WiredWX Hobby Weather ToolsLog in

 


descriptionSolvedMy PC is infected with XP Security 2011

more_horiz
Dear Geekpoclice Staff,

My PC is infected with XP Security 2011
- My PC has Malwarebytes Pro installed ... but it can not start (even in safe mode)
-I can not connect to internet with this PC (I used my other PC to post this) and most of the programs can not start (when I click on a symbol shortcut of any application program => it does not run but windows open a box ask "to open that application with a list of other applications".)
- Windows told me "Generic Host Process for Win32 Services Error" and I download an update as Microsoft suggested => but I can not "run" (open) the that update application (as described above)
...
Please help me

Regards,
SilverB

Below is the OTL scan log files (OTL & Extra) ..


Last edited by silverb on 5th April 2011, 11:08 pm; edited 4 times in total

descriptionSolvedRe: My PC is infected with XP Security 2011

more_horiz
OTL logfile created on: 4/5/2011 2:12:09 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 54.40 Gb Free Space | 36.50% Space Free | Partition Type: NTFS
Drive D: | 533.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DADCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 23:30:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/02/18 00:46:20 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/12/20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZilla Server.exe
PRC - [2009/12/20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/12/31 13:12:40 | 000,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2005/06/23 22:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/06/23 22:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/06/02 12:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 12:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/04/04 23:30:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WSearch)
SRV - File not found [Auto | Stopped] -- -- (aawservice)
SRV - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/18 00:46:20 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/02/17 00:11:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
SRV - [2009/12/20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/31 13:12:44 | 000,910,600 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)
SRV - [2008/12/31 13:12:40 | 000,693,512 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/06/23 22:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 22:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 22:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 12:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 12:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 12:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 15:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/31 00:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/01 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110401.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/01 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110401.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/17 11:52:34 | 000,098,032 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2011/03/15 21:08:52 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/18 00:46:23 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/02/18 00:46:17 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2010/02/18 00:46:16 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/02/18 00:46:07 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/12/30 13:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/09 00:56:18 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/27 13:30:22 | 000,072,032 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008/11/02 10:19:37 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/28 13:16:40 | 000,071,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFS.sys -- (DefragFS)
DRV - [2008/04/29 11:20:00 | 000,015,648 | ---- | M] (Lavasoft AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2005/05/13 22:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/05/09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/04/22 15:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/22 15:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/03/31 00:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 23:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 23:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/06/30 21:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 09:28:04 | 000,347,550 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es56tpi.sys -- (Edspport)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.7
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 22:36:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/03 22:36:03 | 000,000,000 | ---D | M]

[2008/09/15 12:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/04/03 22:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elh2zkus.default\extensions
[2010/04/29 02:50:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elh2zkus.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 22:37:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elh2zkus.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/03 05:09:21 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elh2zkus.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/04/03 05:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/03/26 17:24:32 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\IDM\IDMMZCC3
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ELH2ZKUS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2009/01/14 05:17:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/03 22:35:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2011/04/03 22:35:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/04/03 22:35:54 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/04/03 22:35:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/04/03 22:35:54 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/04/03 22:35:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/06 10:46:54 | 000,001,116 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 9 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [ILO_Office_Manager] C:\WINDOWS\System32\intedreg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\SnagIt 9\Snagit32.exe (TechSmith Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} file:///G:/setup/RiffLick.cab (WaveTab Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221432021468 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/14 12:51:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/07/16 16:55:09 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{f66f73c1-8240-11dd-8b16-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f66f73c1-8240-11dd-8b16-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f66f73c1-8240-11dd-8b16-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2003/07/16 16:55:10 | 001,310,720 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ura.exe" -a "%1" %* ()
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Owner\Local Settings\Application Data\njd.exe" -a "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ura.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Owner\Local Settings\Application Data\njd.exe" -a "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: IDMan - hkey= - key= - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
MsConfig - StartUpReg: Nitro PDF Printer Monitor - hkey= - key= - C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SHS - hkey= - key= - C:\Program Files\Rogers\SelfHealing\SHS.exe (Rogers Cable)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Update Manager - hkey= - key= - C:\Program Files\Rogers\Update Manager\UpdateManager.exe (Rogers Cable Communications Inc. )
MsConfig - StartUpReg: VPSKEYS - hkey= - key= - C:\Program Files\Vpskeys\VPSKEYS.EXE (Hoi Chuyen Gia Viet Nam)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: aawservice - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} -
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
ActiveX: {33321B2C-39B9-1339-C3C7-B6E9E5960157} - DirectX
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} -
ActiveX: {362036E8-2F52-43D5-CE6E-F34616794149} - NetShow
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} -
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7C50C422-FAB7-DFA4-764A-F1C512DB5B6A} - Internet Explorer
ActiveX: {837A2318-6C43-814E-B152-DB2D2A8D36C5} -
ActiveX: {86507CAD-9371-7A54-2E0A-98169D7DAC93} - Windows Media Player
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {B630F5FD-5AD2-4489-B0D3-8DD887A2B632} - NoIE8Tour
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E7B85360-EC5F-489B-9917-CA9DE72E7C5B} - Yahoo! Search Settings Update
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{b5f15cbd-370a-4244-8f42-14cba2eb4e2c} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: Nitro PDF Professional - cscript //B "C:\Program Files\Nitro PDF\Professional\RemoveOldAddins.vbs"

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\system32\tsccvid.dll (TechSmith Corporation)

Last edited by silverb on 5th April 2011, 6:57 pm; edited 5 times in total

descriptionSolvedRe: My PC is infected with XP Security 2011

more_horiz
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 07:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/04 23:40:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/04/04 22:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/04 22:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/04 22:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/04 13:36:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2011/04/03 11:07:30 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/04/03 11:07:29 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011/04/03 11:07:29 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011/04/03 11:07:29 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011/04/03 11:07:10 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/04/03 11:07:09 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011/04/03 11:07:09 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011/04/03 11:07:08 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/04/03 11:07:07 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/04/03 11:07:07 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/04/03 11:07:07 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011/04/03 11:07:06 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011/04/03 11:07:05 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011/04/03 11:07:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011/04/03 11:06:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/04/03 11:05:07 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011/04/03 11:05:06 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/04/03 11:05:05 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/04/03 11:05:05 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/04/03 11:05:05 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/04/03 11:05:04 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/04/03 11:05:04 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/04/03 11:05:03 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/04/03 11:05:02 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/04/03 11:05:01 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011/04/03 11:05:00 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/04/03 11:05:00 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/04/03 11:04:59 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/04/03 11:04:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/04/03 11:04:58 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/04/03 11:04:58 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/04/03 11:04:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/04/03 11:04:57 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011/04/03 11:04:56 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/04/03 11:04:56 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/04/03 11:04:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/04/03 11:04:55 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/04/03 11:04:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/04/03 11:04:54 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2011/04/03 11:04:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/04/01 23:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Auralia 3.0 Student Edition
[2011/03/29 23:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Thơ
[2011/03/27 17:07:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 13:41:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-879983540-725345543-1003UA.job
[2011/04/05 13:17:07 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/04/05 13:16:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/05 13:11:40 | 000,010,662 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\o6b3o1nmmnenrt3n4
[2011/04/05 09:49:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 08:09:28 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\tempoperfectShakeIcon.job
[2011/04/05 08:05:07 | 000,012,842 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011/04/05 07:49:34 | 000,435,876 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/05 07:49:34 | 000,068,388 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/05 06:11:30 | 002,704,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/05 06:11:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/05 03:25:26 | 000,013,624 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3450524166
[2011/04/05 03:25:06 | 000,013,620 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3233898997
[2011/04/05 03:23:46 | 000,013,624 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\sns26gx5n4j3fx46a0a60g14b7lq4tq3t6217
[2011/04/05 02:57:46 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.scr
[2011/04/05 02:41:54 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/04/04 23:30:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/04/04 15:14:27 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mayoko.lnk
[2011/04/03 15:41:05 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-879983540-725345543-1003Core.job
[2011/04/03 04:08:24 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/04/01 23:41:02 | 000,001,893 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Auralia 3.0 Student Edition.lnk
[2011/03/28 18:28:27 | 000,217,909 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\language_vn_vbb4.xml
[2011/03/28 15:56:18 | 000,027,027 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hdhp1.jpg
[2011/03/26 23:46:51 | 000,009,654 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\config.php
[2011/03/26 23:46:02 | 000,009,652 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\config.php.bak
[2011/03/26 21:19:17 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\paypal_fixed.xml
[2011/03/23 08:03:32 | 000,040,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\chimquay.jpg
[2011/03/19 22:13:22 | 000,104,900 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\muadong.jpg
[2011/03/17 11:52:34 | 000,098,032 | ---- | M] (Tonec Inc.) -- C:\WINDOWS\System32\drivers\idmtdi.sys
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/05 07:55:22 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\tempoperfectShakeIcon.job
[2011/04/05 07:55:04 | 000,012,842 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011/04/05 07:28:21 | 000,010,662 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\o6b3o1nmmnenrt3n4
[2011/04/05 07:28:21 | 000,010,662 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o6b3o1nmmnenrt3n4
[2011/04/05 07:28:11 | 000,227,725 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ura.exe
[2011/04/05 03:00:07 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.scr
[2011/04/05 02:52:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 02:51:47 | 000,013,624 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3450524166
[2011/04/05 02:44:45 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/04/04 22:40:27 | 000,013,620 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\3233898997
[2011/04/04 22:37:20 | 000,014,594 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011/04/04 22:37:18 | 000,335,872 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ouj.exe
[2011/04/04 15:16:50 | 000,013,624 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\sns26gx5n4j3fx46a0a60g14b7lq4tq3t6217
[2011/04/03 22:36:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/01 23:41:02 | 000,001,893 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Auralia 3.0 Student Edition.lnk
[2011/03/28 18:28:26 | 000,217,909 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\language_vn_vbb4.xml
[2011/03/28 15:56:15 | 000,027,027 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hdhp1.jpg
[2011/03/26 23:46:02 | 000,009,652 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\config.php.bak
[2011/03/26 23:44:41 | 000,009,654 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\config.php
[2011/03/26 21:19:13 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\paypal_fixed.xml
[2011/03/23 08:03:30 | 000,040,483 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\chimquay.jpg
[2011/03/19 22:13:19 | 000,104,900 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\muadong.jpg
[2010/10/26 16:34:18 | 010,462,120 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\lotpro32.exe
[2010/10/14 09:38:00 | 000,102,262 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/06/16 15:15:19 | 000,002,402 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010/02/19 05:16:18 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/12/27 22:45:18 | 037,146,845 | ---- | C] () -- C:\WINDOWS\Microsoft_Office_Templates.exe
[2009/07/27 09:55:39 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe
[2009/07/27 04:59:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/05/29 12:53:49 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/15 23:43:33 | 000,000,531 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/03/04 16:43:28 | 000,508,200 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/11/08 06:13:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2008/11/05 00:01:32 | 000,000,604 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2008/11/05 00:01:32 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008/10/24 15:54:27 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2008/10/06 06:10:30 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\libmcrypt.dll
[2008/10/02 00:39:55 | 000,000,022 | ---- | C] () -- C:\WINDOWS\MathMagic Personal 3.64.INI
[2008/09/26 04:51:23 | 000,000,043 | ---- | C] () -- C:\WINDOWS\Aurora Media Workshop.INI
[2008/09/24 01:11:03 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/09/21 08:16:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2008/09/20 20:43:05 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/17 10:12:06 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2008/09/16 08:40:38 | 000,000,411 | ---- | C] () -- C:\WINDOWS\MagicTranslator.ini
[2008/09/15 12:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/14 23:10:27 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/09/14 23:04:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/09/14 19:11:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/09/14 15:45:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/09/14 12:57:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/14 12:49:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/14 05:40:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/14 05:39:27 | 002,704,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,435,876 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,068,388 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/10/15 04:30:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\intedreg.exe
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== Custom Scans ==========


< >

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/09/14 12:51:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/22 20:24:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/04/05 22:47:09 | 000,016,384 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\key3.db

< %PROGRAMFILES%\*.* >
[2008/10/02 00:39:35 | 000,000,315 | ---- | M] () -- C:\Program Files\setuplog.txt
[2008/11/05 00:01:32 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/15 15:01:23 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/09/14 22:52:24 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/09/14 12:59:21 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007/09/24 09:47:14 | 001,370,624 | ---- | M] (Dreamingsoft, Inc.) -- C:\Documents and Settings\Owner\My Documents\pfDesktop.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/03 22:35:48 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/03 22:35:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/03 22:35:53 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/04/03 22:35:54 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/14 22:52:24 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini
[2010/10/22 12:34:35 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/10/01 20:14:46 | 000,000,453 | ---- | M] () -- C:\Documents and Settings\All Users\Documents.xmp

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/11/02 10:19:37 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008/09/14 05:38:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/09/14 05:38:37 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/14 05:38:37 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2003/07/16 16:24:13 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/07/16 16:25:52 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2003/07/16 16:29:25 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2003/07/16 16:31:42 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2003/07/16 16:31:44 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2003/07/16 16:39:32 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2003/07/16 16:39:33 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2003/07/16 16:39:33 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2003/07/16 16:39:37 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2003/07/16 16:39:38 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 01:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 01:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 01:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 01:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 01:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/12/31 09:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/03/22 20:24:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2011/04/02 12:22:06 | 000,031,878 | ---- | M] () -- C:\asmruntime.log
[2008/09/14 12:51:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/03 18:22:54 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/09/14 12:51:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2009/06/03 16:50:48 | 000,003,954 | ---- | M] () -- C:\ffdata.txt
[2009/06/03 16:47:10 | 000,278,083 | ---- | M] () -- C:\GetUnKey.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/09/14 12:51:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/14 12:51:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/14 21:56:57 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/15 14:51:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/05 13:16:35 | 1340,080,128 | -HS- | M] () -- C:\pagefile.sys
[2011/04/05 03:16:26 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2010/01/11 21:30:11 | 000,000,216 | ---- | M] () -- C:\temp.txt
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008/09/15 20:06:54 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2008/10/01 19:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems
[2010/02/18 00:45:47 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2010/10/15 09:55:25 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/04/06 02:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/08/03 02:11:40 | 000,000,000 | ---D | M] -- C:\Program Files\AFT software
[2010/07/31 03:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Alawar
[2010/01/07 22:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Aleo Software
[2008/09/14 18:45:33 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2008/09/15 15:59:28 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/02/12 02:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\Artisteer 2
[2011/02/12 06:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Artisteer 3
[2008/11/03 16:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2008/09/15 00:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/09/14 15:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2008/09/14 13:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom Management Programs
[2011/02/04 11:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/01/26 09:40:26 | 000,000,000 | ---D | M] -- C:\Program Files\Celemony
[2010/10/13 22:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\Chord Buster
[2011/01/25 06:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\ChordWizard Gold 2.5
[2011/01/24 14:20:46 | 000,000,000 | ---D | M] -- C:\Program Files\ChordWizard Songtrix Gold 3.0
[2011/01/26 10:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/09/21 10:08:05 | 000,000,000 | ---D | M] -- C:\Program Files\Cool Record Edit Pro
[2010/04/05 00:33:09 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2010/12/15 22:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Guitar Tuner 2.3
[2010/10/22 17:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Drumsite demo
[2009/07/29 17:01:49 | 000,000,000 | ---D | M] -- C:\Program Files\EarMaster Pro 5
[2009/04/20 12:49:29 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Button Menu Maker
[2009/12/30 19:01:54 | 000,000,000 | ---D | M] -- C:\Program Files\eBook Edit Pro
[2010/08/16 20:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\EditPlus 3
[2010/06/16 15:15:10 | 000,000,000 | ---D | M] -- C:\Program Files\Elcomsoft
[2009/02/14 06:32:52 | 000,000,000 | ---D | M] -- C:\Program Files\Encore
[2009/07/17 01:08:38 | 000,000,000 | ---D | M] -- C:\Program Files\Finale 2009
[2008/09/15 22:22:25 | 000,000,000 | ---D | M] -- C:\Program Files\Gadwin Systems
[2008/11/15 01:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Garritan
[2010/10/14 05:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\gs
[2009/07/18 13:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\GSM
[2008/09/15 00:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Pro 5
[2011/03/24 08:36:16 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Scales Method
[2011/01/10 23:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Speed Trainer
[2010/01/07 23:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\GVOX
[2010/10/14 09:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/10/07 06:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\IDM Computer Solutions
[2009/07/29 18:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2011/01/26 09:40:26 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/09/14 18:41:26 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/03/26 17:21:21 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Download Manager
[2011/02/10 01:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/01/14 05:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/07/30 07:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/12/26 14:49:41 | 000,000,000 | ---D | M] -- C:\Program Files\LongTailVideo
[2010/12/22 23:56:29 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/26 21:48:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mayoko
[2008/09/21 10:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/09/15 13:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/07/29 04:18:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Expression
[2008/09/14 12:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/12/21 12:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Media
[2008/09/14 23:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/07/26 10:47:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2011/03/18 10:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/09/14 23:33:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/10/23 20:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/07/26 01:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/10/23 20:24:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 15:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/04/03 22:37:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/10/23 20:05:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/09/21 00:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSECACHE
[2008/09/14 12:48:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/09/14 12:48:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/07/28 03:13:40 | 000,000,000 | ---D | M] -- C:\Program Files\MusicLab
[2009/08/12 04:04:37 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/09/15 14:55:19 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/10/14 05:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Neuratron AudioScore Lite
[2010/10/14 05:06:20 | 000,000,000 | ---D | M] -- C:\Program Files\Neuratron PhotoScore Lite
[2009/06/13 22:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2008/09/14 12:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 18:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/11/03 16:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2010/04/17 03:13:54 | 000,000,000 | ---D | M] -- C:\Program Files\Paltalk Messenger
[2010/07/19 15:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\Perfect Uninstaller
[2009/07/29 14:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\Pianoteq 2.2
[2008/11/15 01:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Plogue
[2009/05/30 12:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\Power MIDI to MP3
[2009/12/24 04:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\PowerISO
[2008/09/15 16:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\PuTTY
[2008/09/15 16:00:54 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/12/03 14:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\QwikChord
[2008/10/06 19:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\Rapid CSS 2008
[2010/02/25 03:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\Rapid PHP 2008
[2008/09/15 03:40:20 | 000,000,000 | ---D | M] -- C:\Program Files\RapidTyping
[2008/09/20 01:35:03 | 000,000,000 | ---D | M] -- C:\Program Files\Raxco
[2008/10/23 20:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/07/27 09:56:41 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2010/12/03 15:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Renegade Minds
[2009/04/17 23:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\RhinoSoft.com
[2011/04/01 23:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\Rising Software
[2010/10/22 14:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\Rocket French
[2008/09/14 14:31:16 | 000,000,000 | ---D | M] -- C:\Program Files\Rogers
[2010/10/14 05:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Sibelius Software
[2010/10/18 08:59:44 | 000,000,000 | ---D | M] -- C:\Program Files\Singorama
[2009/02/14 12:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\Sion Software
[2008/09/14 13:28:09 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Modular
[2010/02/21 03:14:11 | 000,000,000 | ---D | M] -- C:\Program Files\Smith Micro
[2010/02/19 18:58:05 | 000,000,000 | ---D | M] -- C:\Program Files\Steinberg
[2008/09/14 18:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/04/05 13:19:25 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2010/02/19 19:58:38 | 000,000,000 | ---D | M] -- C:\Program Files\Syncrosoft
[2010/10/19 15:12:22 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2008/09/16 05:23:04 | 000,000,000 | ---D | M] -- C:\Program Files\TextPad 5
[2008/09/18 23:12:09 | 000,000,000 | ---D | M] -- C:\Program Files\Total Video Converter
[2010/08/08 01:12:00 | 000,000,000 | R--D | M] -- C:\Program Files\TypingMaster
[2011/01/26 09:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\u-he
[2009/03/15 23:43:28 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2010/04/09 15:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2008/09/14 23:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\Vpskeys
[2011/02/15 19:47:30 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2010/10/09 23:07:08 | 000,000,000 | ---D | M] -- C:\Program Files\WashAndGo
[2008/09/23 15:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2010/10/30 17:43:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Lotto Pro 2000
[2011/01/25 06:12:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/04/16 08:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/02/17 01:34:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/10/29 18:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/07/26 10:48:15 | 000,000,000 | ---D | M] -- C:\Program Files\WPF Toolkit
[2011/04/02 12:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\WS_FTP Pro
[2010/02/19 06:01:04 | 000,000,000 | ---D | M] -- C:\Program Files\Xara
[2008/09/14 12:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/04/29 16:17:16 | 000,000,000 | ---D | M] -- C:\Program Files\Xilisoft
[2009/08/06 16:06:58 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2011/02/01 20:51:56 | 000,000,000 | ---D | M] -- C:\Program Files\Your Uninstaller 2010

< %appdata%\*.* >
[2008/09/14 05:40:19 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2010/10/26 16:34:18 | 010,462,120 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\lotpro32.exe


< MD5 for: AGP440.SYS >
[2008/09/14 21:52:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/15 14:41:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/14 21:52:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/15 14:41:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/09/14 21:52:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/15 14:41:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/14 21:52:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/15 14:41:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/16 16:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2008/09/14 21:52:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/15 14:41:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/14 21:52:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/09/15 14:41:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2009/12/20 01:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

Last edited by silverb on 5th April 2011, 6:55 pm; edited 4 times in total

descriptionSolvedRe: My PC is infected with XP Security 2011

more_horiz
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2008/09/14 21:52:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/15 14:41:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/09/14 21:52:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/09/15 14:41:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 02:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-24 07:02:07

========== Files - Unicode (All) ==========
[2011/04/03 04:12:29 | 000,000,256 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Nh?n h?i sao em.txt) -- C:\Documents and Settings\Owner\My Documents\Nhạn hỡi sao em.txt
[2011/04/03 04:12:29 | 000,000,256 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Nh?n h?i sao em.txt) -- C:\Documents and Settings\Owner\My Documents\Nhạn hỡi sao em.txt
[2011/03/29 23:47:44 | 000,000,256 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\s? phôn.txt) -- C:\Documents and Settings\Owner\My Documents\số phôn.txt
[2011/03/28 20:12:23 | 000,005,072 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Mod này di chuy?n h?p smilie du?i khung van b?n.txt) -- C:\Documents and Settings\Owner\My Documents\Mod này di chuyển hộp smilie dưới khung văn bản.txt
[2011/03/28 20:12:23 | 000,005,072 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Mod này di chuy?n h?p smilie du?i khung van b?n.txt) -- C:\Documents and Settings\Owner\My Documents\Mod này di chuyển hộp smilie dưới khung văn bản.txt
[2011/03/26 17:04:25 | 000,000,138 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\T? tuy?t l?nh lùng.txt) -- C:\Documents and Settings\Owner\My Documents\Tợ tuyết lạnh lùng.txt
[2011/03/26 17:04:25 | 000,000,138 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\T? tuy?t l?nh lùng.txt) -- C:\Documents and Settings\Owner\My Documents\Tợ tuyết lạnh lùng.txt
[2011/03/24 23:06:45 | 000,019,592 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Mai Ð?ng.txt) -- C:\Documents and Settings\Owner\My Documents\Mai Đằng.txt
[2011/03/24 23:06:44 | 000,019,592 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Mai Ð?ng.txt) -- C:\Documents and Settings\Owner\My Documents\Mai Đằng.txt
[2011/03/19 02:29:18 | 000,001,576 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\anh làm du?c anh làm di.txt) -- C:\Documents and Settings\Owner\My Documents\anh làm được anh làm đi.txt
[2011/03/19 02:29:18 | 000,001,576 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\anh làm du?c anh làm di.txt) -- C:\Documents and Settings\Owner\My Documents\anh làm được anh làm đi.txt
[2011/03/19 02:28:33 | 000,002,662 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Em d?i on anh.txt) -- C:\Documents and Settings\Owner\My Documents\Em đội ơn anh.txt
[2011/03/19 02:28:33 | 000,002,662 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Em d?i on anh.txt) -- C:\Documents and Settings\Owner\My Documents\Em đội ơn anh.txt
[2011/03/18 03:08:31 | 000,004,674 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\R?ng Ca.txt) -- C:\Documents and Settings\Owner\My Documents\Rừng Ca.txt
[2011/03/18 03:08:31 | 000,004,674 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\R?ng Ca.txt) -- C:\Documents and Settings\Owner\My Documents\Rừng Ca.txt
[2011/03/18 00:57:20 | 000,001,284 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ch?t Ti?t sinh B?t Di?t.txt) -- C:\Documents and Settings\Owner\My Documents\Chết Tiệt sinh Bất Diệt.txt
[2011/03/18 00:57:20 | 000,001,284 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ch?t Ti?t sinh B?t Di?t.txt) -- C:\Documents and Settings\Owner\My Documents\Chết Tiệt sinh Bất Diệt.txt
[2011/03/17 03:14:02 | 000,000,540 | ---- | M] ()(C:\Documents and Settings\Owner\Desktop\Gió th?i tuy?t roi.txt) -- C:\Documents and Settings\Owner\Desktop\Gió thổi tuyết rơi.txt
[2011/03/16 08:56:46 | 000,026,077 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Thua anh ch?.docx) -- C:\Documents and Settings\Owner\My Documents\Thưa anh chị.docx
[2011/03/16 08:56:41 | 000,026,077 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Thua anh ch?.docx) -- C:\Documents and Settings\Owner\My Documents\Thưa anh chị.docx
[2011/03/14 13:25:44 | 000,000,540 | ---- | C] ()(C:\Documents and Settings\Owner\Desktop\Gió th?i tuy?t roi.txt) -- C:\Documents and Settings\Owner\Desktop\Gió thổi tuyết rơi.txt
[2011/03/14 07:26:02 | 000,001,394 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ta giã t? ta.txt) -- C:\Documents and Settings\Owner\My Documents\Ta giã từ ta.txt
[2011/03/12 07:40:47 | 000,001,394 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ta giã t? ta.txt) -- C:\Documents and Settings\Owner\My Documents\Ta giã từ ta.txt
[2011/03/12 00:39:22 | 000,016,544 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\HOÀNG H?C LÂU.txt) -- C:\Documents and Settings\Owner\My Documents\HOÀNG HẠC LÂU.txt
[2011/03/12 00:37:42 | 000,016,544 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\HOÀNG H?C LÂU.txt) -- C:\Documents and Settings\Owner\My Documents\HOÀNG HẠC LÂU.txt
[2011/03/10 09:11:58 | 000,003,924 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\K? này chính em dã t? gi?t em.txt) -- C:\Documents and Settings\Owner\My Documents\Kỳ này chính em đã tự giết em.txt
[2011/03/10 09:11:46 | 000,003,924 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\K? này chính em dã t? gi?t em.txt) -- C:\Documents and Settings\Owner\My Documents\Kỳ này chính em đã tự giết em.txt
[2011/03/10 08:07:56 | 000,067,454 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Last PM v? chuy?n này.docx) -- C:\Documents and Settings\Owner\My Documents\Last PM về chuyện này.docx
[2011/03/10 08:07:55 | 000,067,454 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Last PM v? chuy?n này.docx) -- C:\Documents and Settings\Owner\My Documents\Last PM về chuyện này.docx
[2011/03/06 20:18:09 | 000,001,070 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\HÐHP là SU M?U.txt) -- C:\Documents and Settings\Owner\My Documents\HĐHP là SƯ MẪU.txt
[2011/03/06 20:18:08 | 000,001,070 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\HÐHP là SU M?U.txt) -- C:\Documents and Settings\Owner\My Documents\HĐHP là SƯ MẪU.txt
[2011/03/03 06:00:46 | 000,003,698 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Anh không mu?n c?i v?i em.txt) -- C:\Documents and Settings\Owner\My Documents\Anh không muốn cải với em.txt
[2011/03/03 06:00:46 | 000,003,698 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Anh không mu?n c?i v?i em.txt) -- C:\Documents and Settings\Owner\My Documents\Anh không muốn cải với em.txt
[2011/02/23 06:44:12 | 000,000,844 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\giao hoan tâm h?n.txt) -- C:\Documents and Settings\Owner\My Documents\giao hoan tâm hồn.txt
[2011/02/23 06:44:12 | 000,000,844 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\giao hoan tâm h?n.txt) -- C:\Documents and Settings\Owner\My Documents\giao hoan tâm hồn.txt
[2011/02/23 00:34:32 | 000,010,944 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Vì sao l?i quên di can cu?c c?a Ngu?i T? N?n C?ng S?n.txt) -- C:\Documents and Settings\Owner\My Documents\Vì sao lại quên đi căn cước của Người Tỵ Nạn Cộng Sản.txt
[2011/02/23 00:34:32 | 000,010,944 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Vì sao l?i quên di can cu?c c?a Ngu?i T? N?n C?ng S?n.txt) -- C:\Documents and Settings\Owner\My Documents\Vì sao lại quên đi căn cước của Người Tỵ Nạn Cộng Sản.txt
[2011/02/16 19:38:03 | 000,001,238 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\L?i Cho Tình Nhân.txt) -- C:\Documents and Settings\Owner\My Documents\Lời Cho Tình Nhân.txt
[2011/02/15 19:21:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\C?p_H?) -- C:\Documents and Settings\Owner\My Documents\Cọp_Hỗ
[2011/02/15 18:57:32 | 000,001,238 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\L?i Cho Tình Nhân.txt) -- C:\Documents and Settings\Owner\My Documents\Lời Cho Tình Nhân.txt
[2011/02/12 04:59:23 | 000,018,391 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Gi?t k? dua tin d? b?o v? bí m?t.docx) -- C:\Documents and Settings\Owner\My Documents\Giết kẻ đưa tin để bảo vệ bí mật.docx
[2011/02/12 04:59:22 | 000,018,391 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Gi?t k? dua tin d? b?o v? bí m?t.docx) -- C:\Documents and Settings\Owner\My Documents\Giết kẻ đưa tin để bảo vệ bí mật.docx
[2011/02/11 22:01:29 | 000,009,516 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\M?t Blog du?c mua v?i giá 315 tri?u USD.txt) -- C:\Documents and Settings\Owner\My Documents\Một Blog được mua với giá 315 triệu USD.txt
[2011/02/11 22:01:29 | 000,009,516 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\M?t Blog du?c mua v?i giá 315 tri?u USD.txt) -- C:\Documents and Settings\Owner\My Documents\Một Blog được mua với giá 315 triệu USD.txt
[2011/02/08 22:42:22 | 000,056,855 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ti?ng ?nh Uong Bu?n.docx) -- C:\Documents and Settings\Owner\My Documents\Tiếng Ễnh Ương Buồn.docx
[2011/02/08 22:42:20 | 000,056,855 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ti?ng ?nh Uong Bu?n.docx) -- C:\Documents and Settings\Owner\My Documents\Tiếng Ễnh Ương Buồn.docx
[2011/02/08 13:00:03 | 000,058,683 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\CHÍNH TR? HAY T? THI?N.docx) -- C:\Documents and Settings\Owner\My Documents\CHÍNH TRỊ HAY TỪ THIỆN.docx
[2011/02/08 13:00:02 | 000,058,683 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\CHÍNH TR? HAY T? THI?N.docx) -- C:\Documents and Settings\Owner\My Documents\CHÍNH TRỊ HAY TỪ THIỆN.docx
[2011/02/05 23:01:14 | 000,134,304 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Paris 3 ngày tru?c khi Saigon th?t th? 30.docx) -- C:\Documents and Settings\Owner\My Documents\Paris 3 ngày trước khi Saigon thất thủ 30.docx
[2011/02/05 23:01:12 | 000,134,304 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Paris 3 ngày tru?c khi Saigon th?t th? 30.docx) -- C:\Documents and Settings\Owner\My Documents\Paris 3 ngày trước khi Saigon thất thủ 30.docx
[2011/02/04 11:16:27 | 000,000,588 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Vùng Lên Con Cháu L?c H?ng.txt) -- C:\Documents and Settings\Owner\My Documents\Vùng Lên Con Cháu Lạc Hồng.txt
[2011/02/04 11:16:25 | 000,000,588 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Vùng Lên Con Cháu L?c H?ng.txt) -- C:\Documents and Settings\Owner\My Documents\Vùng Lên Con Cháu Lạc Hồng.txt
[2011/02/03 19:15:14 | 000,026,668 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Không Th? Có Hai Ng?n C? T?i H?i Ngo?i.txt) -- C:\Documents and Settings\Owner\My Documents\Không Thể Có Hai Ngọn Cờ Tại Hải Ngoại.txt
[2011/02/03 19:15:13 | 000,026,668 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Không Th? Có Hai Ng?n C? T?i H?i Ngo?i.txt) -- C:\Documents and Settings\Owner\My Documents\Không Thể Có Hai Ngọn Cờ Tại Hải Ngoại.txt
[2011/02/03 19:14:40 | 000,037,218 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ch? d? c?ng s?n Vi?t Nam s? còn kéo dài t?i bao gi?.txt) -- C:\Documents and Settings\Owner\My Documents\Chế độ cộng sản Việt Nam sẽ còn kéo dài tới bao giờ.txt
[2011/02/03 19:14:37 | 000,037,218 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ch? d? c?ng s?n Vi?t Nam s? còn kéo dài t?i bao gi?.txt) -- C:\Documents and Settings\Owner\My Documents\Chế độ cộng sản Việt Nam sẽ còn kéo dài tới bao giờ.txt
[2011/01/29 20:00:59 | 000,067,868 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\tình c?m gi?a hai loài an th?t v?i nhau có khác v?i thu?ng tình.docx) -- C:\Documents and Settings\Owner\My Documents\tình cảm giữa hai loài ăn thịt với nhau có khác với thường tình.docx
[2011/01/29 20:00:58 | 000,067,868 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\tình c?m gi?a hai loài an th?t v?i nhau có khác v?i thu?ng tình.docx) -- C:\Documents and Settings\Owner\My Documents\tình cảm giữa hai loài ăn thịt với nhau có khác với thường tình.docx
[2011/01/23 04:00:28 | 000,029,510 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Nhân d?c m?t bài vi?t c?a Bs Vu Ng?c T?n CHÍNH TR? HAY T? THI?N.docx) -- C:\Documents and Settings\Owner\My Documents\Nhân đọc một bài viết của Bs Vũ Ngọc Tấn CHÍNH TRỊ HAY TỪ THIỆN.docx
[2011/01/23 04:00:27 | 000,029,510 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Nhân d?c m?t bài vi?t c?a Bs Vu Ng?c T?n CHÍNH TR? HAY T? THI?N.docx) -- C:\Documents and Settings\Owner\My Documents\Nhân đọc một bài viết của Bs Vũ Ngọc Tấn CHÍNH TRỊ HAY TỪ THIỆN.docx
[2011/01/22 19:44:15 | 000,041,669 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Kh? Ác Vi Thi?n.docx) -- C:\Documents and Settings\Owner\My Documents\Khử Ác Vi Thiện.docx
[2011/01/22 19:44:14 | 000,041,669 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Kh? Ác Vi Thi?n.docx) -- C:\Documents and Settings\Owner\My Documents\Khử Ác Vi Thiện.docx
[2010/07/31 16:30:45 | 000,002,726 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Hu?ng d?n cách crack game Little Bombers.txt) -- C:\Documents and Settings\Owner\My Documents\Hướng dẫn cách crack game Little Bombers.txt
[2010/07/31 16:30:45 | 000,002,726 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Hu?ng d?n cách crack game Little Bombers.txt) -- C:\Documents and Settings\Owner\My Documents\Hướng dẫn cách crack game Little Bombers.txt
[2010/07/25 21:51:19 | 000,056,624 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Cái Tôi trong công cu?c tranh d?u ch?ng C?ng s?n VN.txt) -- C:\Documents and Settings\Owner\My Documents\Cái Tôi trong công cuộc tranh đấu chống Cộng sản VN.txt
[2010/07/25 07:21:16 | 000,056,624 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Cái Tôi trong công cu?c tranh d?u ch?ng C?ng s?n VN.txt) -- C:\Documents and Settings\Owner\My Documents\Cái Tôi trong công cuộc tranh đấu chống Cộng sản VN.txt
[2010/07/24 11:27:46 | 000,001,584 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Khi?m Khuy?t.txt) -- C:\Documents and Settings\Owner\My Documents\Khiếm Khuyết.txt
[2010/07/24 11:27:46 | 000,001,584 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Khi?m Khuy?t.txt) -- C:\Documents and Settings\Owner\My Documents\Khiếm Khuyết.txt
[2010/07/16 20:44:39 | 000,000,130 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Hôm nay bên ?y th? nào.txt) -- C:\Documents and Settings\Owner\My Documents\Hôm nay bên ấy thế nào.txt
[2010/07/16 20:44:39 | 000,000,130 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Hôm nay bên ?y th? nào.txt) -- C:\Documents and Settings\Owner\My Documents\Hôm nay bên ấy thế nào.txt
[2010/07/16 20:44:08 | 000,038,240 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Chúng ta dang ? trong giai do?n h?u C?ng S?n.txt) -- C:\Documents and Settings\Owner\My Documents\Chúng ta đang ở trong giai đoạn hậu Cộng Sản.txt
[2010/07/16 20:44:08 | 000,038,240 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Chúng ta dang ? trong giai do?n h?u C?ng S?n.txt) -- C:\Documents and Settings\Owner\My Documents\Chúng ta đang ở trong giai đoạn hậu Cộng Sản.txt
[2010/07/16 20:43:24 | 000,037,006 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Tình c?m và ch? d?ng nào cho c? vàng.txt) -- C:\Documents and Settings\Owner\My Documents\Tình cảm và chỗ đứng nào cho cờ vàng.txt
[2010/07/16 20:43:24 | 000,037,006 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Tình c?m và ch? d?ng nào cho c? vàng.txt) -- C:\Documents and Settings\Owner\My Documents\Tình cảm và chỗ đứng nào cho cờ vàng.txt
[2010/07/13 23:22:22 | 000,232,197 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\CU?C CHI?N TRANH 3.docx) -- C:\Documents and Settings\Owner\My Documents\CUỘC CHIẾN TRANH 3.docx
[2010/07/13 23:22:19 | 000,232,197 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\CU?C CHI?N TRANH 3.docx) -- C:\Documents and Settings\Owner\My Documents\CUỘC CHIẾN TRANH 3.docx
[2010/07/13 23:17:44 | 000,218,826 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\CU?C CHI?N TRANH 2.docx) -- C:\Documents and Settings\Owner\My Documents\CUỘC CHIẾN TRANH 2.docx
[2010/07/13 23:17:41 | 000,218,826 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\CU?C CHI?N TRANH 2.docx) -- C:\Documents and Settings\Owner\My Documents\CUỘC CHIẾN TRANH 2.docx
[2010/07/13 23:07:20 | 000,208,845 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\CU?C CHI?N TRANH 1.docx) -- C:\Documents and Settings\Owner\My Documents\CUỘC CHIẾN TRANH 1.docx
[2010/07/13 23:07:17 | 000,208,845 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\CU?C CHI?N TRANH 1.docx) -- C:\Documents and Settings\Owner\My Documents\CUỘC CHIẾN TRANH 1.docx
[2010/07/13 16:09:22 | 000,271,507 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Bí m?t xác u?p c? d?i du?c phoi bày.docx) -- C:\Documents and Settings\Owner\My Documents\Bí mật xác ướp cổ đại được phơi bày.docx
[2010/07/13 16:09:20 | 000,271,507 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Bí m?t xác u?p c? d?i du?c phoi bày.docx) -- C:\Documents and Settings\Owner\My Documents\Bí mật xác ướp cổ đại được phơi bày.docx
[2010/07/11 00:23:50 | 000,006,986 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Giá tr? dinh du?ng c?a chu?i.txt) -- C:\Documents and Settings\Owner\My Documents\Giá trị dinh dưỡng của chuối.txt
[2010/07/11 00:23:49 | 000,006,986 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Giá tr? dinh du?ng c?a chu?i.txt) -- C:\Documents and Settings\Owner\My Documents\Giá trị dinh dưỡng của chuối.txt
[2010/07/10 20:58:42 | 000,017,500 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ð?nh M?nh, Duyên S? và Th?i V?n.txt) -- C:\Documents and Settings\Owner\My Documents\Định Mệnh, Duyên Số và Thời Vận.txt
[2010/07/10 19:38:21 | 000,001,254 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Qu? Báo Nhãn Ti?n.txt) -- C:\Documents and Settings\Owner\My Documents\Quả Báo Nhãn Tiền.txt
[2010/07/10 19:38:21 | 000,001,254 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Qu? Báo Nhãn Ti?n.txt) -- C:\Documents and Settings\Owner\My Documents\Quả Báo Nhãn Tiền.txt
[2010/07/05 11:32:50 | 000,073,942 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Phê bình van h?c là gì.txt) -- C:\Documents and Settings\Owner\My Documents\Phê bình văn học là gì.txt
[2010/07/05 11:32:50 | 000,073,942 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Phê bình van h?c là gì.txt) -- C:\Documents and Settings\Owner\My Documents\Phê bình văn học là gì.txt
[2010/07/05 09:39:10 | 000,022,822 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Khi van nhân bu?c vào ch? van.txt) -- C:\Documents and Settings\Owner\My Documents\Khi văn nhân bước vào chợ văn.txt
[2010/07/05 09:39:10 | 000,022,822 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Khi van nhân bu?c vào ch? van.txt) -- C:\Documents and Settings\Owner\My Documents\Khi văn nhân bước vào chợ văn.txt
[2010/07/05 09:37:40 | 000,074,364 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Suy ng?m khi d?c Ngày long tr?i dêm l? d?t.txt) -- C:\Documents and Settings\Owner\My Documents\Suy ngẫm khi đọc Ngày long trời đêm lở đất.txt
[2010/07/05 09:37:40 | 000,074,364 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Suy ng?m khi d?c Ngày long tr?i dêm l? d?t.txt) -- C:\Documents and Settings\Owner\My Documents\Suy ngẫm khi đọc Ngày long trời đêm lở đất.txt
[2010/07/05 03:15:27 | 000,009,742 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ð?i Ng?u trong Tho Ðu?ng lu?.txt) -- C:\Documents and Settings\Owner\My Documents\Đối Ngẫu trong Thơ Đường luậ.txt
[2010/07/05 03:15:27 | 000,009,742 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ð?i Ng?u trong Tho Ðu?ng lu?.txt) -- C:\Documents and Settings\Owner\My Documents\Đối Ngẫu trong Thơ Đường luậ.txt
[2010/07/05 03:05:01 | 000,012,962 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Lu?t Ðu?ng Thi.txt) -- C:\Documents and Settings\Owner\My Documents\Luật Đường Thi.txt
[2010/07/05 03:05:01 | 000,012,962 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Lu?t Ðu?ng Thi.txt) -- C:\Documents and Settings\Owner\My Documents\Luật Đường Thi.txt
[2010/07/05 02:57:36 | 000,023,374 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Thi Pháp Tho Ðu?ng.txt) -- C:\Documents and Settings\Owner\My Documents\Thi Pháp Thơ Ðường.txt
[2010/07/05 02:57:36 | 000,023,374 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Thi Pháp Tho Ðu?ng.txt) -- C:\Documents and Settings\Owner\My Documents\Thi Pháp Thơ Ðường.txt
[2010/07/04 09:48:57 | 000,002,244 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Cá Ð?.txt) -- C:\Documents and Settings\Owner\My Documents\Cá Độ.txt
[2010/07/04 09:48:57 | 000,002,244 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Cá Ð?.txt) -- C:\Documents and Settings\Owner\My Documents\Cá Độ.txt
[2010/07/04 09:25:19 | 000,006,628 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Chúa Giêsu không có b? dóng dinh trên cây Thánh giá.txt) -- C:\Documents and Settings\Owner\My Documents\Chúa Giêsu không có bị đóng đinh trên cây Thánh giá.txt
[2010/07/04 09:25:18 | 000,006,628 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Chúa Giêsu không có b? dóng dinh trên cây Thánh giá.txt) -- C:\Documents and Settings\Owner\My Documents\Chúa Giêsu không có bị đóng đinh trên cây Thánh giá.txt
[2010/07/03 09:07:36 | 000,086,802 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\D?a vào Hoa K? nên hay không nên.txt) -- C:\Documents and Settings\Owner\My Documents\Dựa vào Hoa Kỳ nên hay không nên.txt
[2010/07/03 09:07:36 | 000,086,802 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\D?a vào Hoa K? nên hay không nên.txt) -- C:\Documents and Settings\Owner\My Documents\Dựa vào Hoa Kỳ nên hay không nên.txt
[2010/07/03 08:27:03 | 000,471,407 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Trung Qu?c chu?n b? di?t vong.docx) -- C:\Documents and Settings\Owner\My Documents\Trung Quốc chuẩn bị diệt vong.docx
[2010/07/03 08:27:01 | 000,471,407 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Trung Qu?c chu?n b? di?t vong.docx) -- C:\Documents and Settings\Owner\My Documents\Trung Quốc chuẩn bị diệt vong.docx
[2010/07/02 04:43:45 | 000,050,024 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ho Chi Minh A Life M?t s?n ph?m l?n ki?p.txt) -- C:\Documents and Settings\Owner\My Documents\Ho Chi Minh A Life Một sản phẩm lộn kiếp.txt
[2010/07/02 04:43:45 | 000,050,024 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ho Chi Minh A Life M?t s?n ph?m l?n ki?p.txt) -- C:\Documents and Settings\Owner\My Documents\Ho Chi Minh A Life Một sản phẩm lộn kiếp.txt
[2010/06/29 09:18:04 | 000,000,330 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Nói hay Im L?ng.txt) -- C:\Documents and Settings\Owner\My Documents\Nói hay Im Lặng.txt
[2010/06/29 09:18:04 | 000,000,330 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Nói hay Im L?ng.txt) -- C:\Documents and Settings\Owner\My Documents\Nói hay Im Lặng.txt
[2010/06/28 04:41:06 | 000,024,084 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Con Ngu?i và Cái Ch?t c?a Tu?ng Lê Van Hung.txt) -- C:\Documents and Settings\Owner\My Documents\Con Người và Cái Chết của Tướng Lê Văn Hưng.txt
[2010/06/28 04:41:06 | 000,024,084 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Con Ngu?i và Cái Ch?t c?a Tu?ng Lê Van Hung.txt) -- C:\Documents and Settings\Owner\My Documents\Con Người và Cái Chết của Tướng Lê Văn Hưng.txt
[2010/06/28 04:38:35 | 000,084,954 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ai Gi?t Ð?c Th?y Hu?nh Phú S?.txt) -- C:\Documents and Settings\Owner\My Documents\Ai Giết Đức Thầy Huỳnh Phú Sổ.txt
[2010/06/28 04:38:35 | 000,084,954 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ai Gi?t Ð?c Th?y Hu?nh Phú S?.txt) -- C:\Documents and Settings\Owner\My Documents\Ai Giết Đức Thầy Huỳnh Phú Sổ.txt
[2010/06/27 07:08:46 | 000,081,116 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\DÒNG MÁU DÂN T?C THI?U S? TRONG CON NGU?I H? CHÍ MINH.txt) -- C:\Documents and Settings\Owner\My Documents\DÒNG MÁU DÂN TỘC THIỂU SỐ TRONG CON NGƯỜI HỒ CHÍ MINH.txt
[2010/06/27 07:08:46 | 000,081,116 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\DÒNG MÁU DÂN T?C THI?U S? TRONG CON NGU?I H? CHÍ MINH.txt) -- C:\Documents and Settings\Owner\My Documents\DÒNG MÁU DÂN TỘC THIỂU SỐ TRONG CON NGƯỜI HỒ CHÍ MINH.txt
[2010/06/25 02:06:15 | 000,017,500 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ð?nh M?nh, Duyên S? và Th?i V?n.txt) -- C:\Documents and Settings\Owner\My Documents\Định Mệnh, Duyên Số và Thời Vận.txt
[2010/06/25 02:05:54 | 000,023,524 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Khúc Xuong Su?n & Tôi.txt) -- C:\Documents and Settings\Owner\My Documents\Khúc Xương Sườn & Tôi.txt
[2010/06/25 02:05:54 | 000,023,524 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Khúc Xuong Su?n & Tôi.txt) -- C:\Documents and Settings\Owner\My Documents\Khúc Xương Sườn & Tôi.txt
[2010/06/25 01:44:18 | 000,016,466 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Tình Yêu và H?nh Phúc - Lý L?c Long - Hoàng Tu?n di?n d?c.txt) -- C:\Documents and Settings\Owner\My Documents\Tình Yêu và Hạnh Phúc - Lý Lạc Long - Hoàng Tuấn diễn đọc.txt
[2010/06/25 01:44:18 | 000,016,466 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Tình Yêu và H?nh Phúc - Lý L?c Long - Hoàng Tu?n di?n d?c.txt) -- C:\Documents and Settings\Owner\My Documents\Tình Yêu và Hạnh Phúc - Lý Lạc Long - Hoàng Tuấn diễn đọc.txt
[2010/06/24 03:10:18 | 000,003,010 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\?i Ti?n Si Oi Là Ti?n Si !.txt) -- C:\Documents and Settings\Owner\My Documents\Ối Tiến Sĩ Ơi Là Tiến Sĩ !.txt
[2010/06/24 03:10:18 | 000,003,010 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\?i Ti?n Si Oi Là Ti?n Si !.txt) -- C:\Documents and Settings\Owner\My Documents\Ối Tiến Sĩ Ơi Là Tiến Sĩ !.txt
[2010/06/19 20:52:32 | 000,015,100 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ð?o Ð?c C?a Ký Gi? Chuyên Nghi?p Hoa K?.txt) -- C:\Documents and Settings\Owner\My Documents\Đạo Đức Của Ký Giả Chuyên Nghiệp Hoa Kỳ.txt
[2010/06/19 20:52:32 | 000,015,100 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ð?o Ð?c C?a Ký Gi? Chuyên Nghi?p Hoa K?.txt) -- C:\Documents and Settings\Owner\My Documents\Đạo Đức Của Ký Giả Chuyên Nghiệp Hoa Kỳ.txt
[2010/06/18 16:52:29 | 000,040,998 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\L?T T?Y NH?NG NHÀ VAN, NHÀ BÁO LÀM L?I CHO VI?T C?NG.txt) -- C:\Documents and Settings\Owner\My Documents\LẬT TẨY NHỮNG NHÀ VĂN, NHÀ BÁO LÀM LỢI CHO VIỆT CỘNG.txt
[2010/06/18 16:52:29 | 000,040,998 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\L?T T?Y NH?NG NHÀ VAN, NHÀ BÁO LÀM L?I CHO VI?T C?NG.txt) -- C:\Documents and Settings\Owner\My Documents\LẬT TẨY NHỮNG NHÀ VĂN, NHÀ BÁO LÀM LỢI CHO VIỆT CỘNG.txt
[2010/06/16 06:41:14 | 000,074,662 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\THU NG? KÍNH G?I ÔNG NGUY?N HU? CHI V? V? KI?N WILLIAM JOINER CENTER.txt) -- C:\Documents and Settings\Owner\My Documents\THƯ NGỎ KÍNH GỬI ÔNG NGUYỄN HUỆ CHI VỀ VỤ KIỆN WILLIAM JOINER CENTER.txt
[2010/06/16 06:41:14 | 000,074,662 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\THU NG? KÍNH G?I ÔNG NGUY?N HU? CHI V? V? KI?N WILLIAM JOINER CENTER.txt) -- C:\Documents and Settings\Owner\My Documents\THƯ NGỎ KÍNH GỬI ÔNG NGUYỄN HUỆ CHI VỀ VỤ KIỆN WILLIAM JOINER CENTER.txt
[2010/06/16 03:10:47 | 000,055,506 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Van hóa M?c t?n.txt) -- C:\Documents and Settings\Owner\My Documents\Văn hóa Mộc tồn.txt
[2010/06/16 03:10:47 | 000,055,506 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Van hóa M?c t?n.txt) -- C:\Documents and Settings\Owner\My Documents\Văn hóa Mộc tồn.txt
[2010/06/16 03:09:43 | 000,064,918 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\T? “GIAO ÐI?M” Ð?N CH? ÐI?M.txt) -- C:\Documents and Settings\Owner\My Documents\TỪ “GIAO ĐIỂM” ĐẾN CHỈ ĐIỂM.txt
[2010/06/16 03:09:43 | 000,064,918 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\T? “GIAO ÐI?M” Ð?N CH? ÐI?M.txt) -- C:\Documents and Settings\Owner\My Documents\TỪ “GIAO ĐIỂM” ĐẾN CHỈ ĐIỂM.txt
[2010/06/15 04:57:53 | 000,020,866 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\UNESCO không ra quy?t-ngh?.txt) -- C:\Documents and Settings\Owner\My Documents\UNESCO không ra quyết-nghị.txt
[2010/06/15 04:57:53 | 000,020,866 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\UNESCO không ra quy?t-ngh?.txt) -- C:\Documents and Settings\Owner\My Documents\UNESCO không ra quyết-nghị.txt
[2010/06/15 04:55:24 | 000,019,656 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\UNESCO ph? nh?n H? Chí Minh là nhà van hóa th? gi?i.txt) -- C:\Documents and Settings\Owner\My Documents\UNESCO phủ nhận Hồ Chí Minh là nhà văn hóa thế giới.txt
[2010/06/15 04:55:24 | 000,019,656 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\UNESCO ph? nh?n H? Chí Minh là nhà van hóa th? gi?i.txt) -- C:\Documents and Settings\Owner\My Documents\UNESCO phủ nhận Hồ Chí Minh là nhà văn hóa thế giới.txt
[2010/06/15 04:52:43 | 000,015,870 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ð?ng CSVN khui l?i v? án Ôn Nhu H?u 1946.txt) -- C:\Documents and Settings\Owner\My Documents\Đảng CSVN khui lại vụ án Ôn Như Hầu 1946.txt
[2010/06/15 04:52:43 | 000,015,870 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ð?ng CSVN khui l?i v? án Ôn Nhu H?u 1946.txt) -- C:\Documents and Settings\Owner\My Documents\Đảng CSVN khui lại vụ án Ôn Như Hầu 1946.txt
[2010/06/15 04:44:16 | 000,013,524 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Th? chính tr? k? công và ch?p mu.txt) -- C:\Documents and Settings\Owner\My Documents\Thứ chính trị kể công và chụp mũ.txt
[2010/06/15 04:44:16 | 000,013,524 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Th? chính tr? k? công và ch?p mu.txt) -- C:\Documents and Settings\Owner\My Documents\Thứ chính trị kể công và chụp mũ.txt
[2010/06/15 04:37:15 | 000,011,782 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ông Hoàng Minh Chính ph?c ho?t d?ng Dân Ch?.txt) -- C:\Documents and Settings\Owner\My Documents\Ông Hoàng Minh Chính phục hoạt đảng Dân Chủ.txt
[2010/06/15 04:37:15 | 000,011,782 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ông Hoàng Minh Chính ph?c ho?t d?ng Dân Ch?.txt) -- C:\Documents and Settings\Owner\My Documents\Ông Hoàng Minh Chính phục hoạt đảng Dân Chủ.txt
[2010/06/15 04:35:12 | 000,010,446 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Giáo H?i Ph?t Giáo Vi?t Nam Th?ng Nh?t.txt) -- C:\Documents and Settings\Owner\My Documents\Giáo Hội Phật Giáo Việt Nam Thống Nhất.txt
[2010/06/15 04:35:12 | 000,010,446 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Giáo H?i Ph?t Giáo Vi?t Nam Th?ng Nh?t.txt) -- C:\Documents and Settings\Owner\My Documents\Giáo Hội Phật Giáo Việt Nam Thống Nhất.txt
[2010/06/10 15:48:07 | 000,008,444 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Chi?t T?.txt) -- C:\Documents and Settings\Owner\My Documents\Chiết Tự.txt
[2010/06/10 15:48:07 | 000,008,444 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Chi?t T?.txt) -- C:\Documents and Settings\Owner\My Documents\Chiết Tự.txt
[2010/06/09 23:58:07 | 000,034,776 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Th? l?c chính tr? c?a Ph?t giáo ?n Quang.txt) -- C:\Documents and Settings\Owner\My Documents\Thế lực chính trị của Phật giáo Ấn Quang.txt
[2010/06/09 23:58:06 | 000,034,776 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Th? l?c chính tr? c?a Ph?t giáo ?n Quang.txt) -- C:\Documents and Settings\Owner\My Documents\Thế lực chính trị của Phật giáo Ấn Quang.txt
[2010/05/28 17:31:38 | 000,074,632 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\S? khác bi?t gi?a ch? nghia C?ng s?n Châu Âu và Châu Á.txt) -- C:\Documents and Settings\Owner\My Documents\Sự khác biệt giữa chủ nghĩa Cộng sản Châu Âu và Châu Á.txt
[2010/05/28 17:31:37 | 000,074,632 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\S? khác bi?t gi?a ch? nghia C?ng s?n Châu Âu và Châu Á.txt) -- C:\Documents and Settings\Owner\My Documents\Sự khác biệt giữa chủ nghĩa Cộng sản Châu Âu và Châu Á.txt
[2010/05/28 06:05:13 | 000,003,290 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ai g?i HCM là chó d? d?u tiên.txt) -- C:\Documents and Settings\Owner\My Documents\Ai gọi HCM là chó đẻ đầu tiên.txt
[2010/05/28 06:05:13 | 000,003,290 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ai g?i HCM là chó d? d?u tiên.txt) -- C:\Documents and Settings\Owner\My Documents\Ai gọi HCM là chó đẻ đầu tiên.txt
[2010/05/28 02:29:31 | 000,025,872 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ðá mòn nhung d? ch?ng mòn.txt) -- C:\Documents and Settings\Owner\My Documents\Đá mòn nhưng dạ chẳng mòn.txt
[2010/05/28 02:29:31 | 000,025,872 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ðá mòn nhung d? ch?ng mòn.txt) -- C:\Documents and Settings\Owner\My Documents\Đá mòn nhưng dạ chẳng mòn.txt
[2010/05/22 12:46:03 | 000,019,932 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\So lu?c l?ch s? ngu?i Vi?t t? n?n.txt) -- C:\Documents and Settings\Owner\My Documents\Sơ lược lịch sử người Việt tỵ nạn.txt
[2010/05/22 12:46:03 | 000,019,932 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\So lu?c l?ch s? ngu?i Vi?t t? n?n.txt) -- C:\Documents and Settings\Owner\My Documents\Sơ lược lịch sử người Việt tỵ nạn.txt
[2010/05/17 20:00:14 | 000,031,332 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\36 k? c?a Tàu.txt) -- C:\Documents and Settings\Owner\My Documents\36 kế của Tàu.txt
[2010/05/17 20:00:14 | 000,031,332 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\36 k? c?a Tàu.txt) -- C:\Documents and Settings\Owner\My Documents\36 kế của Tàu.txt
[2010/05/12 15:38:24 | 000,063,868 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Truong Van B?n.txt) -- C:\Documents and Settings\Owner\My Documents\Trương Văn Bền.txt
[2010/05/12 15:38:24 | 000,063,868 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Truong Van B?n.txt) -- C:\Documents and Settings\Owner\My Documents\Trương Văn Bền.txt
[2010/05/12 07:08:03 | 000,049,650 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\NH?NG NHÀ PHÚ H? VÀ NGU?I L?NG DANH ? NAM K?.txt) -- C:\Documents and Settings\Owner\My Documents\NHỮNG NHÀ PHÚ HỘ VÀ NGƯỜI LỪNG DANH Ở NAM Kỳ.txt
[2010/05/12 07:08:03 | 000,049,650 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\NH?NG NHÀ PHÚ H? VÀ NGU?I L?NG DANH ? NAM K?.txt) -- C:\Documents and Settings\Owner\My Documents\NHỮNG NHÀ PHÚ HỘ VÀ NGƯỜI LỪNG DANH Ở NAM Kỳ.txt
[2010/05/10 18:29:33 | 000,014,294 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Hello NYN và t?t c?.txt) -- C:\Documents and Settings\Owner\My Documents\Hello NYN và tất cả.txt
[2010/05/10 18:29:33 | 000,014,294 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Hello NYN và t?t c?.txt) -- C:\Documents and Settings\Owner\My Documents\Hello NYN và tất cả.txt
[2010/05/06 09:59:41 | 000,106,364 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Hai ti?ng “cách m?ng” thiêng liêng ?y.txt) -- C:\Documents and Settings\Owner\My Documents\Hai tiếng “cách mạng” thiêng liêng ấy.txt
[2010/05/06 09:59:41 | 000,106,364 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Hai ti?ng “cách m?ng” thiêng liêng ?y.txt) -- C:\Documents and Settings\Owner\My Documents\Hai tiếng “cách mạng” thiêng liêng ấy.txt
[2010/05/05 11:43:06 | 000,182,904 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\S? TH?T V? ÔNG THÍCH ÐÔN H?U.txt) -- C:\Documents and Settings\Owner\My Documents\SỰ THẬT VỀ ÔNG THÍCH ĐÔN HẬU.txt
[2010/05/05 11:43:06 | 000,182,904 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\S? TH?T V? ÔNG THÍCH ÐÔN H?U.txt) -- C:\Documents and Settings\Owner\My Documents\SỰ THẬT VỀ ÔNG THÍCH ĐÔN HẬU.txt
[2010/04/30 21:47:27 | 000,054,418 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\T? Thu Thâu t? Qu?c gia d?n Qu?c t?.txt) -- C:\Documents and Settings\Owner\My Documents\Tạ Thu Thâu từ Quốc gia đến Quốc tế.txt
[2010/04/30 21:47:27 | 000,054,418 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\T? Thu Thâu t? Qu?c gia d?n Qu?c t?.txt) -- C:\Documents and Settings\Owner\My Documents\Tạ Thu Thâu từ Quốc gia đến Quốc tế.txt
[2010/04/28 09:19:45 | 000,490,254 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ðài tu?ng ni?m thuy?n nhân xây ? tr?i t? n?n Bataan.docx) -- C:\Documents and Settings\Owner\My Documents\Đài tưởng niệm thuyền nhân xây ở trại tị nạn Bataan.docx
[2010/04/28 09:19:44 | 000,490,254 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ðài tu?ng ni?m thuy?n nhân xây ? tr?i t? n?n Bataan.docx) -- C:\Documents and Settings\Owner\My Documents\Đài tưởng niệm thuyền nhân xây ở trại tị nạn Bataan.docx
[2010/04/25 14:37:59 | 000,002,224 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Thanh Di?p V?ng c?.txt) -- C:\Documents and Settings\Owner\My Documents\Thanh Diệp Vọng cổ.txt
[2010/04/25 14:37:45 | 000,002,224 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Thanh Di?p V?ng c?.txt) -- C:\Documents and Settings\Owner\My Documents\Thanh Diệp Vọng cổ.txt
[2010/04/21 03:19:55 | 000,113,313 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Tu?ng Nang Ti?n.docx) -- C:\Documents and Settings\Owner\My Documents\Tưởng Năng Tiến.docx
[2010/04/21 03:19:54 | 000,113,313 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Tu?ng Nang Ti?n.docx) -- C:\Documents and Settings\Owner\My Documents\Tưởng Năng Tiến.docx
[2010/04/17 02:30:19 | 047,042,560 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\7- Thu Phu?c g?i 12-7-2009 12 15 AM.doc) -- C:\Documents and Settings\Owner\My Documents\7- Thư Phước gửi 12-7-2009 12 15 AM.doc
[2010/04/17 02:28:59 | 047,042,560 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\7- Thu Phu?c g?i 12-7-2009 12 15 AM.doc) -- C:\Documents and Settings\Owner\My Documents\7- Thư Phước gửi 12-7-2009 12 15 AM.doc
[2010/04/16 15:57:52 | 000,020,349 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Bài vi?t V?n tho?i hcm d?o tho.docx) -- C:\Documents and Settings\Owner\My Documents\Bài viết Vấn thoại hcm đạo thơ.docx
[2010/04/16 15:57:51 | 000,020,349 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Bài vi?t V?n tho?i hcm d?o tho.docx) -- C:\Documents and Settings\Owner\My Documents\Bài viết Vấn thoại hcm đạo thơ.docx
[2010/04/15 00:23:35 | 000,022,230 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Gi?a LIÊN THÀNH và HOÀNG PH? NG?C PHAN.txt) -- C:\Documents and Settings\Owner\My Documents\Giữa LIÊN THÀNH và HOÀNG PHỦ NGỌC PHAN.txt
[2010/04/15 00:23:35 | 000,022,230 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Gi?a LIÊN THÀNH và HOÀNG PH? NG?C PHAN.txt) -- C:\Documents and Settings\Owner\My Documents\Giữa LIÊN THÀNH và HOÀNG PHỦ NGỌC PHAN.txt
[2010/04/14 18:13:33 | 000,041,512 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\DI?N TI?N BI?N Ð?NG MI?N TRUNG.txt) -- C:\Documents and Settings\Owner\My Documents\DIỄN TIẾN BIẾN ĐỘNG MIỀN TRUNG.txt
[2010/04/14 18:13:33 | 000,041,512 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\DI?N TI?N BI?N Ð?NG MI?N TRUNG.txt) -- C:\Documents and Settings\Owner\My Documents\DIỄN TIẾN BIẾN ĐỘNG MIỀN TRUNG.txt
[2010/04/14 18:12:00 | 000,033,394 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\NÓI V?I THI?N SU NH?T H?NH.txt) -- C:\Documents and Settings\Owner\My Documents\NÓI VỚI THIỀN SƯ NHẤT HẠNH.txt
[2010/04/14 18:12:00 | 000,033,394 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\NÓI V?I THI?N SU NH?T H?NH.txt) -- C:\Documents and Settings\Owner\My Documents\NÓI VỚI THIỀN SƯ NHẤT HẠNH.txt
[2010/03/23 22:31:31 | 000,287,298 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Anh Hùng hay Thiên C? T?i Nhân.docx) -- C:\Documents and Settings\Owner\My Documents\Anh Hùng hay Thiên Cổ Tội Nhân.docx
[2010/03/23 22:31:30 | 000,287,298 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Anh Hùng hay Thiên C? T?i Nhân.docx) -- C:\Documents and Settings\Owner\My Documents\Anh Hùng hay Thiên Cổ Tội Nhân.docx
[2010/03/22 04:40:16 | 000,018,418 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\NHÂN DÂN TRÔNG Ð?I GÌ T? NOI NGU?I SI PHU TRÍ TH?C.txt) -- C:\Documents and Settings\Owner\My Documents\NHÂN DÂN TRÔNG ĐỢI GÌ TỪ NƠI NGƯỜI SĨ PHU TRÍ THỨC.txt
[2010/03/22 04:40:16 | 000,018,418 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\NHÂN DÂN TRÔNG Ð?I GÌ T? NOI NGU?I SI PHU TRÍ TH?C.txt) -- C:\Documents and Settings\Owner\My Documents\NHÂN DÂN TRÔNG ĐỢI GÌ TỪ NƠI NGƯỜI SĨ PHU TRÍ THỨC.txt
[2010/03/22 04:31:10 | 000,023,289 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ngày xuân d?c l?i giai tho?i H? Xuân Huong.docx) -- C:\Documents and Settings\Owner\My Documents\Ngày xuân đọc lại giai thoại Hồ Xuân Hương.docx
[2010/03/22 04:31:10 | 000,023,289 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ngày xuân d?c l?i giai tho?i H? Xuân Huong.docx) -- C:\Documents and Settings\Owner\My Documents\Ngày xuân đọc lại giai thoại Hồ Xuân Hương.docx
[2010/03/22 03:58:43 | 000,409,773 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\L?i t? thu?t c?a tác gi? 1 bài tho n?i ti?ng.docx) -- C:\Documents and Settings\Owner\My Documents\Lời tự thuật của tác giả 1 bài thơ nổi tiếng.docx
[2010/03/22 03:58:42 | 000,409,773 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\L?i t? thu?t c?a tác gi? 1 bài tho n?i ti?ng.docx) -- C:\Documents and Settings\Owner\My Documents\Lời tự thuật của tác giả 1 bài thơ nổi tiếng.docx
[2010/02/20 04:39:04 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\Fonts Ch?) -- C:\Documents and Settings\Owner\My Documents\Fonts Chữ
[2010/02/20 04:38:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\Fonts Ch?) -- C:\Documents and Settings\Owner\My Documents\Fonts Chữ
[2010/01/14 04:05:00 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Favorites\Vi?t Nam) -- C:\Documents and Settings\Owner\Favorites\Việt Nam
[2009/12/21 09:38:27 | 000,000,198 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Tr?n gian, tr?i t?m trú.txt) -- C:\Documents and Settings\Owner\My Documents\Trần gian, trại tạm trú.txt
[2009/12/04 00:40:43 | 000,001,862 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\gia tr? t? do -youtube links-.txt) -- C:\Documents and Settings\Owner\My Documents\gia trị tự do -youtube links-.txt
[2009/12/04 00:40:42 | 000,001,862 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\gia tr? t? do -youtube links-.txt) -- C:\Documents and Settings\Owner\My Documents\gia trị tự do -youtube links-.txt
[2009/12/03 23:01:06 | 000,031,488 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ít l?i thanh b?ch.txt) -- C:\Documents and Settings\Owner\My Documents\Ít lời thanh bạch.txt
[2009/12/03 23:01:05 | 000,031,488 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ít l?i thanh b?ch.txt) -- C:\Documents and Settings\Owner\My Documents\Ít lời thanh bạch.txt
[2009/11/30 16:01:52 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\C?p_H?) -- C:\Documents and Settings\Owner\My Documents\Cọp_Hỗ
[2009/11/25 23:49:51 | 000,327,247 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Trí th?c ph?i là ngu?i bi?t ngu?ng.docx) -- C:\Documents and Settings\Owner\My Documents\Trí thức phải là người biết ngượng.docx
[2009/11/25 23:49:49 | 000,327,247 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Trí th?c ph?i là ngu?i bi?t ngu?ng.docx) -- C:\Documents and Settings\Owner\My Documents\Trí thức phải là người biết ngượng.docx
[2009/10/15 00:52:22 | 000,010,076 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Mu?n Hòa Bình- Hãy trao Nobel cho bom nguyên t?!.txt) -- C:\Documents and Settings\Owner\My Documents\Muốn Hòa Bình- Hãy trao Nobel cho bom nguyên tử!.txt
[2009/10/15 00:52:21 | 000,010,076 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Mu?n Hòa Bình- Hãy trao Nobel cho bom nguyên t?!.txt) -- C:\Documents and Settings\Owner\My Documents\Muốn Hòa Bình- Hãy trao Nobel cho bom nguyên tử!.txt
[2009/10/15 00:18:39 | 000,009,900 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\V? ch?ng c?ng c?c doan.txt) -- C:\Documents and Settings\Owner\My Documents\Về chống cộng cực đoan.txt
[2009/10/14 23:09:57 | 000,031,014 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\H?c Vàng Bay M?t.txt) -- C:\Documents and Settings\Owner\My Documents\Hạc Vàng Bay Mất.txt
[2009/10/14 23:09:57 | 000,031,014 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\H?c Vàng Bay M?t.txt) -- C:\Documents and Settings\Owner\My Documents\Hạc Vàng Bay Mất.txt
[2009/10/13 18:26:48 | 000,030,214 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Trí th?c là c?c phân.txt) -- C:\Documents and Settings\Owner\My Documents\Trí thức là cục phân.txt
[2009/10/13 09:01:03 | 000,000,198 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Tr?n gian, tr?i t?m trú.txt) -- C:\Documents and Settings\Owner\My Documents\Trần gian, trại tạm trú.txt
[2009/09/30 16:12:03 | 000,003,586 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Phát hi?n d?u hi?u c?a nu?c trên m?t trang.txt) -- C:\Documents and Settings\Owner\My Documents\Phát hiện dấu hiệu của nước trên mặt trăng.txt
[2009/09/30 16:12:03 | 000,003,586 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Phát hi?n d?u hi?u c?a nu?c trên m?t trang.txt) -- C:\Documents and Settings\Owner\My Documents\Phát hiện dấu hiệu của nước trên mặt trăng.txt
[2009/09/29 22:02:39 | 000,000,256 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\s? phôn.txt) -- C:\Documents and Settings\Owner\My Documents\số phôn.txt
[2009/09/23 23:28:44 | 000,008,178 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Trí th?c là gì.txt) -- C:\Documents and Settings\Owner\My Documents\Trí thức là gì.txt
[2009/09/23 23:28:44 | 000,008,178 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Trí th?c là gì.txt) -- C:\Documents and Settings\Owner\My Documents\Trí thức là gì.txt
[2009/09/23 20:51:55 | 000,030,214 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Trí th?c là c?c phân.txt) -- C:\Documents and Settings\Owner\My Documents\Trí thức là cục phân.txt
[2009/09/22 15:00:20 | 000,035,788 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\V? qu? BOM th? trong Tr?n Long Khánh.txt) -- C:\Documents and Settings\Owner\My Documents\Về quả BOM thả trong Trận Long Khánh.txt
[2009/09/22 15:00:19 | 000,035,788 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\V? qu? BOM th? trong Tr?n Long Khánh.txt) -- C:\Documents and Settings\Owner\My Documents\Về quả BOM thả trong Trận Long Khánh.txt
[2009/09/16 12:23:50 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\Bài v? HCM) -- C:\Documents and Settings\Owner\My Documents\Bài về HCM
[2009/09/16 12:22:41 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\Bài v? HCM) -- C:\Documents and Settings\Owner\My Documents\Bài về HCM
[2009/09/06 20:30:03 | 000,000,724 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Link Nh?c DM cho YP.txt) -- C:\Documents and Settings\Owner\My Documents\Link Nhạc DM cho YP.txt
[2009/09/05 16:09:11 | 000,014,208 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Ti?n Trung.txt) -- C:\Documents and Settings\Owner\My Documents\Tiến Trung.txt
[2009/09/05 16:09:11 | 000,014,208 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Ti?n Trung.txt) -- C:\Documents and Settings\Owner\My Documents\Tiến Trung.txt
[2009/09/02 22:53:15 | 000,021,362 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Vài nh?n xét & phân tích tình hình tru?c m?t.txt) -- C:\Documents and Settings\Owner\My Documents\Vài nhận xét & phân tích tình hình trước mắt.txt
[2009/09/02 22:53:15 | 000,021,362 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Vài nh?n xét & phân tích tình hình tru?c m?t.txt) -- C:\Documents and Settings\Owner\My Documents\Vài nhận xét & phân tích tình hình trước mắt.txt
[2009/09/01 03:57:56 | 000,014,378 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Tru?ng h?p c?a anh Nguy?n Ti?n Trung.txt) -- C:\Documents and Settings\Owner\My Documents\Trường hợp của anh Nguyễn Tiến Trung.txt
[2009/09/01 03:57:56 | 000,014,378 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Tru?ng h?p c?a anh Nguy?n Ti?n Trung.txt) -- C:\Documents and Settings\Owner\My Documents\Trường hợp của anh Nguyễn Tiến Trung.txt
[2009/08/29 12:47:50 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Favorites\Chính Tr?) -- C:\Documents and Settings\Owner\Favorites\Chính Trị
[2009/08/02 01:51:54 | 000,009,900 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\V? ch?ng c?ng c?c doan.txt) -- C:\Documents and Settings\Owner\My Documents\Về chống cộng cực đoan.txt
[2009/07/08 19:35:47 | 000,110,657 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Vi?t Gian Hoàng Duy Hùng dã.docx) -- C:\Documents and Settings\Owner\My Documents\Việt Gian Hoàng Duy Hùng đã.docx
[2009/07/08 19:35:47 | 000,110,657 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Vi?t Gian Hoàng Duy Hùng dã.docx) -- C:\Documents and Settings\Owner\My Documents\Việt Gian Hoàng Duy Hùng đã.docx
[2009/07/07 14:10:27 | 000,000,136 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Có cái di?u này tôi ph?i h?i.txt) -- C:\Documents and Settings\Owner\My Documents\Có cái điều này tôi phải hỏi.txt
[2009/07/07 14:10:27 | 000,000,136 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Có cái di?u này tôi ph?i h?i.txt) -- C:\Documents and Settings\Owner\My Documents\Có cái điều này tôi phải hỏi.txt
[2009/07/07 14:10:11 | 000,000,848 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\T?i sao anh b?t mi?ng tôi.txt) -- C:\Documents and Settings\Owner\My Documents\Tại sao anh bịt miệng tôi.txt
[2009/07/07 14:09:56 | 000,000,848 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\T?i sao anh b?t mi?ng tôi.txt) -- C:\Documents and Settings\Owner\My Documents\Tại sao anh bịt miệng tôi.txt
[2009/06/25 07:58:58 | 000,004,514 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Tru?ng Chinh mu?n làm nô l? Tàu.txt) -- C:\Documents and Settings\Owner\My Documents\Trường Chinh muốn làm nô lệ Tàu.txt
[2009/06/25 07:58:58 | 000,004,514 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Tru?ng Chinh mu?n làm nô l? Tàu.txt) -- C:\Documents and Settings\Owner\My Documents\Trường Chinh muốn làm nô lệ Tàu.txt
[2009/06/13 18:38:58 | 000,000,724 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Link Nh?c DM cho YP.txt) -- C:\Documents and Settings\Owner\My Documents\Link Nhạc DM cho YP.txt
[2009/05/20 05:21:49 | 000,012,140 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\CH? TRUONG T? DO NGÔN LU?N C?A MGP.txt) -- C:\Documents and Settings\Owner\My Documents\CHỦ TRƯƠNG TỰ DO NGÔN LUẬN CỦA MGP.txt
[2009/05/20 05:21:49 | 000,012,140 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\CH? TRUONG T? DO NGÔN LU?N C?A MGP.txt) -- C:\Documents and Settings\Owner\My Documents\CHỦ TRƯƠNG TỰ DO NGÔN LUẬN CỦA MGP.txt
[2009/03/24 12:22:39 | 000,009,280 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\D? LAN.txt) -- C:\Documents and Settings\Owner\My Documents\DẠ LAN.txt
[2009/03/24 12:08:14 | 000,009,280 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\D? LAN.txt) -- C:\Documents and Settings\Owner\My Documents\DẠ LAN.txt
[2009/03/09 01:53:13 | 000,010,188 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\PH?N 1 (LLGKT).txt) -- C:\Documents and Settings\Owner\My Documents\PHẦN 1 (LLGKT).txt
[2009/03/09 01:53:13 | 000,010,188 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\PH?N 1 (LLGKT).txt) -- C:\Documents and Settings\Owner\My Documents\PHẦN 1 (LLGKT).txt
[2009/03/03 17:28:41 | 000,004,896 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Gi?i dáp Bi.txt) -- C:\Documents and Settings\Owner\My Documents\Giải đáp Bi.txt
[2009/03/03 17:28:41 | 000,004,896 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Gi?i dáp Bi.txt) -- C:\Documents and Settings\Owner\My Documents\Giải đáp Bi.txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 263 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F8C9007
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08948D52

< End of report >

Last edited by silverb on 5th April 2011, 6:53 pm; edited 1 time in total

descriptionSolvedRe: My PC is infected with XP Security 2011

more_horiz
OTL Extras logfile created on: 4/5/2011 2:12:09 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 54.40 Gb Free Space | 36.50% Space Free | Partition Type: NTFS
Drive D: | 533.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DADCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ura.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- "C:\Documents and Settings\Owner\Local Settings\Application Data\njd.exe" -a "%1" %*
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ura.exe" -a "%1" %* ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1031:TCP" = 1031:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\WS_FTP Pro\wsftpgui.exe" = C:\Program Files\WS_FTP Pro\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Lotto Pro 2000\proupdt.exe" = C:\Program Files\Windows Lotto Pro 2000\proupdt.exe:*:Disabled:proupdt -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A9FEB03-7039-4600-878A-D3736F4A9531}" = Mayoko
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1864B4F0-7777-4A57-9930-C2B307597966}" = MusicLab RealGuitar 2.0
"{1CB6F9B8-C4BF-456D-988B-B8903DF303BF}" = QwikChord3
"{1D45405D-B1CF-4AEC-AC09-2D8175CB98DE}" = Desktop Player
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008 Professional
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2E337869-756A-4E46-A936-0E67FE043A5E}" = Melodyne 3.2
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248E093-5288-4CA9-B3AB-11A675FEA1F9}" = Symantec AntiVirus
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4850A271-0188-4AC9-A7F4-2EC586FB0EAC}" = Singorama! Audio
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{53F10B82-537A-4996-8C6F-8B2F62958C0E}" = QSE Level II 2009
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58206080-3E1F-4418-8117-D190FC71BF58}" = RealStrat 1.0
"{5A06BC95-C59E-438D-AA8D-A97690AD628C}" = Encore 5
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.1
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EBE1DB0-8687-43A7-8781-6445E62CAFA5}" = Nitro PDF Professional
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{968ECEB6-5476-4131-B5E0-41D01D621243}" = Sibelius Scorch (all browsers)
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
"{A6ADF689-81CB-4E47-BEEB-46517D5222AB}" = Rocket French v1.02
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB9C808A-2F32-41ED-BCFC-DE3A32590A6F}" = Singorama! Bonus Software
"{BC389DB4-2979-4F4D-BEC1-5B1267929956}" = UltraCompare v6.00
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FFF484-B2C2-48C5-81F3-5500F196BEE7}" = Guitar and Drum Trainer v4
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C31A6DD8-92DA-4DEA-A300-5E677B55A386}_is1" = Auralia 4 Demo
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3943D0B-C281-4BF7-9FFB-2A4497986BF9}" = Memory Key Boot Utility
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0224DA0-91BB-4A90-AB16-59FF757C1DF9}" = Singorama! eBooks
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F0EB3969-C007-4ABE-9245-990C5E021A8F}_is1" = Sibelius Sounds Essentials for Sibelius 6
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F73340A9-8AA9-49C4-937E-E271B837056C}" = Microsoft Expression Encoder 3
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Absolute Fretboard Trainer PRO" = Absolute Fretboard Trainer PRO
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Office Password Recovery" = Advanced Office Password Recovery (remove only)
"Aleo Flash Intro Banner Maker_is1" = Aleo Flash Intro Banner Maker 3.1
"Aleo Flash MP3 Player Builder_is1" = Aleo Flash MP3 Player Builder 3.2
"Anime Studio Pro_is1" = Anime Studio Pro 6.1
"Artisteer 2" = Artisteer 2
"Artisteer 3" = Artisteer 3
"ASIO4ALL" = ASIO4ALL
"Blend_3.0.1927.0" = Microsoft Expression Blend 3
"CCleaner" = CCleaner
"ChordWizard Gold 2.5" = ChordWizard Gold 2.5
"ChordWizard Songtrix Gold 3.0" = ChordWizard Songtrix Gold 3.0
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool Record Edit Pro" = Cool Record Edit Pro
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Digital Guitar Tuner 2.3_is1" = Digital Guitar Tuner 2.3
"Drumsite" = Drumsite 1.7 (demo)
"EarMaster Pro 5_is1" = EarMaster Pro 5
"Easy Button & Menu Maker_is1" = Easy Button & Menu Maker 1.5
"eBook Edit Pro_is1" = eBook Edit Pro v3.21
"EditPlus 3" = EditPlus 3
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"Encore 4.5.5" = Encore 4.5.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
"Finale 2009" = Finale 2009
"FL Studio 8" = FL Studio 8
"FTP Voyager_is1" = FTP Voyager 15.1
"Gadwin PrintScreen" = Gadwin PrintScreen
"Garritan Instruments for Finale 2009_is1" = Garritan Instruments for Finale 2009
"GPL Ghostscript 8.56" = GPL Ghostscript 8.56
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Guitar Chord Buster Pro 4.4.0" = Guitar Chord Buster Pro 4.4.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"GuitarScalesMethod_is1" = GSM 1.1.4.2
"GuitarSpeedTrainer_is1" = GST 2.3.8.4
"HS2_is1" = Steinberg Hypersonic 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"Image-Line PoiZone v2.1" = Image-Line PoiZone v2.1
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Basic)
"Little Bombers Returns" = Little Bombers Returns
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Lotto Pro" = Lotto Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maximus" = Maximus
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neuratron AudioScore Lite" = Neuratron AudioScore Lite
"Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PalTalk8.2" = PaltalkScene
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.7
"Pianoteq22" = Pianoteq v2.2.0
"Power MIDI to MP3_is1" = Power MIDI to MP3 1.6
"PowerISO" = PowerISO
"PuTTY_is1" = PuTTY version 0.60
"Rapid CSS 2008_is1" = Rapid CSS 2008 v9.2
"Rapid PHP 2008_is1" = Rapid PHP 2008 v9.2
"RapidTyping" = RapidTyping
"RegCure" = RegCure 1.5.2.7
"SHS" = Rogers Self Healing (remove only)
"Sibelius 6_is1" = Sibelius 6.2.0.88
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"Steinberg Groove Agent 2" = Steinberg Groove Agent 2
"Steinberg Groove Agent 2 v2.0.0.28" = Steinberg Groove Agent 2 v2.0.0.28
"Steinberg Nuendo v3.2.0.1128" = Steinberg Nuendo v3.2.0.1128
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"TempoPerfect" = TempoPerfect Metronome Software
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"Toxic Biohazard" = Toxic Biohazard
"Unlocker" = Unlocker 1.8.7
"Update Manager" = Rogers Update Manager (remove only)
"Virtual Guitarist" = Steinberg Virtual Guitarist
"Vpskeys_is1" = Vpskeys 4.3
"WashAndGo_is1" = WashAndGo
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XWeb" = Microsoft Expression Web 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YU2010_is1" = Your Uninstaller! 2010

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2011 7:49:31 AM | Computer Name = DAD | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/5/2011 7:49:34 AM | Computer Name = DAD | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2338, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/5/2011 6:24:32 AM | Computer Name = DADCOMPUTER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/5/2011 6:24:32 AM | Computer Name = DADCOMPUTER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/5/2011 6:24:32 AM | Computer Name = DADCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 4/5/2011 6:24:33 AM | Computer Name = DADCOMPUTER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/5/2011 6:24:33 AM | Computer Name = DADCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/5/2011 7:13:35 AM | Computer Name = DADCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 4/5/2011 7:13:50 AM | Computer Name = DADCOMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 24097034.

Error - 4/5/2011 8:39:14 AM | Computer Name = DADCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ OSession Events ]
Error - 10/29/2008 9:02:56 PM | Computer Name = DAD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 924
seconds with 120 seconds of active time. This session ended with a crash.

Error - 6/16/2010 2:50:16 PM | Computer Name = DADCOMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 187 seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/5/2011 8:10:39 AM | Computer Name = DADCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 4/5/2011 8:10:39 AM | Computer Name = DADCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%3

Error - 4/5/2011 8:45:18 AM | Computer Name = DADCOMPUTER | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 4/5/2011 9:06:45 AM | Computer Name = DADCOMPUTER | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 4/5/2011 10:30:52 AM | Computer Name = DADCOMPUTER | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 4/5/2011 11:06:24 AM | Computer Name = DADCOMPUTER | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 4/5/2011 1:14:53 PM | Computer Name = DADCOMPUTER | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 4/5/2011 1:18:17 PM | Computer Name = DADCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 4/5/2011 1:18:17 PM | Computer Name = DADCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 4/5/2011 1:18:17 PM | Computer Name = DADCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%3


< End of report >

descriptionSolvedRe: My PC is infected with XP Security 2011

more_horiz
Dear GeekPolice Staff,
I was able to manage and got rid of this XP Security 2011 infection.
(use Microsoft Revovery Console + Fix registry (from hijack trojan) => get Malwarebytes running & my PC seem runs normally now .

I think I am ok now (able to clean my computer further by myself) => Please save your precious time to help others in need more than I do now.

I sincerely wish GeekPolice & its staff all the best.

Regards,
Silverb

descriptionSolvedRe: My PC is infected with XP Security 2011

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum