Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old June 25th, 2010, 08:01 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
Is this a virus?

Hi there,

I have this 32GB USB which is messing up.

I have three folders in it and two of these folders have strange files in their subfolders and I can't open up some of the word documents.

For example:
http://img268.imageshack.us/img268/4299/sony3.png
http://img690.imageshack.us/img690/5307/sony1.png
http://img576.imageshack.us/img576/8723/sony2l.png

Is there a virus on my USB? I don't understand why some of the files are acting up but the rest aren't.

The information on the USB is really important so I would really appreciate any help I could get.

Thank you!
Reply With Quote


  #2  
Old June 26th, 2010, 02:12 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,713
Hello lxndrzh,

For those first two pictures you linked to, looks like the names are possibly machine code, so not intended to be read by humans, or fonts that your system does not have the right language settings/files for them. Last time I dealt with a similar issue though, files that showed like that were due to corruption. In my own one situation I was using just about the cheapest USB drive available on the web, and was getting my money's worth for it.

Not really catching whatever you feel that third picture shows. See if you can upload some of the things you are having issues with, and let's see what I can garner from them. If possible, try zipping copies, which will make moving them around easier.


Then just go here, press new topic, fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select the zipped files on your computer.

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.

Just click the "(more attachments)" next to the Browse button to upload more than one file.


Let's also take a look at things. Since it is part of the issues there, be sure to leave that USB drive inserted until I give the all clear here.


Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top check "Scan All Users", then click "Quick Scan". Make no other changes at this time.

Once the scan completes the results will open in Notepad - copy/paste those back here please.
Reply With Quote
  #3  
Old June 27th, 2010, 06:42 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
OTL logfile created on: 6/27/2010 1:38:07 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Alexandra Zhu\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.04 Gb Total Space | 321.95 Gb Free Space | 71.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 29.90 Gb Total Space | 20.08 Gb Free Space | 67.14% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDRAZHU-PC
Current User Name: Alexandra Zhu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/27 13:28:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra Zhu\Downloads\OTL.exe
PRC - [2010/06/25 18:26:39 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/25 18:26:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/17 10:38:47 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
PRC - [2010/02/26 08:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe
PRC - [2010/01/31 06:27:38 | 000,141,061 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2009/11/06 00:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/11/06 00:15:02 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/31 08:20:10 | 000,427,320 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
PRC - [2009/10/31 03:48:42 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/10/31 03:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/10/30 05:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/10/30 05:08:34 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/10/29 02:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/10/28 11:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/10/27 01:15:40 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/10/24 12:28:58 | 000,832,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2009/10/22 00:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009/10/07 00:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/10/07 00:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/10/03 04:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/03 04:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 10:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 10:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/29 05:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/09/29 05:30:32 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2009/09/01 09:29:54 | 007,731,744 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/30 07:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009/07/29 11:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/29 06:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/29 05:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/23 04:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/07/22 02:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/11 09:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/14 06:03:18 | 000,337,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
PRC - [2009/01/14 12:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/12/17 14:38:08 | 006,424,576 | ---- | M] (ZTE Corporation) -- C:\Program Files\Telstra Turbo Connection Manager\Telstra Turbo Connection Manager.exe
PRC - [2008/11/25 13:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/08/07 13:49:00 | 000,091,648 | ---- | M] () -- C:\Windows\System32\SupportAppXL\AutoDect.exe
Reply With Quote
  #4  
Old June 27th, 2010, 06:49 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
========== Modules (SafeList) ==========

MOD - [2010/06/27 13:28:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra Zhu\Downloads\OTL.exe
MOD - [2009/07/14 09:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 09:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 09:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 09:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 09:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 09:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 09:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 09:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 09:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 09:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 09:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/17 23:41:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/17 07:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 08:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2009/11/06 00:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/10/31 03:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/10/30 05:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/28 11:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/10/22 01:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/22 00:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/10/07 00:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/03 04:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/01 10:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 10:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/29 05:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/07/29 06:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 09:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 09:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 09:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 09:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 09:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 09:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 09:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 09:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 09:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 09:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 09:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 09:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 09:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 09:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 09:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 09:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/11 09:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/25 13:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/25 13:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/25 13:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
Reply With Quote
  #5  
Old June 27th, 2010, 06:50 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
========== Driver Services (SafeList) ==========

DRV - [2010/05/29 03:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100625.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/28 19:01:02 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 19:01:02 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/23 02:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/16 21:40:32 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100626.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/16 21:40:32 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100626.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/16 19:35:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 12:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\NIS\1107000.00C\SYMTDI V.SYS -- (SYMTDIv)
DRV - [2010/04/29 13:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1107000.00C\Ironx8 6.SYS -- (SymIRON)
DRV - [2010/04/22 11:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\NIS\1107000.00C\SYMEFA .SYS -- (SymEFA)
DRV - [2010/04/22 10:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\Drivers\NIS\1107000.00C\SRTSP. SYS -- (SRTSP)
DRV - [2010/04/22 10:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1107000.00C\SRTSPX .SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 08:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1107000.00C\ccHPx8 6.sys -- (ccHP)
DRV - [2010/01/16 01:02:20 | 009,927,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/11 15:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/06 13:14:56 | 000,230,912 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/10/27 03:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/16 11:11:26 | 000,231,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/10/03 04:33:24 | 000,862,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/10/03 03:40:50 | 000,432,664 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/09/24 01:25:18 | 000,120,432 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/09/18 03:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/09/01 09:18:50 | 002,760,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/30 08:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\NIS\1107000.00C\SYMDS. SYS -- (SymDS)
DRV - [2009/07/31 12:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/31 08:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/25 06:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/21 14:04:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/07/21 14:04:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/07/21 14:04:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/07/15 06:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 13:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/07/14 09:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 09:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 09:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 09:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 09:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 09:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 09:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 09:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 09:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 09:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 09:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 09:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 09:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 09:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 09:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 09:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 09:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 09:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 09:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 09:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 09:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 09:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 09:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 09:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 09:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 09:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 09:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 09:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 09:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 09:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 09:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 09:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 09:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 09:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 09:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 09:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 08:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 08:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 08:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 07:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 07:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 07:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 07:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 07:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 07:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 07:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 07:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 07:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 07:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 07:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 07:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 07:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 07:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 07:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 07:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 06:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 06:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 06:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 06:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 06:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 06:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 06:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 06:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 06:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 06:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/30 07:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2009/06/30 01:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/30 01:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009/06/23 08:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 10:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/06/12 04:05:04 | 000,626,688 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009/05/20 12:59:00 | 000,011,776 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008/08/12 10:11:36 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/04/25 09:16:00 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)
Reply With Quote
  #6  
Old June 27th, 2010, 06:51 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...TSAU&bmod=TSAU
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSAU&bmod=TSAU


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4199254761-769199252-3171373704-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...TSAU&bmod=TSAU
IE - HKU\S-1-5-21-4199254761-769199252-3171373704-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSAU&bmod=TSAU
IE - HKU\S-1-5-21-4199254761-769199252-3171373704-1004\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.1.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA059 1-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/26 10:45:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F365 1-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/05/18 17:03:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/25 18:26:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/25 18:26:39 | 000,000,000 | ---D | M]

[2010/05/16 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\Alexandra Zhu\AppData\Roaming\Mozilla\Extensions
[2010/06/26 22:10:08 | 000,000,000 | ---D | M] -- C:\Users\Alexandra Zhu\AppData\Roaming\Mozilla\Firefox\Profiles\i31hg d2p.default\extensions
[2010/06/27 13:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexandra Zhu\AppData\Roaming\Mozilla\Firefox\Profiles\i31hg d2p.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/06/25 21:04:19 | 000,001,238 | ---- | M] () -- C:\Users\Alexandra Zhu\AppData\Roaming\Mozilla\Firefox\Profiles\i31hg d2p.default\searchplugins\facebook.xml
[2010/05/16 21:55:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 21:55:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/02 00:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/02 00:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/02 00:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/02 00:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4199254761-769199252-3171373704-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4199254761-769199252-3171373704-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4199254761-769199252-3171373704-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [autodetect] C:\Windows\System32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-4199254761-769199252-3171373704-1004..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-21-4199254761-769199252-3171373704-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alexandra Zhu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Reply With Quote
  #7  
Old June 27th, 2010, 06:52 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
========== Files/Folders - Created Within 90 Days ==========

[2010/06/27 02:29:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/27 02:29:11 | 000,000,000 | ---D | C] -- C:\9d411f760b9e2677ef21826e0e7a
[2010/06/22 18:53:52 | 000,000,000 | ---D | C] -- C:\ppsvodcache
[2010/06/22 18:45:54 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\PPStream
[2010/06/22 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\PPStream
[2010/06/22 12:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/22 12:20:09 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\WinBatch
[2010/06/22 11:46:02 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Documents\Vuze Downloads
[2010/06/16 22:13:20 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Azureus
[2010/06/16 21:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/06/09 22:20:17 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\GrabPro
[2010/06/09 22:20:17 | 000,000,000 | ---D | C] -- C:\downloads
[2010/06/09 22:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2010/06/09 22:20:14 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Orbit
[2010/06/03 20:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Wild Tangent
[2010/06/02 18:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/02 18:26:16 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\Microsoft Help
[2010/06/01 15:45:16 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Documents\TikGames
[2010/05/30 15:39:35 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Documents\My Received Files
[2010/05/30 10:43:17 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Desktop\Downloads
[2010/05/30 10:43:05 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\GetRightToGo
[2010/05/25 22:42:13 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\symtdi v.sys
[2010/05/25 22:42:13 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\symds. sys
[2010/05/25 22:42:13 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\symefa .sys
[2010/05/25 22:42:13 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\srtspx .sys
[2010/05/25 22:42:12 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\cchpx8 6.sys
[2010/05/25 22:42:12 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\srtsp. sys
[2010/05/25 22:42:12 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\ironx8 6.sys
[2010/05/25 22:41:52 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1107000.00C
[2010/05/23 00:58:32 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Documents\ACCT1101
[2010/05/23 00:58:21 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Documents\ECON1101
[2010/05/22 17:18:48 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\Microsoft Games
[2010/05/21 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Tracing
[2010/05/20 19:33:19 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\Adobe
[2010/05/20 10:06:36 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Documents\LAWS1105
[2010/05/19 17:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/05/18 23:56:32 | 000,000,000 | ---D | C] -- C:\windows\SQLTools9_KB970892_ENU
[2010/05/18 23:53:13 | 000,000,000 | ---D | C] -- C:\windows\SQL9_KB970892_ENU
[2010/05/18 19:40:27 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Apple Computer
[2010/05/18 19:40:27 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\Apple Computer
[2010/05/18 19:39:59 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2010/05/18 19:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/18 19:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/18 19:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/18 19:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/18 19:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/05/18 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\Apple
[2010/05/18 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/18 19:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/18 19:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/05/18 19:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/18 19:34:13 | 097,547,048 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2010/05/18 11:25:48 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Documents\AIESEC
[2010/05/18 09:56:54 | 000,000,000 | ---D | C] -- C:\HP-UPD-45_PCL5-32
[2010/05/17 23:41:37 | 000,000,000 | ---D | C] -- C:\windows\System32\Wat
[2010/05/17 23:12:07 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Documents\CTS
[2010/05/17 22:40:02 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Documents\LAWS1130
[2010/05/17 10:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA Games
[2010/05/17 10:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2010/05/17 10:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/05/17 10:52:43 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS
[2010/05/17 10:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/05/17 10:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/05/17 10:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/05/17 10:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/17 10:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/05/17 10:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Small Business
[2010/05/17 10:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/05/17 10:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/17 10:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/17 10:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/17 10:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/17 10:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/17 10:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/17 10:42:50 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/17 10:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/17 10:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/05/17 10:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/17 10:40:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/05/17 10:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/05/17 10:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/17 10:39:41 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2010/05/17 10:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/05/17 10:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2010/05/17 10:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/05/17 10:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/17 10:35:48 | 000,000,000 | ---D | C] -- C:\windows\System32\Macromed
[2010/05/17 10:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2010/05/17 10:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2010/05/17 10:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2010/05/17 10:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010/05/17 10:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Dolby
[2010/05/17 10:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Toshiba Shared
[2010/05/17 10:29:03 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2010/05/17 10:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA
[2010/05/17 10:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/05/17 10:27:36 | 000,000,000 | ---D | C] -- C:\windows\System32\SDA
[2010/05/17 10:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\JMicron
[2010/05/17 10:27:00 | 000,230,912 | ---- | C] (Realtek ) -- C:\windows\System32\drivers\Rt86win7.sys
[2010/05/17 10:27:00 | 000,094,208 | ---- | C] (Realtek Semiconductor Corporation) -- C:\windows\System32\RTNUninst32.dll
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\tr
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\sv
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\sk
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\ru
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\pt
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\pl
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\no
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\nl
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\it
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\hu
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\fr
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\fi
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\es
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\el
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\de
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\da
[2010/05/17 10:26:17 | 000,000,000 | ---D | C] -- C:\windows\System32\cs
[2010/05/17 10:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/05/17 10:24:37 | 000,862,208 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\windows\System32\drivers\rtl8192se.sys
[2010/05/17 10:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek WLAN Driver
[2010/05/17 10:04:15 | 000,000,000 | ---D | C] -- C:\windows\System32\RTCOM
[2010/05/17 10:04:06 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioEQ.dll
[2010/05/17 10:04:06 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\WavesLib.dll
[2010/05/17 10:04:06 | 000,347,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEP32A.dll
[2010/05/17 10:04:06 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSXT.dll
[2010/05/17 10:04:06 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DHT32.dll
[2010/05/17 10:04:06 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DAA32.dll
[2010/05/17 10:04:06 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSHD.dll
[2010/05/17 10:04:06 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSHP360.dll
[2010/05/17 10:04:06 | 000,164,864 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEED32A.dll
[2010/05/17 10:04:06 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioAPO20.dll
[2010/05/17 10:04:06 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSWOW.dll
[2010/05/17 10:04:06 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioAPO.dll
[2010/05/17 10:04:06 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEL32A.dll
[2010/05/17 10:04:06 | 000,059,392 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEG32A.dll
[2010/05/17 10:04:05 | 000,266,752 | ---- | C] (Fortemedia Corporation) -- C:\windows\System32\FMAPO.dll
[2010/05/17 10:04:05 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010/05/17 10:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/05/17 10:00:54 | 000,024,576 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\windows\System32\TSBWLS.dll
[2010/05/17 10:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\XP
[2010/05/17 10:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_64
[2010/05/17 10:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_32
[2010/05/17 10:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista64
[2010/05/17 10:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista32
[2010/05/17 10:00:30 | 000,000,000 | ---D | C] -- C:\windows\System32\Microsoft.VC80.MFC
[2010/05/17 09:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/05/17 09:57:25 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2010/05/17 09:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/17 09:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2010/05/17 09:55:51 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/17 09:54:12 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\System32\CSVer.dll
[2010/05/17 09:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/17 09:53:34 | 000,000,000 | ---D | C] -- C:\TOSHIBA
[2010/05/17 09:49:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/16 22:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Friends Games
[2010/05/16 22:08:51 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\vlc
[2010/05/16 22:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/05/16 21:56:21 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\skypePM
[2010/05/16 21:55:36 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Skype
[2010/05/16 21:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/16 21:55:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/05/16 21:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/05/16 21:48:16 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Mozilla
[2010/05/16 21:48:16 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\Mozilla
[2010/05/16 21:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/16 21:41:12 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Google
[2010/05/16 21:41:11 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\Google
[2010/05/16 21:37:02 | 000,114,688 | ---- | C] (ZTE Corporation) -- C:\windows\System32\drivers\ZTEusbnet.sys
[2010/05/16 21:37:02 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbser6k.sys
[2010/05/16 21:37:02 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbnmeaext.sys
[2010/05/16 21:37:02 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbnmea.sys
[2010/05/16 21:37:01 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\ZTEusbmdm6k.sys
[2010/05/16 21:37:01 | 000,007,168 | ---- | C] (ZTE Incorporated) -- C:\windows\System32\drivers\massfilter.sys
[2010/05/16 21:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\ZTEDriver
[2010/05/16 21:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Telstra Turbo Connection Manager
[2010/05/16 20:10:08 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Macromedia
[2010/05/16 20:05:31 | 000,000,000 | ---D | C] -- C:\windows\System32\SupportAppXL
[2010/05/16 19:51:43 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Adobe
[2010/05/16 19:51:42 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\WildTangent
[2010/05/16 19:47:57 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\TOSHIBA_Corporation
[2010/05/16 19:35:36 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2010/05/16 19:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/16 19:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/16 19:33:20 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\Toshiba
[2010/05/16 19:32:40 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Intel Corporation
[2010/05/16 19:31:34 | 000,000,000 | R--D | C] -- C:\Users\Alexandra Zhu\Searches
[2010/05/16 19:31:34 | 000,000,000 | -H-D | C] -- C:\Users\Alexandra Zhu\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/05/16 19:31:24 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Identities
[2010/05/16 19:31:21 | 000,000,000 | R--D | C] -- C:\Users\Alexandra Zhu\Contacts
[2010/05/16 19:30:41 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\VirtualStore
[2010/05/16 19:30:38 | 000,000,000 | --SD | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Microsoft
[2010/05/16 19:30:38 | 000,000,000 | R--D | C] -- C:\Users\Alexandra Zhu\Saved Games
[2010/05/16 19:30:38 | 000,000,000 | R--D | C] -- C:\Users\Alexandra Zhu\Music
[2010/05/16 19:30:38 | 000,000,000 | R--D | C] -- C:\Users\Alexandra Zhu\Links
[2010/05/16 19:30:38 | 000,000,000 | R--D | C] -- C:\Users\Alexandra Zhu\Favorites
[2010/05/16 19:30:38 | 000,000,000 | R--D | C] -- C:\Users\Alexandra Zhu\Downloads
[2010/05/16 19:30:38 | 000,000,000 | R--D | C] -- C:\Users\Alexandra Zhu\My Documents
[2010/05/16 19:30:38 | 000,000,000 | R--D | C] -- C:\Users\Alexandra Zhu\Desktop
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\AppData\Local\Temporary Internet Files
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\Templates
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\Start Menu
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\SendTo
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\Recent
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\PrintHood
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\NetHood
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\Documents\My Videos
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\Documents\My Pictures
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\Documents\My Music
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\My Documents
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\Local Settings
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\AppData\Local\History
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\Cookies
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\Application Data
[2010/05/16 19:30:38 | 000,000,000 | -HSD | C] -- C:\Users\Alexandra Zhu\AppData\Local\Application Data
[2010/05/16 19:30:38 | 000,000,000 | -H-D | C] -- C:\Users\Alexandra Zhu\AppData
[2010/05/16 19:30:38 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Videos
[2010/05/16 19:30:38 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\Temp
[2010/05/16 19:30:38 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\Pictures
[2010/05/16 19:30:38 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Local\Microsoft
[2010/05/16 19:30:38 | 000,000,000 | ---D | C] -- C:\Users\Alexandra Zhu\AppData\Roaming\Media Center Programs
Reply With Quote
  #8  
Old June 27th, 2010, 06:53 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
========== Files - Modified Within 90 Days ==========

[2010/06/27 13:38:11 | 001,835,008 | -HS- | M] () -- C:\Users\Alexandra Zhu\NTUSER.DAT
[2010/06/27 13:18:13 | 000,786,296 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/06/27 13:18:13 | 000,670,492 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/06/27 13:18:13 | 000,127,378 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/27 12:55:27 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 12:55:27 | 000,016,080 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 12:49:30 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/27 12:48:04 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/06/27 12:47:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/06/27 12:47:50 | 2407,735,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/27 12:32:41 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/27 02:29:07 | 000,956,136 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/06/27 02:28:43 | 004,411,467 | -H-- | M] () -- C:\Users\Alexandra Zhu\AppData\Local\IconCache.db
[2010/06/22 19:25:36 | 001,391,104 | ---- | M] () -- C:\apploc.msi
[2010/06/19 21:20:53 | 000,014,472 | ---- | M] () -- C:\Users\Alexandra Zhu\Documents\Kardinya Bedroom Available.docx
[2010/06/14 20:53:02 | 000,082,747 | ---- | M] () -- C:\Users\Alexandra Zhu\Desktop\DSC00715.JPG
[2010/06/14 20:52:37 | 000,118,751 | ---- | M] () -- C:\Users\Alexandra Zhu\Desktop\DSC00714.JPG
[2010/06/14 20:52:07 | 000,102,587 | ---- | M] () -- C:\Users\Alexandra Zhu\Desktop\DSC00713.JPG
[2010/06/14 20:51:41 | 000,099,217 | ---- | M] () -- C:\Users\Alexandra Zhu\Desktop\DSC00716.JPG
[2010/06/12 00:57:11 | 000,010,583 | ---- | M] () -- C:\Users\Alexandra Zhu\Documents\Claim H004447263.docx
[2010/06/10 09:36:48 | 000,439,568 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/09 22:20:16 | 000,001,044 | ---- | M] () -- C:\Users\Alexandra Zhu\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2010/06/09 22:20:16 | 000,001,020 | ---- | M] () -- C:\Users\Alexandra Zhu\Desktop\Orbit.lnk
[2010/06/02 18:49:44 | 000,001,125 | ---- | M] () -- C:\Users\Alexandra Zhu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
[2010/05/30 11:33:40 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf
[2010/05/26 10:30:16 | 000,002,434 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/05/23 20:37:21 | 000,000,410 | ---- | M] () -- C:\windows\BRWMARK.INI
[2010/05/23 20:37:21 | 000,000,034 | ---- | M] () -- C:\windows\System32\BD2040.DAT
[2010/05/18 19:40:09 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/18 19:37:05 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/17 12:24:50 | 000,039,252 | ---- | M] () -- C:\windows\System32\license.rtf
[2010/05/17 10:50:57 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2010/05/17 10:45:28 | 000,000,478 | ---- | M] () -- C:\windows\win.ini
[2010/05/17 10:36:52 | 000,000,000 | ---- | M] () -- C:\windows\NDSTray.INI
[2010/05/17 10:35:43 | 000,002,384 | ---- | M] () -- C:\Users\Public\Desktop\DVD MovieFactory Launcher.lnk
[2010/05/17 10:31:44 | 000,001,746 | ---- | M] () -- C:\Users\Public\Desktop\TOSHIBA DVD PLAYER.lnk
[2010/05/17 10:30:05 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\HDMI Out.lnk
[2010/05/17 10:28:04 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\TOSHIBA USB Sleep and Charge.lnk
[2010/05/17 10:25:27 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_0100 9.Wdf
[2010/05/16 22:07:16 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/05/16 21:56:22 | 000,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/05/16 21:55:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/16 21:48:03 | 000,001,920 | ---- | M] () -- C:\Users\Alexandra Zhu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/16 21:48:03 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/16 21:41:05 | 000,001,418 | ---- | M] () -- C:\Users\Alexandra Zhu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/16 21:11:29 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Telstra Turbo Connection Manager.lnk
[2010/05/16 20:06:15 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
[2010/05/16 19:51:41 | 000,002,152 | ---- | M] () -- C:\Users\Public\Desktop\Play Games.lnk
[2010/05/16 19:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Alexandra Zhu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regt rans-ms
[2010/05/16 19:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Alexandra Zhu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regt rans-ms
[2010/05/16 19:48:00 | 000,065,536 | -HS- | M] () -- C:\Users\Alexandra Zhu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/16 19:35:36 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2010/05/16 19:35:36 | 000,007,443 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2010/05/16 19:35:36 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2010/05/16 19:32:41 | 000,122,432 | ---- | M] () -- C:\Users\Alexandra Zhu\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/16 19:30:38 | 000,000,020 | -HS- | M] () -- C:\Users\Alexandra Zhu\ntuser.ini
[2010/05/14 14:32:01 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\isolat e.ini
[2010/05/06 12:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\symtdi v.sys
[2010/05/06 12:01:43 | 000,001,473 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\symnet v.inf
[2010/05/06 12:01:43 | 000,001,445 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\symnet .inf
[2010/04/29 13:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\ironx8 6.sys
[2010/04/29 13:03:51 | 000,007,438 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\iron.c at
[2010/04/29 13:03:51 | 000,000,741 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\iron.i nf
[2010/04/26 16:18:40 | 000,007,873 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\symefa .cat
[2010/04/24 19:31:04 | 000,003,373 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\symefa .inf
[2010/04/22 11:02:36 | 000,007,787 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\symnet v.cat
[2010/04/22 11:02:36 | 000,007,368 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\symnet .cat
[2010/04/22 11:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\symefa .sys
[2010/04/22 11:01:56 | 000,007,425 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\symds. cat
[2010/04/22 10:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\srtsp. sys
[2010/04/22 10:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1107000.00C\srtspx .sys
[2010/04/22 10:29:50 | 000,007,442 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\srtspx .cat
[2010/04/22 10:29:50 | 000,007,438 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\srtsp. cat
[2010/04/22 10:29:50 | 000,001,388 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\srtspx .inf
[2010/04/22 10:29:50 | 000,001,382 | ---- | M] () -- C:\windows\System32\drivers\NIS\1107000.00C\srtsp. inf

========== Files Created - No Company Name ==========

[2010/06/22 19:25:36 | 001,391,104 | ---- | C] () -- C:\apploc.msi
[2010/06/19 21:19:11 | 000,014,472 | ---- | C] () -- C:\Users\Alexandra Zhu\Documents\Kardinya Bedroom Available.docx
[2010/06/14 20:50:53 | 000,118,751 | ---- | C] () -- C:\Users\Alexandra Zhu\Desktop\DSC00714.JPG
[2010/06/14 20:50:53 | 000,102,587 | ---- | C] () -- C:\Users\Alexandra Zhu\Desktop\DSC00713.JPG
[2010/06/14 20:50:53 | 000,099,217 | ---- | C] () -- C:\Users\Alexandra Zhu\Desktop\DSC00716.JPG
[2010/06/14 20:50:53 | 000,082,747 | ---- | C] () -- C:\Users\Alexandra Zhu\Desktop\DSC00715.JPG
[2010/06/12 00:57:10 | 000,010,583 | ---- | C] () -- C:\Users\Alexandra Zhu\Documents\Claim H004447263.docx
[2010/06/09 22:20:16 | 000,001,044 | ---- | C] () -- C:\Users\Alexandra Zhu\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2010/06/09 22:20:16 | 000,001,020 | ---- | C] () -- C:\Users\Alexandra Zhu\Desktop\Orbit.lnk
[2010/06/02 18:49:44 | 000,001,125 | ---- | C] () -- C:\Users\Alexandra Zhu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
[2010/05/26 10:29:57 | 000,956,136 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/05/25 22:42:13 | 000,007,873 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\symefa .cat
[2010/05/25 22:42:13 | 000,007,787 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\symnet v.cat
[2010/05/25 22:42:13 | 000,007,442 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\srtspx .cat
[2010/05/25 22:42:13 | 000,007,425 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\symds. cat
[2010/05/25 22:42:13 | 000,007,368 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\symnet .cat
[2010/05/25 22:42:13 | 000,003,373 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\symefa .inf
[2010/05/25 22:42:13 | 000,002,793 | R--- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\symds. inf
[2010/05/25 22:42:13 | 000,001,473 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\symnet v.inf
[2010/05/25 22:42:13 | 000,001,445 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\symnet .inf
[2010/05/25 22:42:13 | 000,001,388 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\srtspx .inf
[2010/05/25 22:42:12 | 000,007,438 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\srtsp. cat
[2010/05/25 22:42:12 | 000,007,438 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\iron.c at
[2010/05/25 22:42:12 | 000,007,396 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\cchpx8 6.cat
[2010/05/25 22:42:12 | 000,001,754 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\cchpx8 6.inf
[2010/05/25 22:42:12 | 000,001,382 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\srtsp. inf
[2010/05/25 22:42:12 | 000,000,741 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\iron.i nf
[2010/05/25 22:41:52 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1107000.00C\isolat e.ini
[2010/05/23 20:37:21 | 000,000,410 | ---- | C] () -- C:\windows\BRWMARK.INI
[2010/05/23 20:37:21 | 000,000,034 | ---- | C] () -- C:\windows\System32\BD2040.DAT
[2010/05/21 22:33:50 | 000,000,886 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/21 22:33:49 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/18 19:40:09 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/18 19:37:05 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/17 10:56:54 | 000,001,520 | ---- | C] () -- C:\Users\Public\Desktop\UserGuide.lnk
[2010/05/17 10:50:57 | 000,001,278 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2010/05/17 10:36:52 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/05/17 10:36:36 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\Recovery Media Creator.lnk
[2010/05/17 10:35:43 | 000,002,384 | ---- | C] () -- C:\Users\Public\Desktop\DVD MovieFactory Launcher.lnk
[2010/05/17 10:31:44 | 000,001,746 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA DVD PLAYER.lnk
[2010/05/17 10:30:05 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\HDMI Out.lnk
[2010/05/17 10:28:04 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA USB Sleep and Charge.lnk
[2010/05/17 10:27:00 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/05/17 10:25:27 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_0100 9.Wdf
[2010/05/17 10:04:07 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010/05/17 10:04:07 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010/05/17 10:04:07 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010/05/17 10:04:07 | 000,000,096 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/05/17 10:00:54 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/05/17 09:49:43 | 2407,735,296 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/16 22:07:16 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/05/16 21:56:22 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/16 21:55:13 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/16 21:48:03 | 000,001,920 | ---- | C] () -- C:\Users\Alexandra Zhu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/16 21:48:03 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/16 21:41:05 | 000,001,418 | ---- | C] () -- C:\Users\Alexandra Zhu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/16 21:11:20 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Telstra Turbo Connection Manager.lnk
[2010/05/16 20:06:15 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
[2010/05/16 19:51:41 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\Play Games.lnk
[2010/05/16 19:35:36 | 000,007,443 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2010/05/16 19:35:36 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2010/05/16 19:35:35 | 000,002,434 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/05/16 19:30:38 | 001,835,008 | -HS- | C] () -- C:\Users\Alexandra Zhu\NTUSER.DAT
[2010/05/16 19:30:38 | 000,524,288 | -HS- | C] () -- C:\Users\Alexandra Zhu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regt rans-ms
[2010/05/16 19:30:38 | 000,524,288 | -HS- | C] () -- C:\Users\Alexandra Zhu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regt rans-ms
[2010/05/16 19:30:38 | 000,262,144 | -HS- | C] () -- C:\Users\Alexandra Zhu\ntuser.dat.LOG1
[2010/05/16 19:30:38 | 000,065,536 | -HS- | C] () -- C:\Users\Alexandra Zhu\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/16 19:30:38 | 000,000,290 | ---- | C] () -- C:\Users\Alexandra Zhu\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/05/16 19:30:38 | 000,000,272 | ---- | C] () -- C:\Users\Alexandra Zhu\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/05/16 19:30:38 | 000,000,020 | -HS- | C] () -- C:\Users\Alexandra Zhu\ntuser.ini
[2010/05/16 19:30:38 | 000,000,000 | -HS- | C] () -- C:\Users\Alexandra Zhu\ntuser.dat.LOG2
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 19:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010/06/23 22:37:34 | 000,000,000 | ---D | M] -- C:\Users\Alexandra Zhu\AppData\Roaming\Azureus
[2010/05/30 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\Alexandra Zhu\AppData\Roaming\GetRightToGo
[2010/06/09 22:20:17 | 000,000,000 | ---D | M] -- C:\Users\Alexandra Zhu\AppData\Roaming\GrabPro
[2010/06/10 23:35:23 | 000,000,000 | ---D | M] -- C:\Users\Alexandra Zhu\AppData\Roaming\Orbit
[2010/06/22 19:10:35 | 000,000,000 | ---D | M] -- C:\Users\Alexandra Zhu\AppData\Roaming\PPStream
[2010/05/16 19:51:42 | 000,000,000 | ---D | M] -- C:\Users\Alexandra Zhu\AppData\Roaming\WildTangent
[2010/06/22 12:20:09 | 000,000,000 | ---D | M] -- C:\Users\Alexandra Zhu\AppData\Roaming\WinBatch
[2009/07/14 12:53:46 | 000,021,034 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
Reply With Quote
  #9  
Old June 27th, 2010, 06:54 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
OTL Extras logfile created on: 6/27/2010 1:38:07 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Alexandra Zhu\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.04 Gb Total Space | 321.95 Gb Free Space | 71.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 29.90 Gb Total Space | 20.08 Gb Free Space | 67.14% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDRAZHU-PC
Current User Name: Alexandra Zhu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4199254761-769199252-3171373704-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Reply With Quote
  #10  
Old June 27th, 2010, 06:54 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Telstra Turbo Connection Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"D751CB2FD39EE07639D08542EEF9BF77AD1D9696" = ENE CIR Receiver Driver
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"PPStream" = PPStream V2.6.86.9038 Final
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = WildTangent ORB Game Console
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.0.5
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078108" = FATE
"WT078123" = Monopoly
"WT078129" = Polar Bowler
"WT078308" = Bejeweled 2 Deluxe
"WT078316" = Chuzzle Deluxe
"WT078338" = Magic Match - The Genie's Journey
"WT078364" = Peggle
"WT078480" = Zuma Deluxe
"WT078492" = Polar Golfer
"ZTE USB Driver" = ZTE USB Driver
Reply With Quote
  #11  
Old June 27th, 2010, 06:56 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2010 11:37:45 PM | Computer Name = AlexandraZhu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2043

Error - 6/15/2010 11:37:45 PM | Computer Name = AlexandraZhu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2043

Error - 6/15/2010 11:37:46 PM | Computer Name = AlexandraZhu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2010 11:37:46 PM | Computer Name = AlexandraZhu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3073

Error - 6/15/2010 11:37:46 PM | Computer Name = AlexandraZhu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3073

Error - 6/15/2010 11:59:58 PM | Computer Name = AlexandraZhu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2010 11:59:58 PM | Computer Name = AlexandraZhu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1335493

Error - 6/15/2010 11:59:58 PM | Computer Name = AlexandraZhu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1335493

Error - 6/16/2010 12:43:05 AM | Computer Name = AlexandraZhu-PC | Source = Google Update | ID = 20
Description =

Error - 6/16/2010 6:43:05 AM | Computer Name = AlexandraZhu-PC | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 5/22/2010 3:34:00 AM | Computer Name = AlexandraZhu-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 181
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/8/2010 7:13:43 AM | Computer Name = AlexandraZhu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:23:30 PM on ?8/?06/?2010 was unexpected.

Error - 6/8/2010 10:03:05 PM | Computer Name = AlexandraZhu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:39:52 PM on ?8/?06/?2010 was unexpected.

Error - 6/9/2010 9:39:45 PM | Computer Name = AlexandraZhu-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{02251A20-BBCB-46FF-A4F9-C8BC4A5FF17C}
because another computer on the network has the same name. The server could not
start.

Error - 6/10/2010 1:17:46 AM | Computer Name = AlexandraZhu-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{02251A20-BBCB-46FF-A4F9-C8BC4A5FF17C}
because another computer on the network has the same name. The server could not
start.

Error - 6/10/2010 1:18:00 AM | Computer Name = AlexandraZhu-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{02251A20-BBCB-46FF-A4F9-C8BC4A5FF17C}
because another computer on the network has the same name. The server could not
start.

Error - 6/10/2010 1:33:00 AM | Computer Name = AlexandraZhu-PC | Source = RasMan | ID = 20276
Description = CoId={27BEF2DF-53CA-4300-B069-4EDBDFF8D1E7}: Layer=PPP: SubLayer=LCP:
The connection attempt failed on port: VPN3-1 because of the authentication protocol
selected. Check to see if the authentication protocol is supported in the operating
systems at the client and server ends of the connection

Error - 6/10/2010 4:16:45 AM | Computer Name = AlexandraZhu-PC | Source = RasMan | ID = 20276
Description = CoId={C3D21039-5A2D-406A-B035-FBED3528E580}: Layer=PPP: SubLayer=LCP:
The connection attempt failed on port: VPN3-1 because of the authentication protocol
selected. Check to see if the authentication protocol is supported in the operating
systems at the client and server ends of the connection

Error - 6/10/2010 4:17:44 AM | Computer Name = AlexandraZhu-PC | Source = RasMan | ID = 20276
Description = CoId={290FB70E-7BFF-4879-8BD9-567079C4E1AA}: Layer=PPP: SubLayer=LCP:
The connection attempt failed on port: VPN3-1 because of the authentication protocol
selected. Check to see if the authentication protocol is supported in the operating
systems at the client and server ends of the connection

Error - 6/13/2010 5:52:46 AM | Computer Name = AlexandraZhu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:50:16 PM on ?12/?06/?2010 was unexpected.

Error - 6/14/2010 7:25:12 AM | Computer Name = AlexandraZhu-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{E9DDDE19-58B7-49B0-BE61-02B4D1ACEA71}
because another computer on the network has the same name. The server could not
start.


< End of report >
Reply With Quote
  #12  
Old June 27th, 2010, 07:25 AM
lxndrzh lxndrzh is offline
Member
 
Join Date: Sep 2009
O/S: Windows XP Home
Posts: 57
http://thespykiller.co.uk/index.php/...2.new.html#new

Thank you
Reply With Quote
  #13  
Old June 27th, 2010, 08:56 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,713
I received the files, thanks. The file names all show okay, but their contents are not correct. As one of your pictures who, the .doc files have this for content:

Code:
USBC‚ˆ####€#
(##v@############e#d# #B####l#u#f#f#_#C###o#m#REDBLU~2   ##I#š<š<##J#š<N9####BI#N#E#E#S###> #P#T#Y# #L###T#D##R#E#D# #B###>L#U#F#F# #N###O#M#REDBLU~3
They all appear to have a common bit of info though - that "USBC" entry I bolded above. Web searching that name suggests this SafeNet MicroDog file encryption software. I don't see that name referenced in this OTL log. Due you recognize that software? Does appear to be a likely culprit there, encrypting file names and content.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 10:12 PM.