Jump to content


Photo
- - - - -

Date and time change incorrectly every time I start my computer


  • Please log in to reply
15 replies to this topic

#1 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 23 February 2012 - 12:26 AM

Hey,
Recently, I found out some issue of date and time from my laptop!
Date and time will change incorrectly every time I turn on my comp. For an example, it will change to year 2013 or 2014 when I turn on my computer. thanks!



below here is my hijackthis file!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:22:35 PM, on 2/23/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
D:\PPS.tv\PPStream\PPSAP.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\KWMUSIC\bin\kwmusic.exe
C:\Program Files\KWMUSIC\bin\kwmv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kai Leong\Downloads\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.EXE" -background
O4 - HKCU\..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

--
End of file - 3602 bytes

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 23 February 2012 - 07:20 AM

I really don't think this is malware related, but let's take a closer look
Download OTL.exe by OldTimer to your Desktop.
  • Right click on OTL.exe and choose to "Run as Administrator"
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

In addition:
Can you let me know how old the laptop is, and the Exact Make/model please

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#3 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 23 February 2012 - 10:56 AM

Compaq Presario V3000
Year:2007



OTL logfile created on: 2/24/2012 12:42:04 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Kai Leong\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.02% Memory free
3.98 Gb Paging File | 2.37 Gb Available in Paging File | 59.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.90 Gb Total Space | 22.65 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 192.87 Gb Total Space | 74.55 Gb Free Space | 38.65% Space Free | Partition Type: NTFS

Computer Name: KAILEONG-PC | User Name: Kai Leong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/24 00:39:42 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Kai Leong\Desktop\OTL.exe
PRC - [2012/02/16 15:27:23 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe
PRC - [2011/12/31 11:41:26 | 000,524,168 | ---- | M] (酷我科技) -- C:\Program Files\KWMUSIC\bin\KwMV.exe
PRC - [2011/12/31 11:41:24 | 000,288,648 | ---- | M] (酷我科技) -- C:\Program Files\KWMUSIC\bin\KwMusic.exe
PRC - [2011/11/29 02:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/02 11:25:08 | 006,095,280 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPStream.exe
PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- D:\PPS.tv\PPStream\PPSAP.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 09:14:17 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 19:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/12/31 11:42:54 | 000,013,704 | ---- | M] () -- C:\Program Files\KWMUSIC\bin\Win7Trait.dll
MOD - [2011/12/31 11:41:32 | 000,067,464 | ---- | M] () -- C:\Program Files\KWMUSIC\bin\KwSongCache.dll
MOD - [2011/12/31 11:41:20 | 000,043,400 | ---- | M] () -- C:\Program Files\KWMUSIC\bin\KwModUpdateWeb.dll
MOD - [2011/12/31 11:40:40 | 000,037,256 | ---- | M] () -- C:\Program Files\KWMUSIC\bin\KuwoSyncMobile.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 02:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/29 01:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/29 01:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/29 01:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/29 01:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/29 01:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/29 01:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 06:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 06:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn....MY&dcc=MY&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 01 EF FF 77 10 CE 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{835CCC3E-E3BF-4A02-8F00-97D5482E81B4}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/03/05 23:01:52 | 000,398,336 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\TVWizudlg.exe
[2013/03/05 23:01:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2013/03/05 23:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/03/04 13:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/04 13:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/24 00:39:29 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Kai Leong\Desktop\OTL.exe
[2012/02/23 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\Desktop\handphone installer
[2012/02/23 17:24:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/22 14:37:31 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\Documents\OneNote Notebooks
[2012/02/22 02:33:35 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\Sigview
[2012/02/22 02:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigview
[2012/02/22 02:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sigview
[2012/02/22 01:49:58 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2012/02/22 01:49:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2012/02/21 22:14:53 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\Desktop\blender C
[2012/02/21 22:14:46 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\Desktop\blender B
[2012/02/21 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\Desktop\blender A
[2012/02/21 19:21:09 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\Documents\MATLAB
[2012/02/21 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\MathWorks
[2012/02/21 19:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
[2012/02/21 19:17:27 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Users\Kai Leong\Desktop\cnet_signannprot_zip.exe
[2012/02/21 19:17:15 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2012/02/21 19:17:11 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX
[2012/02/21 19:17:09 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx
[2012/02/21 19:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2012/02/21 18:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/21 18:31:52 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/21 18:31:52 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/21 18:31:48 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/21 18:31:47 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/21 18:31:47 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/21 18:31:46 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/21 18:29:50 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/21 18:29:50 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/19 22:42:06 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Local\Adobe
[2012/02/19 22:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/02/19 22:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/02/19 19:22:29 | 000,000,000 | --SD | C] -- C:\Users\Kai Leong\Documents\Passwords Database
[2012/02/19 01:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPStream
[2012/02/19 01:18:04 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\PPStream
[2012/02/19 01:17:54 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2012/02/17 21:12:56 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\vlc
[2012/02/17 18:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\酷我音乐盒 2011
[2012/02/17 18:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\KWMUSIC
[2012/02/17 18:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\kuwo
[2012/02/17 07:03:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/02/17 07:01:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/02/17 07:00:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/02/17 06:59:44 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/02/16 19:31:38 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2012/02/16 19:31:38 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2012/02/16 19:31:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/02/16 17:56:49 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/02/16 15:45:14 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/16 15:45:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/16 15:45:14 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/16 15:45:14 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/16 15:45:14 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/16 15:45:14 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/16 15:45:14 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/16 15:45:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 15:45:14 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/16 15:45:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 15:45:14 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/16 15:45:14 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/16 15:45:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/16 15:45:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/16 15:45:14 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/16 15:45:14 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/16 15:45:14 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/16 15:45:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/16 15:45:14 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/16 15:45:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/16 15:45:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/16 15:45:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/16 15:45:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 15:45:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/16 15:45:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/16 15:45:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/16 15:45:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/16 15:45:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/16 15:45:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 15:45:13 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 15:45:13 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/16 15:45:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/16 15:45:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/16 15:45:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/16 15:45:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/16 15:45:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/16 15:45:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/16 15:38:19 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/02/16 15:38:19 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012/02/16 15:38:19 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012/02/16 15:38:19 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/02/16 15:38:19 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/02/16 15:38:19 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/02/16 15:38:19 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/02/16 15:38:19 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/02/16 15:38:19 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012/02/16 15:38:19 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/02/16 15:38:19 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/02/16 15:38:19 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/02/16 15:38:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/02/16 15:38:19 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/02/16 15:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPLive
[2012/02/16 15:32:01 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\Mozilla
[2012/02/16 15:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Jlcm
[2012/02/16 15:31:59 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\PPLive
[2012/02/16 15:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PPLive
[2012/02/16 15:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PPLiveNetwork
[2012/02/16 15:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\PPLive
[2012/02/16 15:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/02/16 15:27:54 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\Macromedia
[2012/02/16 15:27:52 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\Adobe
[2012/02/16 15:27:23 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/16 15:27:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/02/16 15:26:32 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/16 15:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/16 15:21:20 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2012/02/16 15:21:19 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\WinRAR
[2012/02/16 15:21:18 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/16 15:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/02/16 15:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/02/16 15:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/02/16 15:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/02/16 15:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/02/16 15:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/02/16 15:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/02/16 15:19:18 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/16 15:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/02/16 15:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/02/16 15:17:15 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Local\Microsoft Help
[2012/02/16 15:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/02/16 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/02/16 15:17:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/02/16 15:16:01 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/02/16 15:09:44 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/02/16 15:09:44 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Searches
[2012/02/16 15:09:44 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/02/16 15:09:43 | 000,000,000 | -H-D | C] -- C:\Users\Kai Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/02/16 15:09:32 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\Identities
[2012/02/16 15:09:30 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Contacts
[2012/02/16 15:09:21 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Local\VirtualStore
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\AppData\Local\Temporary Internet Files
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\Templates
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\Start Menu
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\SendTo
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\Recent
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\PrintHood
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\NetHood
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\Documents\My Videos
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\Documents\My Pictures
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\Documents\My Music
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\My Documents
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\Local Settings
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\AppData\Local\History
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\Cookies
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\Application Data
[2012/02/16 15:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Kai Leong\AppData\Local\Application Data
[2012/02/16 15:09:18 | 000,000,000 | --SD | C] -- C:\Users\Kai Leong\AppData\Roaming\Microsoft
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Videos
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Saved Games
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Pictures
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Music
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Links
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Favorites
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Downloads
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Documents
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\Desktop
[2012/02/16 15:09:18 | 000,000,000 | R--D | C] -- C:\Users\Kai Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/02/16 15:09:18 | 000,000,000 | -H-D | C] -- C:\Users\Kai Leong\AppData
[2012/02/16 15:09:18 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Local\Temp
[2012/02/16 15:09:18 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Local\Microsoft
[2012/02/16 15:09:18 | 000,000,000 | ---D | C] -- C:\Users\Kai Leong\AppData\Roaming\Media Center Programs
[2012/02/16 15:09:05 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/02/24 00:43:41 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 00:43:41 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 00:39:42 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Kai Leong\Desktop\OTL.exe
[2012/02/23 22:56:05 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/23 22:56:05 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/23 20:09:04 | 000,000,026 | ---- | M] () -- C:\Windows\System32\mylk.dat
[2012/02/23 19:54:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/23 19:54:00 | 1603,035,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/23 18:41:51 | 000,768,069 | ---- | M] () -- C:\Users\Kai Leong\Desktop\Ng Win Siau - HT027257M.pdf
[2012/02/22 15:08:21 | 000,728,139 | ---- | M] () -- C:\Users\Kai Leong\Desktop\5989-9556EN.pdf
[2012/02/22 00:56:25 | 000,753,679 | ---- | M] () -- C:\Users\Kai Leong\Desktop\11A.pdf
[2012/02/21 19:17:57 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\MATLAB R2009a.lnk
[2012/02/21 19:17:28 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Users\Kai Leong\Desktop\cnet_signannprot_zip.exe
[2012/02/21 18:31:53 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/21 18:31:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/19 22:40:42 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/19 22:38:15 | 000,000,992 | ---- | M] () -- C:\Users\Kai Leong\Desktop\final year final sem - Shortcut.lnk
[2012/02/19 22:30:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/19 01:18:06 | 000,000,687 | ---- | M] () -- C:\Users\Public\Desktop\PPS影音.lnk
[2012/02/19 01:18:06 | 000,000,687 | ---- | M] () -- C:\Users\Kai Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2012/02/17 18:55:26 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\酷我音乐盒 2011.lnk
[2012/02/17 07:04:28 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/02/16 15:48:53 | 000,001,411 | ---- | M] () -- C:\Users\Kai Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/16 15:48:13 | 000,412,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/16 15:45:14 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/16 15:45:14 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 15:45:14 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/16 15:45:14 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/16 15:45:14 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/16 15:45:14 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/16 15:45:14 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/16 15:45:14 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/16 15:45:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 15:45:14 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/16 15:45:14 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 15:45:14 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/16 15:45:14 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/16 15:45:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/16 15:45:14 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/16 15:45:14 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/16 15:45:14 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/16 15:45:14 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/16 15:45:14 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/16 15:45:14 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/16 15:45:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/16 15:45:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/16 15:45:14 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/16 15:45:14 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/16 15:45:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 15:45:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/16 15:45:14 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/16 15:45:14 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/16 15:45:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/16 15:45:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/16 15:45:13 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 15:45:13 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/16 15:45:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/16 15:45:13 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/16 15:45:13 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/16 15:45:13 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/16 15:45:13 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/16 15:45:13 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/16 15:38:19 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/02/16 15:38:19 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012/02/16 15:38:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012/02/16 15:38:19 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/02/16 15:38:19 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/02/16 15:38:19 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/02/16 15:38:19 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/02/16 15:38:19 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/02/16 15:38:19 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012/02/16 15:38:19 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/02/16 15:38:19 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/02/16 15:38:19 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/02/16 15:38:19 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/02/16 15:38:19 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/02/16 15:32:01 | 000,001,074 | ---- | M] () -- C:\Users\Kai Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV .lnk
[2012/02/16 15:32:01 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\PPTV .lnk
[2012/02/16 15:27:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/16 15:20:13 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/02/16 15:12:26 | 000,000,003 | ---- | M] () -- C:\7Loader.TAG
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2013/03/05 23:01:52 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2013/03/05 23:01:52 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2012/02/23 18:35:27 | 000,768,069 | ---- | C] () -- C:\Users\Kai Leong\Desktop\Ng Win Siau - HT027257M.pdf
[2012/02/22 15:08:21 | 000,728,139 | ---- | C] () -- C:\Users\Kai Leong\Desktop\5989-9556EN.pdf
[2012/02/22 02:33:33 | 000,024,848 | ---- | C] () -- C:\Windows\System32\WAVDEST.AX
[2012/02/22 00:56:25 | 000,753,679 | ---- | C] () -- C:\Users\Kai Leong\Desktop\11A.pdf
[2012/02/21 19:17:57 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\MATLAB R2009a.lnk
[2012/02/21 19:17:09 | 000,002,362 | ---- | C] () -- C:\Windows\System32\mscomct2.dep
[2012/02/21 19:16:57 | 000,645,120 | ---- | C] () -- C:\Windows\System32\config.gms
[2012/02/21 18:31:53 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/19 22:40:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/19 22:40:42 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/19 22:38:15 | 000,000,992 | ---- | C] () -- C:\Users\Kai Leong\Desktop\final year final sem - Shortcut.lnk
[2012/02/19 22:30:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/02/19 01:18:08 | 000,000,687 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPS 影音.lnk
[2012/02/19 01:18:06 | 000,000,687 | ---- | C] () -- C:\Users\Kai Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2012/02/19 01:18:05 | 000,000,687 | ---- | C] () -- C:\Users\Public\Desktop\PPS影音.lnk
[2012/02/17 18:55:26 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\酷我音乐盒 2011.lnk
[2012/02/17 07:04:17 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/17 07:04:09 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/17 07:00:49 | 1603,035,136 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/16 15:45:14 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/16 15:32:01 | 000,001,074 | ---- | C] () -- C:\Users\Kai Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV .lnk
[2012/02/16 15:32:01 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\PPTV .lnk
[2012/02/16 15:20:13 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/02/16 15:14:35 | 000,001,411 | ---- | C] () -- C:\Users\Kai Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/16 15:12:26 | 000,000,003 | ---- | C] () -- C:\7Loader.TAG
[2012/02/16 15:09:45 | 000,001,417 | ---- | C] () -- C:\Users\Kai Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/02/16 15:09:18 | 000,000,290 | ---- | C] () -- C:\Users\Kai Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/02/16 15:09:18 | 000,000,272 | ---- | C] () -- C:\Users\Kai Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/16 20:53:14 | 000,291,176 | ---- | C] () -- C:\Windows\System32\kindling.dll
[2011/07/21 18:32:12 | 000,000,026 | ---- | C] () -- C:\Windows\System32\mylk.dat
[2011/07/21 18:32:12 | 000,000,021 | ---- | C] () -- C:\Windows\KwYl.dat

< End of report >





Extras.txt

OTL Extras logfile created on: 2/24/2012 12:42:04 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Kai Leong\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.02% Memory free
3.98 Gb Paging File | 2.37 Gb Available in Paging File | 59.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.90 Gb Total Space | 22.65 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 192.87 Gb Total Space | 74.55 Gb Free Space | 38.65% Space Free | Partition Type: NTFS

Computer Name: KAILEONG-PC | User Name: Kai Leong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [kwopen] -- "C:\Program Files\KWMUSIC\KwMusic.exe" \dir "%1" (酷我科技)
Directory [kwplaylist] -- "C:\Program Files\KWMUSIC\KwMusic.exe" \dirlist "%1" (酷我科技)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"KwMusic" = 酷我音乐盒 2011
"MatlabR2009a" = MATLAB R2009a
"PPLive" = PPTV V3.1.0.0013
"PPStream" = PPS影音 V2.7.0.1345 正式版
"Sigview_is1" = Sigview v2.4.0
"TVWiz" = Intel® TV Wizard
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.10 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2012 7:17:06 AM | Computer Name = KaiLeong-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\MATLAB\R2009a\bin\win32\hg.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/21/2012 7:17:08 AM | Computer Name = KaiLeong-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\MATLAB\R2009a\bin\win32\hg.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/21/2012 7:17:08 AM | Computer Name = KaiLeong-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\MATLAB\R2009a\bin\win32\hg.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/21/2012 7:17:54 AM | Computer Name = KaiLeong-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\MATLAB\R2009a\bin\win32\mlautoregister.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/21/2012 7:19:35 AM | Computer Name = KaiLeong-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\MATLAB\R2009a\bin\win32\vcrt_check.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/21/2012 10:28:39 AM | Computer Name = KaiLeong-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c8 Start
Time: 01ccf099d8544c05 Termination Time: 110 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 3/5/2013 11:02:09 AM | Computer Name = KaiLeong-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/5/2015 12:12:01 AM | Computer Name = KaiLeong-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/22/2012 8:59:42 AM | Computer Name = KaiLeong-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 660 Start
Time: 01ccf161be4e3715 Termination Time: 47 Application Path: C:\Windows\Explorer.EXE

Report
Id: 11e7419c-5d55-11e1-aeb1-001a6bbd0dcc

Error - 3/5/2012 4:02:47 AM | Computer Name = KaiLeong-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 904 Start
Time: 01ccfaa629caacf0 Termination Time: 40 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ System Events ]
Error - 2/16/2012 7:01:00 PM | Computer Name = 37L4247D28-05 | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/16/2012 10:42:58 AM | Computer Name = KaiLeong-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 2/16/2012 1:17:37 PM | Computer Name = KaiLeong-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 2/18/2012 10:51:43 AM | Computer Name = KaiLeong-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 2/21/2013 5:10:39 PM | Computer Name = KaiLeong-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:27:32 AM on ?2/?19/?2012 was unexpected.

Error - 3/4/2012 12:04:13 AM | Computer Name = KaiLeong-PC | Source = Microsoft-Windows-Time-Service | ID = 34
Description = The time service has detected that the system time needs to be changed
by -1111359 seconds. The time service will not change the system time by more than
54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.24:123) is working
properly.

Error - 3/4/2012 1:07:07 AM | Computer Name = KaiLeong-PC | Source = Microsoft-Windows-Time-Service | ID = 34
Description = The time service has detected that the system time needs to be changed
by -1018548 seconds. The time service will not change the system time by more than
54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.13:123) is working
properly.

Error - 3/5/2012 4:04:06 AM | Computer Name = KaiLeong-PC | Source = Microsoft-Windows-Time-Service | ID = 34
Description = The time service has detected that the system time needs to be changed
by -971994 seconds. The time service will not change the system time by more than
54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.19:123) is working
properly.

Error - 2/23/2012 5:24:24 AM | Computer Name = KaiLeong-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 2/23/2012 5:24:24 AM | Computer Name = KaiLeong-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.


< End of report >

#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 23 February 2012 - 12:52 PM

What operating system came with this laptop?
Was it Windows XP?

Is Windows 7 totally supported?
Have you checked the time zone settings and ensured that they are correct?
It shouldn't effect the year, but take a look

Have you shared Thumbdrives with this laptop with the XP computer that we're also dealing with in the other thread?

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#5 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 23 February 2012 - 09:01 PM

Hey, the OS of this laptop is window 7 and it was used for 1-2 years for this laptop without facing this kind of problem until recently weeks.

Yeap, time zone settings is correct!


Yeap, I has shared the thumbdrive between this laptop and XP computer before!

Is it useless for doing some scan before opening up the file of infected thumbdrive?
The virus from the thumbdrive will pass though the comp when the thumbdrive was attached to it although the infected thumbdrive was scanned before?

#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 23 February 2012 - 11:25 PM

As with your other computer we're working on
Can you temporarily disable your realtime protections with Avast

Then do the following please
Download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Back in Windows:
Download ComboFix from the following location

Link 1
Save it ONLY to your Desktop

--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts.

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#7 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 24 February 2012 - 12:59 AM

ComboFix 12-02-23.02 - Kai Leong 4/2012 Fri 14:34:53.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.936.86.1033.18.2038.1204 [GMT 8:00]
执行位置: c:\users\Kai Leong\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( 2012-01-24 至 2012-02-24 的新的档案 )))))))))))))))))))))))))))))))
.
.
2013-03-05 15:01 . 2013-03-05 15:01 -------- d-----w- c:\windows\system32\Lang
2013-03-05 15:01 . 2013-03-05 15:01 -------- d-----w- c:\program files\Intel
2013-03-05 15:01 . 2009-09-23 03:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2013-03-05 15:01 . 2009-09-23 03:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2012-03-04 05:25 . 2012-03-04 05:25 -------- d-----w- c:\programdata\AVAST Software
2012-03-04 05:25 . 2012-03-04 05:25 -------- d-----w- c:\program files\AVAST Software
2012-02-24 06:40 . 2012-02-24 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 03:12 . 2012-02-24 03:17 -------- d-----w- c:\program files\Google
2012-02-21 18:33 . 2012-02-21 18:33 -------- d-----w- c:\program files\Sigview
2012-02-21 18:33 . 2011-12-21 18:04 24848 ----a-w- c:\windows\system32\WAVDEST.AX
2012-02-21 17:49 . 2012-02-21 17:49 -------- d-----w- c:\windows\system32\x64
2012-02-21 17:49 . 2009-09-23 11:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2012-02-21 11:17 . 2004-02-11 06:37 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2012-02-21 11:17 . 2004-03-01 14:05 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2012-02-21 11:17 . 2002-02-14 02:26 647872 ----a-w- c:\windows\system32\mscomct2.ocx
2012-02-21 11:01 . 2012-02-21 11:01 -------- d-----w- c:\program files\MATLAB
2012-02-21 10:31 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-21 10:31 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-21 10:31 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-21 10:31 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-21 10:31 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-21 10:31 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-21 10:31 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA4ABA3E-0C22-4E9C-AD61-F1B3FA4F9DFC}\mpengine.dll
2012-02-21 10:29 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-21 10:29 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-19 14:40 . 2012-02-20 13:03 -------- d-----w- c:\program files\Common Files\Adobe
2012-02-18 17:17 . 2010-12-24 03:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-02-17 10:55 . 2012-02-23 13:27 -------- d-----w- c:\programdata\kuwo
2012-02-17 10:55 . 2012-02-17 10:55 -------- d-----w- c:\program files\KWMUSIC
2012-02-16 22:59 . 2012-02-16 07:09 -------- d-----w- c:\windows\Panther
2012-02-16 11:31 . 2009-12-14 04:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-02-16 11:31 . 2009-12-14 04:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-02-16 11:31 . 2012-02-19 11:22 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-16 07:38 . 2012-02-16 07:38 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-02-16 07:32 . 2012-02-16 07:32 -------- d-----w- c:\programdata\Jlcm
2012-02-16 07:31 . 2012-02-16 07:32 -------- d-----w- c:\programdata\PPLive
2012-02-16 07:31 . 2012-02-16 10:22 -------- d-----w- c:\program files\Common Files\PPLiveNetwork
2012-02-16 07:31 . 2012-02-16 07:31 -------- d-----w- c:\program files\PPLive
2012-02-16 07:27 . 2012-02-24 03:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 07:27 . 2012-02-16 07:27 -------- d-----w- c:\windows\system32\Macromed
2012-02-16 07:26 . 2012-01-28 21:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 07:21 . 2006-10-26 11:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-02-16 07:21 . 2006-10-26 11:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-02-16 07:20 . 2012-02-16 07:20 -------- d-----w- c:\program files\Microsoft Works
2012-02-16 07:19 . 2012-02-16 07:19 -------- d-----w- c:\program files\VideoLAN
2012-02-16 07:19 . 2012-02-16 07:19 -------- d-----w- c:\windows\PCHEALTH
2012-02-16 07:19 . 2012-02-16 07:19 -------- d-----w- c:\program files\Microsoft.NET
2012-02-16 07:17 . 2012-02-16 07:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-02-16 07:17 . 2012-02-16 07:21 -------- d-----w- c:\programdata\Microsoft Help
2012-02-16 07:17 . 2012-02-24 03:18 -------- d-sh--w- c:\windows\Installer
2012-02-16 07:16 . 2012-02-16 07:16 -------- d-----r- C:\MSOCache
2012-02-16 07:12 . 2012-02-24 05:54 -------- d-----w- c:\windows\system32\wbem\Performance
2012-02-16 07:09 . 2012-02-16 07:09 -------- d-----w- c:\users\Kai Leong
2012-02-16 07:09 . 2012-02-16 07:09 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Kai Leong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Kai Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2011-11-17 11:43 436088 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
2010-02-24 03:25 214408 ----a-w- d:\pps.tv\PPStream\PPSAP.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
计划任务 文件夹 里的内容
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 03:11]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 03:11]
.
.
------- 而外的扫描 -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-02-24 14:43:00
ComboFix-quarantined-files.txt 2012-02-24 06:42
.
Pre-Run: 24,930,320,384 bytes free
Post-Run: 24,837,644,288 bytes free
.
- - End Of File - - 4B9087528987587F88F884095FC1B36E

#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 24 February 2012 - 09:53 AM

Date/time still changing?
When you restarted the computer today, what date are you set too?

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#9 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 26 February 2012 - 06:04 PM

Any update here?

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#10 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 27 February 2012 - 05:51 AM

hey,
still facing the same problem here! the date still changing incorrectly!

#11 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 27 February 2012 - 06:55 AM

I don't see any software installed that can control system time
If you had some, I would look into that first
If you have no software like that installed
Try the next step
Shut down laptop, unplug the power cord from the wall/computer
Remove the Battery

Hold down the Power button on laptop for at least 10 seconds
put battery back in and connect power chord if needed
restart the computer, any luck?

If not,
I'm not sure of your Exact model of laptop, just the series
But if you go to Compaq site
You can download your correct manual for your computer

http://h10025.www1.h...us&dlc=en&lc=en

It could very well be that your RTC battery is in need of a change
It's an easy change on your make/model I believe
Simply remove harddrive cover and it should be in a small compartment next to harddrive

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#12 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 27 February 2012 - 10:36 AM

Compaq Presario V3632TU is the serie no.
hmmm... using my laptop without battery since many years ago...
is it unnecessary to remove the battery from laptop?

#13 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 27 February 2012 - 12:41 PM

http://h10032.www1.h...l/c01154809.pdf
That is the closest I could find to your model

If you open that manual and look under component replacement>>RTC battery
it will give you a rough guide of how to replace the RTC battery
NOTE: RTC battery is completely different than the main Battery

Before you do that
Can you try running the laptop with main Battery inserted
You can leave the computer plugged in if you wish, but have the battery
inserted
See if the date/time still change

Also, from this link
http://h10025.www1.h...n&lang=en&cc=us
, you may want to check if your main battery for your laptop qualifies for free replacement under the Recall notice

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#14 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 28 February 2012 - 02:30 AM

will update here after a week!
Will try 2 run the laptop with main Battery inserted for a week!
See if the date/time still change

#15 ernest_ckl

ernest_ckl

    Member

  • Members
  • PipPipPip
  • 57 posts

Posted 06 March 2012 - 08:51 AM

Hi Mr. Guestolo,
so far the time of my laptop is running correctly after running the laptop with main battery inserted.
The problem was solved by running the laptop with main battery inserted?

#16 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,242 posts

Posted 06 March 2012 - 01:54 PM

My guess is that with the main Battery always inserted
This always provides power to the part of the motherboard that keeps the CMOS updated

Now, as I mentioned earlier, you may be in need of changing the RTC battery
That is completely different than the main Battery
If you download your manual, which I linked to earlier, you will notice what is involved with changing this battery
It's a smaller battery than the main battery, and much cheaper

The CMOS (RTC battery) Real time clock battery, on a laptop is usually rechargeable, when the main power supply is plugged in
I am going to assume that yours is no longer holding a charge

If you open that manual and look under component replacement>>RTC battery
it will give you a rough guide of how to replace the RTC battery
NOTE: RTC battery is completely different than the main Battery


Important, if you go the route of changing the rtc battery
disconnect power cable from laptop to wall
remove main battery before changing the rtc battery

The manual should give complete instructions, you don't need to remove the harddrive
Just it's cover

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users