Framework 1.1 組態.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\系統管理工具\事件檢視器.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\系統管理工具\元件服務.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\系統管理工具\效能.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\系統管理工具\服務.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\系統管理工具\資料來源 (ODBC).lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\系統管理工具\電腦管理.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\遊樂場\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\遊樂場\網際網路傷心小棧.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\遊樂場\網際網路西式拱豬.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\遊樂場\網際網路西洋棋.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\遊樂場\網際網路西洋骰子棋.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\遊樂場\網際網路黑白棋.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\Scanner and Camera Wizard.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\小畫家.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\小算盤.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\相關字詞編輯工具.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通用輸入法編輯工具.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遠端桌面連線.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\協助工具\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\協助工具\協助工具精靈.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\娛樂\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\娛樂\錄音機.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\娛樂\音量控制.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\系統工具\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\系統工具\字元對應表.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\系統工具\排定的工作.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\系統工具\檔案及設定轉移精靈.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\系統工具\清理磁碟.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\系統工具\磁碟重組工具.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\系統工具\系統資訊.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\系統工具\系統還原.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\系統工具\資訊安全中心.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通訊\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通訊\新增連線精靈.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通訊\無線網路安裝精靈.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通訊\網路安裝精靈.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通訊\網路連線.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通訊\超級終端機.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通訊\傳真\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通訊\傳真\傳真主控台.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通訊\傳真\傳真封面頁編輯器.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\通訊\傳真\傳送傳真....lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\傷心小棧.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\彈珠台.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\接龍.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\新接龍.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\網際網路傷心小棧.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\網際網路西式拱豬.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\網際網路西洋棋.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\網際網路西洋骰子棋.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\網際網路黑白棋.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\踩地雷.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\1\程式集\附屬應用程式\遊樂場\連環新接龍.lnk
複製 144 個檔案
C:\Documents and Settings\Compaq_Owner\桌面\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Owner\桌面\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\BitTorrent.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\DcOo CS1.6 笢恅唳.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\DcOo CS1.6.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Foxy.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Internet Explorer.bestie
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\iTunes.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Picasa2.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Poladroid 9.6.0.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\PPStream.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\PPTV 厙釐萇弝.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\QuickTime Player.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\System Restore.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\啟動 Internet Explorer 瀏覽器.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\谷歌??器.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\2\顯示桌面.scf
複製 19 個檔案
C:\Documents and Settings\Compaq_Owner\桌面\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Owner\桌面\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
複製 0 個檔案
C:\Documents and Settings\Compaq_Owner\桌面\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Owner\桌面\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\4\Adobe Reader 9.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\4\PPTV.lnk
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\4\Sony Ericsson PC Companion 2.0.lnk
複製 4 個檔案
C:\Documents and Settings\Compaq_Owner\桌面\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Owner\桌面\cmd.txt deleted successfully.
File\Folder at*.job not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 3550083 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 3.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_150259

Edited by harrykewell, 18 November 2011 - 02:23 AM.

[CompCav]

Thank you for the information.

Also, when ComboFix is running, the Avira AntiVirus pop up some message(something like detected some bad things and ask me block or skip it) few times. But i'm sure that i have already disable the AntiVirus program.

After i choose skip the message, explorer.exe was closed and the computer was freeze, so i reboot the computer.

Should i re-run combofix? My logs are at the below. Thanks for your help!

Please make sure Avira is completely disabled!

Information on disabling is here

Then re run ComboFix, your desktop will go blank behind it and it will take some time to run, just be patient.

Yes. Actually the desktop icons and files are restored, but the menu is still missing the 'Control panel' and something more.--->Like this

I will prepare a fix for this while you run ComboFix.

Edited by CompCav, 18 November 2011 - 07:16 AM.

[harrykewell]

Comcav,

Sorry for not reply you this few days. I've got some trouble again.

I have no AntiVirus message pop up this time. But when combofix is running autoscan, my cursor cant move... cant open the browser...

Is it regular? Or just have to be patient and wait for it.

Thanks for your help once again!

Harry Kewell.

Edited by harrykewell, 22 November 2011 - 05:41 AM.

[CompCav]

During the ComboFix run you should not be moving the cursor over the box that ComboFix opens and you should not be using the computer for anything else. ComboFix should be the only thing running. I noted this in the instructions and always when running a tool you should refrain from running other programs or doing other tasks on the computer. It is not unusual for the mouse to freeze just make sure it is not hovering over the ComboFix box when you launch ComboFix.

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.


A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.



If it locks up when you are careful and following these instructions then try to run it in safe mode.

Just reboot your computer and start tapping the F8 key. Select safe mode and launch ComboFix in safe mode. If you have to do this stay with the computer because when ComboFix reboots you need to be there to again put the computer in Safe Mode for it to complete.

Here are some detailed screens on getting into safe mode if you need them

Edited by CompCav, 22 November 2011 - 07:22 AM.

[harrykewell]

Compcav,

Sorry but im quite busy and have no much time to do the scan when i back home.

So i did the scan on this holiday morning. Even i have already follow the instruction,

not touch anything when it was scanning and wait it for an hour,

but i saw the the program seems not running. So i run it in safe mode, but it has no different...

the clock was stopped at 14:00, but actually it was 15:00 already. I can just post the TDSSKiller log for you

Feel sorry for that.

Harry Kewell.

15:12:50.0921 1728 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
15:12:52.0937 1728 ============================================================
15:12:52.0937 1728 Current date / time: 2011/11/26 15:12:52.0937
15:12:52.0937 1728 SystemInfo:
15:12:52.0937 1728
15:12:52.0968 1728 OS Version: 5.1.2600 ServicePack: 3.0
15:12:52.0968 1728 Product type: Workstation
15:12:52.0968 1728 ComputerName: YOUR-B6B8C81848
15:12:52.0968 1728 UserName: Compaq_Owner
15:12:52.0968 1728 Windows directory: C:\WINDOWS
15:12:52.0968 1728 System windows directory: C:\WINDOWS
15:12:52.0968 1728 Processor architecture: Intel x86
15:12:52.0968 1728 Number of processors: 1
15:12:52.0968 1728 Page size: 0x1000
15:12:52.0968 1728 Boot type: Normal boot
15:12:52.0968 1728 ============================================================
15:13:01.0875 1728 Initialize success
15:14:29.0140 1124 ============================================================
15:14:29.0156 1124 Scan started
15:14:29.0156 1124 Mode: Manual; SigCheck; TDLFS;
15:14:29.0156 1124 ============================================================
15:14:34.0125 1124 Abiosdsk - ok
15:14:34.0734 1124 abp480n5 - ok
15:14:36.0312 1124 ACPI (f0f77b58315294b11a142425a31d2a91) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:14:43.0406 1124 ACPI - ok
15:14:44.0015 1124 ACPIEC (619410be0b33801f0fa0ad994b153cb4) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:14:44.0906 1124 ACPIEC - ok
15:14:45.0156 1124 adpu160m - ok
15:14:45.0281 1124 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:14:45.0765 1124 aec - ok
15:14:46.0046 1124 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:14:46.0312 1124 AFD - ok
15:14:46.0484 1124 Aha154x - ok
15:14:46.0515 1124 aic78u2 - ok
15:14:46.0531 1124 aic78xx - ok
15:14:46.0562 1124 AliIde - ok
15:14:46.0625 1124 AmdK7 (48fdc0dc691cb2d3c487d2a3543a9f41) C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:14:46.0937 1124 AmdK7 - ok
15:14:47.0125 1124 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
15:14:47.0265 1124 AmdLLD - ok
15:14:47.0578 1124 amsint - ok
15:14:48.0109 1124 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:14:48.0625 1124 Arp1394 - ok
15:14:49.0015 1124 asc - ok
15:14:49.0375 1124 asc3350p - ok
15:14:49.0625 1124 asc3550 - ok
15:14:50.0109 1124 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:14:50.0390 1124 AsyncMac - ok
15:14:50.0578 1124 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:14:50.0812 1124 atapi - ok
15:14:50.0875 1124 Atdisk - ok
15:14:50.0921 1124 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:14:51.0140 1124 Atmarpc - ok
15:14:51.0187 1124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:14:51.0406 1124 audstub - ok
15:14:51.0562 1124 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:14:51.0718 1124 avgio - ok
15:14:51.0906 1124 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:14:57.0187 1124 avgntflt - ok
15:14:57.0390 1124 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:14:57.0453 1124 avipbb - ok
15:14:57.0531 1124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:14:57.0734 1124 Beep - ok
15:14:57.0921 1124 catchme - ok
15:14:58.0125 1124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:14:58.0375 1124 cbidf2k - ok
15:14:58.0437 1124 cd20xrnt - ok
15:14:58.0500 1124 CdaC15BA (08f60f40d1a2a95a1f12eddbd9f25c1c) C:\WINDOWS\system32\drivers\CdaC15BA.SYS
15:14:58.0578 1124 CdaC15BA ( UnsignedFile.Multi.Generic ) - warning
15:14:58.0578 1124 CdaC15BA - detected UnsignedFile.Multi.Generic (1)
15:14:58.0734 1124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:14:58.0937 1124 Cdaudio - ok
15:14:59.0031 1124 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:14:59.0265 1124 Cdfs - ok
15:14:59.0296 1124 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:14:59.0484 1124 Cdrom - ok
15:14:59.0578 1124 cFosNT (08e663e8f17ed640f61024dcf36ee075) C:\WINDOWS\System32\Drivers\cFosNT.sys
15:14:59.0687 1124 cFosNT ( UnsignedFile.Multi.Generic ) - warning
15:14:59.0687 1124 cFosNT - detected UnsignedFile.Multi.Generic (1)
15:14:59.0843 1124 Changer - ok
15:14:59.0906 1124 CmdIde - ok
15:14:59.0968 1124 Cpqarray - ok
15:15:00.0125 1124 cpuz132 - ok
15:15:00.0203 1124 dac2w2k - ok
15:15:00.0250 1124 dac960nt - ok
15:15:00.0296 1124 ddsxeiservice - ok
15:15:00.0390 1124 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:15:00.0593 1124 Disk - ok
15:15:00.0781 1124 dmboot (5f7cda0fb67900e82127a7249f08a8b0) C:\WINDOWS\system32\drivers\dmboot.sys
15:15:01.0109 1124 dmboot - ok
15:15:01.0296 1124 dmio (7f871791c3fc53b6e8e6c804820a8deb) C:\WINDOWS\system32\drivers\dmio.sys
15:15:01.0562 1124 dmio - ok
15:15:01.0828 1124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:15:02.0062 1124 dmload - ok
15:15:02.0234 1124 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:15:02.0437 1124 DMusic - ok
15:15:02.0468 1124 dpti2o - ok
15:15:02.0531 1124 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:15:02.0718 1124 drmkaud - ok
15:15:02.0781 1124 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:15:03.0015 1124 Fastfat - ok
15:15:03.0078 1124 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:15:03.0296 1124 Fdc - ok
15:15:03.0359 1124 Fips (9f124bb47b9a5973e4f025926af1be49) C:\WINDOWS\system32\drivers\Fips.sys
15:15:03.0593 1124 Fips - ok
15:15:03.0718 1124 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:15:03.0937 1124 Flpydisk - ok
15:15:03.0984 1124 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:15:04.0187 1124 FltMgr - ok
15:15:04.0421 1124 FsVga (10a80a866a41490a43fdcccfeef0dce4) C:\WINDOWS\system32\DRIVERS\fsvga.sys
15:15:04.0609 1124 FsVga - ok
15:15:04.0656 1124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:15:04.0859 1124 Fs_Rec - ok
15:15:04.0906 1124 Ftdisk (de92525813b461317e95221a2a0d49ca) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:15:05.0156 1124 Ftdisk - ok
15:15:05.0203 1124 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:15:05.0500 1124 Gpc - ok
15:15:05.0562 1124 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:15:05.0812 1124 HDAudBus - ok
15:15:06.0015 1124 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:15:06.0203 1124 HidUsb - ok
15:15:06.0265 1124 hpn - ok
15:15:06.0390 1124 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:15:06.0593 1124 HTTP - ok
15:15:06.0859 1124 i2omgmt - ok
15:15:06.0890 1124 i2omp - ok
15:15:06.0984 1124 i8042prt (5c97e366c9cae77205966f04f554406b) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:15:07.0187 1124 i8042prt - ok
15:15:07.0312 1124 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:15:07.0515 1124 ialm - ok
15:15:07.0765 1124 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:15:07.0984 1124 Imapi - ok
15:15:08.0078 1124 ini910u - ok
15:15:08.0218 1124 IntcAzAudAddService (eafd29c7918325b45e0dabafd82ef75f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:15:08.0515 1124 IntcAzAudAddService - ok
15:15:08.0656 1124 IntelIde (00e080cc97d355f1962f410f31ab8077) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:15:08.0859 1124 IntelIde - ok
15:15:08.0906 1124 intelppm (2a416395b55933ad87e97ee0b1a32d27) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:15:09.0093 1124 intelppm - ok
15:15:09.0171 1124 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:15:09.0390 1124 Ip6Fw - ok
15:15:09.0453 1124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:15:09.0671 1124 IpFilterDriver - ok
15:15:09.0828 1124 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:15:10.0031 1124 IpInIp - ok
15:15:10.0078 1124 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:15:10.0312 1124 IpNat - ok
15:15:10.0359 1124 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:15:10.0546 1124 IPSec - ok
15:15:10.0593 1124 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:15:10.0781 1124 IRENUM - ok
15:15:10.0812 1124 isapnp (0bc81e31075989c89e0328cf94e75d61) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:15:11.0015 1124 isapnp - ok
15:15:11.0062 1124 Kbdclass (781a83ee8d53443539e54d4743437196) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:15:11.0250 1124 Kbdclass - ok
15:15:11.0296 1124 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:15:11.0546 1124 kmixer - ok
15:15:11.0593 1124 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:15:11.0718 1124 KSecDD - ok
15:15:11.0937 1124 lbrtfdc - ok
15:15:12.0015 1124 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
15:15:12.0078 1124 mcdbus ( UnsignedFile.Multi.Generic ) - warning
15:15:12.0078 1124 mcdbus - detected UnsignedFile.Multi.Generic (1)
15:15:12.0140 1124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:15:12.0359 1124 mnmdd - ok
15:15:12.0453 1124 Modem (cf73e8aa9b3679a7dc456e12b4047e1a) C:\WINDOWS\system32\drivers\Modem.sys
15:15:12.0656 1124 Modem - ok
15:15:12.0718 1124 Mouclass (4f970d7b5ff265c830142c12d5164991) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:15:12.0906 1124 Mouclass - ok
15:15:12.0953 1124 mouhid (44cacbcea57a1a1dc44f1454d033178c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:15:13.0140 1124 mouhid - ok
15:15:13.0203 1124 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:15:13.0375 1124 MountMgr - ok
15:15:13.0390 1124 mraid35x - ok
15:15:13.0437 1124 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:15:13.0656 1124 MRxDAV - ok
15:15:13.0750 1124 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:15:13.0937 1124 MRxSmb - ok
15:15:14.0156 1124 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:15:14.0343 1124 Msfs - ok
15:15:14.0375 1124 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:15:14.0546 1124 MSKSSRV - ok
15:15:14.0609 1124 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:15:14.0796 1124 MSPCLOCK - ok
15:15:14.0828 1124 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:15:15.0046 1124 MSPQM - ok
15:15:15.0078 1124 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:15:15.0281 1124 mssmbios - ok
15:15:15.0453 1124 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:15:15.0562 1124 Mup - ok
15:15:15.0656 1124 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:15:15.0843 1124 NDIS - ok
15:15:15.0890 1124 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:15:15.0984 1124 NdisTapi - ok
15:15:16.0046 1124 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:15:16.0234 1124 Ndisuio - ok
15:15:16.0296 1124 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:15:16.0484 1124 NdisWan - ok
15:15:16.0546 1124 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:15:16.0687 1124 NDProxy - ok
15:15:16.0875 1124 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:15:17.0062 1124 NetBIOS - ok
15:15:17.0109 1124 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:15:17.0296 1124 NetBT - ok
15:15:17.0375 1124 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:15:17.0562 1124 NIC1394 - ok
15:15:17.0625 1124 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
15:15:17.0937 1124 nmwcd - ok
15:15:18.0109 1124 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
15:15:18.0265 1124 nmwcdc - ok
15:15:18.0328 1124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:15:18.0515 1124 Npfs - ok
15:15:18.0593 1124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:15:18.0859 1124 Ntfs - ok
15:15:18.0937 1124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:15:19.0140 1124 Null - ok
15:15:19.0171 1124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:15:19.0375 1124 NwlnkFlt - ok
15:15:19.0406 1124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:15:19.0609 1124 NwlnkFwd - ok
15:15:19.0656 1124 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:15:19.0859 1124 ohci1394 - ok
15:15:19.0953 1124 Parport (2665738bbc2167dac4f7624e91714034) C:\WINDOWS\system32\DRIVERS\parport.sys
15:15:20.0140 1124 Parport - ok
15:15:20.0171 1124 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:15:20.0375 1124 PartMgr - ok
15:15:20.0406 1124 ParVdm (3d531ced44f72ef076ff795c001aa9f8) C:\WINDOWS\system32\drivers\ParVdm.sys
15:15:20.0625 1124 ParVdm - ok
15:15:20.0671 1124 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
15:15:20.0765 1124 pccsmcfd - ok
15:15:20.0843 1124 PCI (b60f8943711a08dc958f1b3795d7119b) C:\WINDOWS\system32\DRIVERS\pci.sys
15:15:21.0062 1124 PCI - ok
15:15:21.0078 1124 PCIDump - ok
15:15:21.0125 1124 PCIIde (ac2184c04a60148445a6a7d31c1e8c4f) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:15:21.0312 1124 PCIIde - ok
15:15:21.0343 1124 Pcmcia (27be6ff1e22da3cffbff1ee3cddd89dd) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:15:21.0531 1124 Pcmcia - ok
15:15:21.0546 1124 PDCOMP - ok
15:15:21.0562 1124 PDFRAME - ok
15:15:21.0578 1124 PDRELI - ok
15:15:21.0609 1124 PDRFRAME - ok
15:15:21.0625 1124 perc2 - ok
15:15:21.0640 1124 perc2hib - ok
15:15:21.0765 1124 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:15:21.0953 1124 PptpMiniport - ok
15:15:22.0015 1124 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
15:15:22.0093 1124 Ps2 - ok
15:15:22.0171 1124 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:15:22.0375 1124 PSched - ok
15:15:22.0406 1124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:15:22.0609 1124 Ptilink - ok
15:15:22.0671 1124 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:15:22.0718 1124 PxHelp20 - ok
15:15:22.0750 1124 ql1080 - ok
15:15:22.0796 1124 Ql10wnt - ok
15:15:22.0828 1124 ql12160 - ok
15:15:22.0843 1124 ql1240 - ok
15:15:22.0859 1124 ql1280 - ok
15:15:22.0921 1124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:15:23.0109 1124 RasAcd - ok
15:15:23.0187 1124 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:15:23.0359 1124 Rasl2tp - ok
15:15:23.0406 1124 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:15:23.0578 1124 RasPppoe - ok
15:15:23.0656 1124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:15:23.0828 1124 Raspti - ok
15:15:23.0890 1124 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:15:24.0093 1124 Rdbss - ok
15:15:24.0156 1124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:15:24.0328 1124 RDPCDD - ok
15:15:24.0406 1124 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:15:24.0531 1124 RDPWD - ok
15:15:24.0593 1124 redbook (6f4819152b79b034d74355e0aec029fd) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:15:24.0781 1124 redbook - ok
15:15:24.0859 1124 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:15:25.0046 1124 ROOTMODEM - ok
15:15:25.0109 1124 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
15:15:25.0312 1124 rtl8139 - ok
15:15:25.0875 1124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:15:26.0093 1124 Secdrv - ok
15:15:26.0312 1124 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:15:26.0500 1124 serenum - ok
15:15:26.0531 1124 Serial (7bed99aa723319389c934447bcae93a1) C:\WINDOWS\system32\DRIVERS\serial.sys
15:15:26.0718 1124 Serial - ok
15:15:26.0781 1124 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:15:26.0968 1124 Sfloppy - ok
15:15:27.0015 1124 Simbad - ok
15:15:27.0062 1124 SiS315 (020467b4ee7f73c304943bf0e3e4d526) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
15:15:27.0171 1124 SiS315 - ok
15:15:27.0406 1124 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
15:15:27.0531 1124 SISAGP - ok
15:15:27.0593 1124 SiSkp (02960a9c3f4e5178edbd9c0d2d995b3b) C:\WINDOWS\system32\DRIVERS\srvkp.sys
15:15:27.0656 1124 SiSkp - ok
15:15:27.0703 1124 Sparrow - ok
15:15:27.0750 1124 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:15:27.0937 1124 splitter - ok
15:15:28.0015 1124 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
15:15:28.0015 1124 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
15:15:28.0015 1124 sptd ( LockedFile.Multi.Generic ) - warning
15:15:28.0015 1124 sptd - detected LockedFile.Multi.Generic (1)
15:15:28.0046 1124 sr (d9c8f57aa380fa3d2332847071be50f0) C:\WINDOWS\system32\DRIVERS\sr.sys
15:15:28.0250 1124 sr - ok
15:15:28.0328 1124 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:15:28.0453 1124 Srv - ok
15:15:28.0671 1124 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:15:28.0703 1124 ssmdrv - ok
15:15:28.0781 1124 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:15:28.0953 1124 swenum - ok
15:15:28.0984 1124 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:15:29.0156 1124 swmidi - ok
15:15:29.0250 1124 symc810 - ok
15:15:29.0265 1124 symc8xx - ok
15:15:29.0312 1124 SYMDNS (1f0a3f93fecba6e873e75ac34538708b) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
15:15:29.0359 1124 SYMDNS - ok
15:15:29.0453 1124 SymEvent (b6020caf9ea58532dd78490a3f28ead2) C:\Program Files\Symantec\SYMEVENT.SYS
15:15:29.0546 1124 SymEvent - ok
15:15:29.0687 1124 SYMFW (ca212638c07f7a1736667319589f416e) C:\WINDOWS\System32\Drivers\SYMFW.SYS
15:15:29.0734 1124 SYMFW - ok
15:15:29.0765 1124 SYMIDS (83a0415ab669afe9f2b7fccc52f23153) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
15:15:29.0812 1124 SYMIDS - ok
15:15:29.0953 1124 SYMIDSCO (5305a07091e7631be3ff11bbb43004f7) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20051122.048\symidsco.sys
15:15:30.0015 1124 SYMIDSCO - ok
15:15:30.0187 1124 SYMNDIS (2a8ebb694d702d91d8046b31c3da2220) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
15:15:30.0250 1124 SYMNDIS - ok
15:15:30.0281 1124 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
15:15:30.0609 1124 SYMREDRV - ok
15:15:30.0796 1124 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
15:15:30.0859 1124 SYMTDI - ok
15:15:30.0890 1124 sym_hi - ok
15:15:30.0906 1124 sym_u3 - ok
15:15:30.0953 1124 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:15:31.0140 1124 sysaudio - ok
15:15:31.0250 1124 Tcpip (a29e1209f925a0e9b330e11da5fc7bab) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:15:31.0359 1124 Tcpip ( UnsignedFile.Multi.Generic ) - warning
15:15:31.0359 1124 Tcpip - detected UnsignedFile.Multi.Generic (1)
15:15:31.0718 1124 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:15:31.0906 1124 TDPIPE - ok
15:15:31.0984 1124 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:15:32.0171 1124 TDTCP - ok
15:15:32.0234 1124 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:15:32.0437 1124 TermDD - ok
15:15:32.0484 1124 TosIde - ok
15:15:32.0546 1124 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
15:15:32.0593 1124 TrueSight ( UnsignedFile.Multi.Generic ) - warning
15:15:32.0593 1124 TrueSight - detected UnsignedFile.Multi.Generic (1)
15:15:32.0656 1124 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:15:32.0859 1124 Udfs - ok
15:15:32.0875 1124 ultra - ok
15:15:32.0953 1124 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:15:33.0156 1124 Update - ok
15:15:33.0265 1124 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
15:15:33.0359 1124 upperdev - ok
15:15:33.0437 1124 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:15:33.0625 1124 usbccgp - ok
15:15:33.0687 1124 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:15:33.0859 1124 usbehci - ok
15:15:33.0937 1124 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:15:34.0109 1124 usbhub - ok
15:15:34.0156 1124 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:15:34.0343 1124 usbohci - ok
15:15:34.0390 1124 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:15:34.0578 1124 usbprint - ok
15:15:34.0609 1124 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:15:34.0859 1124 usbscan - ok
15:15:34.0921 1124 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
15:15:35.0156 1124 usbser - ok
15:15:35.0375 1124 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
15:15:35.0468 1124 UsbserFilt - ok
15:15:35.0515 1124 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:15:35.0687 1124 USBSTOR - ok
15:15:35.0718 1124 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:15:35.0890 1124 usbuhci - ok
15:15:35.0953 1124 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:15:36.0140 1124 VgaSave - ok
15:15:36.0187 1124 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
15:15:36.0250 1124 viaagp1 - ok
15:15:36.0328 1124 viagfx (220d565a3afdea901dabc67a5c81a121) C:\WINDOWS\system32\DRIVERS\vtmini.sys
15:15:36.0421 1124 viagfx - ok
15:15:36.0453 1124 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:15:36.0640 1124 ViaIde - ok
15:15:36.0687 1124 VolSnap (ea8669259fd8fa264c168b38741db8f3) C:\WINDOWS\system32\drivers\VolSnap.sys
15:15:36.0875 1124 VolSnap - ok
15:15:36.0953 1124 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:15:37.0140 1124 Wanarp - ok
15:15:37.0203 1124 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:15:37.0281 1124 Wdf01000 - ok
15:15:37.0328 1124 WDICA - ok
15:15:37.0390 1124 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:15:37.0609 1124 wdmaud - ok
15:15:37.0718 1124 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:15:37.0843 1124 WpdUsb - ok
15:15:38.0046 1124 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:15:38.0265 1124 WS2IFSL - ok
15:15:38.0359 1124 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:15:38.0437 1124 WudfPf - ok
15:15:38.0484 1124 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:15:38.0562 1124 WudfRd - ok
15:15:38.0625 1124 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
15:15:38.0703 1124 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:15:38.0703 1124 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:15:38.0703 1124 Boot (0x1200) (25a203a845eab4ed91c87f600b1c8aac) \Device\Harddisk0\DR0\Partition0
15:15:38.0703 1124 \Device\Harddisk0\DR0\Partition0 - ok
15:15:38.0734 1124 Boot (0x1200) (1bd9e2d2eadecdd2c68e1d762eddb9cf) \Device\Harddisk0\DR0\Partition1
15:15:38.0734 1124 \Device\Harddisk0\DR0\Partition1 - ok
15:15:38.0750 1124 ============================================================
15:15:38.0750 1124 Scan finished
15:15:38.0750 1124 ============================================================
15:15:38.0906 3512 Detected object count: 7
15:15:38.0906 3512 Actual detected object count: 7
15:16:08.0984 3512 CdaC15BA ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:08.0984 3512 CdaC15BA ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:09.0000 3512 cFosNT ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:09.0000 3512 cFosNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:09.0000 3512 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:09.0000 3512 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:09.0000 3512 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:16:09.0000 3512 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:16:09.0000 3512 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:09.0000 3512 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:09.0000 3512 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:09.0000 3512 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:09.0000 3512 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:16:09.0000 3512 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:35:26.0687 3280 Deinitialize success

Edited by harrykewell, 26 November 2011 - 01:40 AM.

[CompCav]

Step 1.

Please download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
It will produce C:\DiskReport.txt log please post results from that log here to me.


Step 2.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.


Step 3.

Please post:

DiskReport.txt
Screen shot of Disk Management Window

Please tell me how the computer is performing and what issues remain?

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.