Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Currently having problem


  • This topic is locked This topic is locked
29 replies to this topic

#1 rs1985

rs1985

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 09 March 2010 - 12:01 PM

I am currently using my window 7 Home system, I have kaspersky internet security 2010
i really need some help here
half a month ago I Kaspersky had prompted me to allow or block a program called SVOHOST or something liek that, after i click allow since i did a bit of research and stuff and it is suppose to be a window thing, my computer started to have problems
1. i would be using firefox and a new tab of shopico or something will appear, sometimes the same one, sometime redirected to some sites
2. i would do a search on google or bing and it will redirect to another site
3. my computer would suddenly freeze and when i do clt alt delete, it asked me to phyically shut down the PC and it would just freeze there (I can still move my cursor)

i really need some help here because i tried to scan with kaspersky and there is no threat, i tried different software and it can't detect anything, please help me, if anyone can give me step by step help, it would be great
thanks

i just went on the site and see that i should do a log, i was able to do the DDS and Attach log, but not been able to do the GMER since it said that it stop working twice and gave me a BSOD once
thanks


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 03/11/2009 1:05:49 AM
System Uptime: 03/09/2010 5:39:47 AM (-4268 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5Q-PRO
Processor: Intel Core™2 Quad CPU Q9550 @ 2.83GHz | LGA 775 | 2838/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 932 GiB total, 119.975 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is CDROM ()
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB MS Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#058F63626376&3#
Manufacturer: Generic
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#058F63626376&3#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SD Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#058F63626376&0#
Manufacturer: Generic
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#058F63626376&0#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: TransMemory
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TOSHIBA&PROD_TRANSMEMORY&REV_PMAP#5B8408000038&0#
Manufacturer: TOSHIBA
Name: MY FINGER
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TOSHIBA&PROD_TRANSMEMORY&REV_PMAP#5B8408000038&0#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB xD/SM Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_XD#SM_READER&REV_1.02#058F63626376&2#
Manufacturer: Generic
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_XD#SM_READER&REV_1.02#058F63626376&2#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#058F63626376&1#
Manufacturer: Generic
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#058F63626376&1#
Service: WUDFRd

==== System Restore Points ===================

RP62: 04/02/2010 9:36:31 AM - Windows Update
RP63: 08/02/2010 2:20:56 PM - Windows Update
RP64: 11/02/2010 3:00:27 AM - Windows Update
RP65: 11/02/2010 4:36:37 PM - Windows Update
RP66: 22/02/2010 2:26:07 AM - Windows Update
RP67: 22/02/2010 6:54:47 AM - Windows Update
RP68: 24/02/2010 3:00:14 AM - Windows Update
RP69: 25/02/2010 1:46:35 AM - Windows Update
RP70: 26/02/2010 5:36:44 AM - Windows Update
RP71: 01/03/2010 12:19:02 PM - Windows Update
RP72: 04/03/2010 11:43:47 PM - Windows Update
RP73: 08/03/2010 3:00:36 AM - Windows Update
RP74: 09/03/2010 8:19:24 AM - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

3DMark06
AAC Decoder
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Reader Chinese Simplified Fonts
Adobe Reader Chinese Traditional Fonts
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc. AR81Family Gigabit/Fast Ethernet Driver
AutoUpdate
AviSynth 2.5
Bonjour
Canucks Players 2009-2010
CCleaner
CDDRV_Installer
Combat Arms
Debugging Tools for Windows (x86)
DiskAid 3.1
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Media Foundation Components
DivX Plus Web Player
DivX Version Checker
Dynasty Warriors 6
EA Download Manager
EPU-6 Engine
Farm Frenzy Pizza Party
FlashGet(JetCar)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
Foxy v1.9.9
Free RM to AVI Converter Splitter v2.0
Google Chrome
Google Update Helper
Google 地球
H.264 Decoder
HijackThis 2.0.2
Hong Kong Toolbar 3.3.4.0
HP LaserJet P1000 series
hppMSRedist
hppusgP1000
HPSSupply
ImagXpress
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java™ 6 Update 17
Junk Mail filter update
Kaspersky Internet Security 2010
KhalInstallWrapper
Left 4 Dead
Left 4 Dead Dedicated Server
LevelOne WNC-0600
LightScribe System Software 1.14.17.1
Logitech GamePanel Software 3.01
Logitech SetPoint
MarketResearch
marvell 61xx
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help 更新程式 (KB963678)
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office Powerpoint 2007 Help 更新程式 (KB963669)
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word 2007 Help 更新程式 (KB963665)
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.5.8)
MrvlUsgTracking
MSTPCRT
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
Nero 8 Lite
neroxml
NVIDIA Drivers
NVIDIA PhysX
OpenAL
Pando Media Booster
Pro Evolution Soccer 2010 1.0
QuickTime
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SopCast 3.2.4
Spybot - Search & Destroy
Spyware Terminator
SpywareBlaster 4.2
Steam
SUPERAntiSpyware Free Edition
System Requirements Lab
The Sims? 3
UltraEdit 15.00
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb977719)
VC80CRTRedist - 8.0.50727.4053
Video Card Stability Test
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
Watson
WavePad Sound Editor
WinAVI MP4 Converter
WinAVI Video Converter
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
WinSCP 4.1.9
WMA MP3 Converter 2.8 build 966
WNC-0600 N_One Wireless PCI Card
YouTube Downloader 2.5.3
μTorrent
小蒙恬

==== Event Viewer Messages From Past Week ========

09/03/2010 5:40:32 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
08/03/2010 1:13:28 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
08/03/2010 1:13:28 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
08/03/2010 1:10:28 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
08/03/2010 1:10:28 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
08/03/2010 1:10:28 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/03/2010 9:59:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
07/03/2010 9:59:18 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/03/2010 7:08:35 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
07/03/2010 7:06:35 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/03/2010 11:57:12 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/03/2010 1:29:51 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
06/03/2010 6:53:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
06/03/2010 6:53:53 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
04/03/2010 5:06:40 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

==== End Of File ===========================



DDS (Ver_09-12-01.01) - NTFSx86
Run by user at 9:08:00.71 on 09/03/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.950.852.1033.18.3327.1055 [GMT -8:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\user\Desktop\sp_rsser.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

udefault_page_url = hxxp://www.isoshu.com/
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: ShowHKToolbar Class: {06433bfe-4946-4e89-823d-cd359c81cd06} - c:\program files\881903\ietoolbar\hktbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: Hong Kong Toolbar: {481ee3ec-c026-4f9a-ba22-fd07654adfc0} - c:\program files\881903\ietoolbar\hktbar.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6A19C29D-ED45-4483-8999-9F939C8161F2} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Hong Kong Toolbar: {481ee3ec-c026-4f9a-ba22-fd07654adfc0} - c:\program files\881903\ietoolbar\hktbar.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Foxy ?? - c:\program files\foxy\Foxy.exe/download.htm
IE: Foxy 下載 - c:\program files\foxy\Foxy.exe/download.htm
IE: Foxy 搜尋 - c:\program files\foxy\Foxy.exe/search.htm
IE: 使用 FlashGet 下載 - c:\program files\flashget\jc_link.htm
IE: 全部使用 FlashGet 下載 - c:\program files\flashget\jc_all.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {B7147C56-C0D9-4C49-8311-E51130552D9F} = 64.59.160.13,64.59.160.15
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?PC=BRTH&FORM=BT009D&q=
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{59676c50-f36b-4584-85a9-67e455a0e89c}\components\FFExternalAlert.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{59676c50-f36b-4584-85a9-67e455a0e89c}\components\RadioWMPCore.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudioEx.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDES.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDESEx.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.external.foxy", true);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.warn-external.foxy", false);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.expose.foxy", true);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref("general.useragent.extra.foxy1", "Foxy/1");

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-23 150568]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 21520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-3-9 142592]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 foxy;Foxy: Filtering HTTP Proxy;"c:\program files\foxy-1.3.0\foxy.exe" "--config=c:\program files\foxy-1.3.0\foxy.cfg" --> c:\program files\foxy-1.3.0\foxy.exe [?]
S2 gupdate1c9f41535522420;Google Update Service (gupdate1c9f41535522420);c:\program files\google\update\GoogleUpdate.exe [2009-6-23 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-13 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]

=============== Created Last 30 ================

2010-03-09 16:32:17 51325 ----a-w- c:\users\user\n727210023_1017648_2812.jpg
2010-03-09 16:32:12 46971 ----a-w- c:\users\user\n727210023_1152810_7581.jpg
2010-03-09 16:24:21 3319850 ----a-w- c:\users\user\A000347-20100308-002.asf
2010-03-09 16:21:04 2927941 ----a-w- c:\users\user\A000422-20100309-001.asf
2010-03-09 16:20:05 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-09 16:19:48 0 d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
2010-03-09 16:19:48 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-09 16:09:47 7757856 ----a-w- c:\users\user\SUPERAntiSpyware.exe
2010-03-09 16:06:26 0 d-----w- c:\program files\Trend Micro
2010-03-09 15:48:52 3207767 ----a-w- c:\users\user\A000422-20100309-003.asf
2010-03-09 15:47:08 2653526 ----a-w- c:\users\user\A000422-20100309-002.asf
2010-03-09 15:35:42 488960 ----a-w- c:\users\user\sp_rsser.exe
2010-03-09 14:54:22 0 d-----w- c:\program files\SpywareBlaster
2010-03-09 14:02:18 3012768 ----a-w- c:\users\user\spywareblastersetup42.exe
2010-03-09 13:57:23 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-09 13:57:18 0 d-----w- c:\users\user\appdata\roaming\Spyware Terminator
2010-03-09 13:56:47 0 d-----w- c:\programdata\Spyware Terminator
2010-03-09 13:56:42 0 d-----w- c:\program files\Spyware Terminator
2010-03-09 13:53:42 646760 ----a-w- c:\users\user\SpywareTerminatorSetup.exe
2010-03-09 06:48:32 2787253 ----a-w- c:\users\user\A000347-20100308-001.asf
2010-03-09 06:18:12 3977681 ----a-w- c:\users\user\A000904-20100308-006.asf
2010-03-08 20:58:14 1991040 ----a-w- c:\users\user\我願意.mp3
2010-03-08 14:40:04 4257364 ----a-w- c:\users\user\楊千嬅 - 呼吸需要.mp3
2010-03-08 14:23:23 12070 ----a-w- c:\users\user\Gun.wav
2010-03-08 14:18:55 0 d-----w- c:\users\user\??? - 天地合
2010-03-08 13:58:08 3478913 ----a-w- c:\users\user\張敬軒 - 茶想曲.mp3
2010-03-08 13:56:21 5761492 ----a-w- c:\users\user\周柏豪 - 我不要被你記住.mp3
2010-03-08 13:50:25 9213986 ----a-w- c:\users\user\摵安硯 & 陳慧稍 - 文字流淚.mp3
2010-03-08 13:48:54 4523307 ----a-w- c:\users\user\陳奕迅~大人 (CD Version).mp3
2010-03-08 02:12:05 1924 ----a-w- c:\users\user\Spyware Doctor.lnk
2010-03-08 02:12:00 0 d-----w- c:\program files\Spyware Doctor
2010-03-08 02:12:00 0 d-----w- c:\program files\common files\PC Tools
2010-03-08 02:11:48 0 d---a-w- c:\programdata\TEMP
2010-03-07 21:38:33 1840232 ----a-w- c:\users\user\HousecallLauncher.exe
2010-03-07 03:55:39 12052 ----a-w- c:\users\user\HKSA ELECTION FORM.docx
2010-03-07 00:22:23 345006 ----a-w- c:\windows\uninstall Canucks_.exe
2010-03-07 00:22:21 1804674 ----a-w- c:\windows\Canucks_.scr
2010-03-06 14:04:06 160487 ----a-w- c:\users\user\Chisato Suzuki2 Ferrari.jpg
2010-03-06 14:02:08 126715 ----a-w- c:\users\user\Chisato Suzuki2 MAC.jpg
2010-03-06 14:00:51 193499 ----a-w- c:\users\user\Chisato Suzuki2.jpg
2010-03-05 11:42:35 11131 ----a-w- c:\users\user\book list.docx
2010-02-28 13:20:26 191656 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-27 06:37:03 0 d-----w- C:\Car Radio
2010-02-26 06:42:12 18962 ----a-w- c:\users\user\2010 - Disagree on changing children's dictionary.docx
2010-02-24 17:25:19 27648 ----a-w- c:\users\user\Love at uncertain times.doc
2010-02-24 11:00:53 0 d-----w- c:\windows\system32\Wat
2010-02-24 03:47:09 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 03:47:08 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 03:47:08 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 03:47:08 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-02-24 03:47:07 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 13:35:28 262456 ----a-w- c:\users\user\K i n G S L e Y ?_22_02_2010@5_35_07.wav
2010-02-08 11:32:22 3156639 ----a-w- c:\users\user\03. Travelin' Band.wma

==================== Find3M ====================

2010-03-04 22:43:36 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-12-19 09:02:55 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-08-12 02:07:43 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2009-08-12 02:07:43 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2009-08-12 02:07:43 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-13 09:10:21 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:09:29.13 ===============

Edited by rs1985, 09 March 2010 - 12:29 PM.


BC AdBot (Login to Remove)

 


#2 rs1985

rs1985
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 09 March 2010 - 06:29 PM

also i have one more problem, i have no idea why my computer's will suddenly freeze and there is nth i can do

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 09 March 2010 - 09:43 PM.


#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:39 AM

Posted 12 March 2010 - 02:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 rs1985

rs1985
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 12 March 2010 - 03:50 PM

sorry about bugging you guys, i have tried a lot of different malware removing program including ad aware to remove the mal ware without luck
the main problem is, after i allow a program call SVCHOST through kapasky, when i am using firefox, there would be new tabs suddenly appearing with ads, my webpage get redirect when i use google or bing, and sudden freeze of my machine, like i can be typing and msn would freeeze, clt alt del would result with the computer saying it does not work and i need to restart with the power button, thanks for your help and sorry for bugging you guys
i tried to do that GMER test, once end up with blue screen of death, the other time it just freezed

DDS (Ver_09-12-01.01) - NTFSx86
Run by user at 12:42:27.89 on 12/03/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.950.852.1033.18.3327.1085 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

udefault_page_url = hxxp://www.isoshu.com/
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: ShowHKToolbar Class: {06433bfe-4946-4e89-823d-cd359c81cd06} - c:\program files\881903\ietoolbar\hktbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: Hong Kong Toolbar: {481ee3ec-c026-4f9a-ba22-fd07654adfc0} - c:\program files\881903\ietoolbar\hktbar.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6A19C29D-ED45-4483-8999-9F939C8161F2} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Hong Kong Toolbar: {481ee3ec-c026-4f9a-ba22-fd07654adfc0} - c:\program files\881903\ietoolbar\hktbar.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Foxy ?? - c:\program files\foxy\Foxy.exe/download.htm
IE: Foxy 下載 - c:\program files\foxy\Foxy.exe/download.htm
IE: Foxy 搜尋 - c:\program files\foxy\Foxy.exe/search.htm
IE: 使用 FlashGet 下載 - c:\program files\flashget\jc_link.htm
IE: 全部使用 FlashGet 下載 - c:\program files\flashget\jc_all.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {B7147C56-C0D9-4C49-8311-E51130552D9F} = 64.59.160.13,64.59.160.15
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{59676c50-f36b-4584-85a9-67e455a0e89c}\components\FFExternalAlert.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{59676c50-f36b-4584-85a9-67e455a0e89c}\components\RadioWMPCore.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudioEx.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDES.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDESEx.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.external.foxy", true);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.warn-external.foxy", false);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.expose.foxy", true);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref("general.useragent.extra.foxy1", "Foxy/1");

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-23 150568]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 21520]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S2 foxy;Foxy: Filtering HTTP Proxy;"c:\program files\foxy-1.3.0\foxy.exe" "--config=c:\program files\foxy-1.3.0\foxy.cfg" --> c:\program files\foxy-1.3.0\foxy.exe [?]
S2 gupdate1c9f41535522420;Google Update Service (gupdate1c9f41535522420);c:\program files\google\update\GoogleUpdate.exe [2009-6-23 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-13 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]

=============== Created Last 30 ================

2010-03-12 18:21:22 2871510 ----a-w- c:\users\user\A000900-20100312-004.asf
2010-03-12 18:20:47 2924074 ----a-w- c:\users\user\A000900-20100312-003.asf
2010-03-12 18:20:18 2686763 ----a-w- c:\users\user\A000900-20100312-002.asf
2010-03-12 18:19:54 3043889 ----a-w- c:\users\user\A000900-20100312-001.asf
2010-03-12 18:18:41 3761241 ----a-w- c:\users\user\A000904-20100312-006.asf
2010-03-12 18:18:23 2713826 ----a-w- c:\users\user\A000904-20100312-005.asf
2010-03-12 18:17:46 3581905 ----a-w- c:\users\user\A000904-20100312-004.asf
2010-03-12 18:17:15 2795764 ----a-w- c:\users\user\A000904-20100312-003.asf
2010-03-12 18:16:39 3365465 ----a-w- c:\users\user\A000904-20100312-002.asf
2010-03-12 18:16:04 3399477 ----a-w- c:\users\user\A000904-20100312-001.asf
2010-03-12 18:15:34 2841365 ----a-w- c:\users\user\A000422-20100312-003.asf
2010-03-12 18:15:14 2437086 ----a-w- c:\users\user\A000422-20100312-002.asf
2010-03-12 18:14:44 2240744 ----a-w- c:\users\user\A000422-20100312-001.asf
2010-03-12 02:43:17 2935679 ----a-w- c:\users\user\A000426-20100312-003.asf
2010-03-12 02:16:00 3641426 ----a-w- c:\users\user\A000904-20100311-006.asf
2010-03-12 01:13:54 3033848 ----a-w- c:\users\user\A000904-20100311-005.asf
2010-03-11 20:05:15 3136649 ----a-w- c:\users\user\A000347-20100311-002.asf
2010-03-11 17:43:42 3059349 ----a-w- c:\users\user\A000347-20100311-001.asf
2010-03-11 17:42:41 2959640 ----a-w- c:\users\user\A000904-20100311-003.asf
2010-03-11 17:39:13 3190767 ----a-w- c:\users\user\A000904-20100311-004.asf
2010-03-11 17:02:32 459745 ----a-w- c:\users\user\Mb_EV12-coupe_1662_1920x1200.jpg
2010-03-11 17:02:28 218279 ----a-w- c:\users\user\Mb_EV12-coupe_1661_1920x1200.jpg
2010-03-11 17:02:23 375357 ----a-w- c:\users\user\Mb_EV12-coupe_1660_1920x1200.jpg
2010-03-11 17:02:20 362626 ----a-w- c:\users\user\Mb_EV12-coupe_1659_1920x1200.jpg
2010-03-11 17:02:15 221785 ----a-w- c:\users\user\Mb_EV12-coupe_1658_1920x1200.jpg
2010-03-11 17:02:11 230167 ----a-w- c:\users\user\Mb_EV12-coupe_1657_1920x1200.jpg
2010-03-11 17:02:07 224478 ----a-w- c:\users\user\Mb_EV12-coupe_1656_1920x1200.jpg
2010-03-11 17:02:02 248159 ----a-w- c:\users\user\Mb_EV12-coupe_1655_1920x1200.jpg
2010-03-11 17:01:57 188785 ----a-w- c:\users\user\Mb_EV12-coupe_1654_1920x1200.jpg
2010-03-11 17:01:51 258985 ----a-w- c:\users\user\Mb_EV12-coupe_1653_1920x1200.jpg
2010-03-11 16:48:44 3666162 ----a-w- c:\users\user\A000904-20100311-002.asf
2010-03-11 16:19:46 2829776 ----a-w- c:\users\user\A000904-20100311-001.asf
2010-03-11 16:18:48 2827451 ----a-w- c:\users\user\A000422-20100311-003.asf
2010-03-11 15:43:00 2842911 ----a-w- c:\users\user\A000422-20100311-002.asf
2010-03-11 15:06:36 2791126 ----a-w- c:\users\user\A000901-20100311-003.asf
2010-03-11 15:06:27 2944953 ----a-w- c:\users\user\A000901-20100311-002.asf
2010-03-11 15:04:35 2473423 ----a-w- c:\users\user\A000901-20100311-006.asf
2010-03-11 14:36:11 3510016 ----a-w- c:\users\user\A000901-20100311-005.asf
2010-03-11 14:18:40 3284300 ----a-w- c:\users\user\A000901-20100311-004.asf
2010-03-11 13:10:18 3353870 ----a-w- c:\users\user\A000901-20100311-001.asf
2010-03-11 13:03:31 2326547 ----a-w- c:\users\user\A000422-20100311-001.asf
2010-03-11 12:48:00 312537 ----a-w- c:\users\user\jpg_lloris-1280.jpg
2010-03-11 12:47:47 217953 ----a-w- c:\users\user\LLoris_1024.jpg
2010-03-11 12:46:46 2980513 ----a-w- c:\users\user\A000426-20100311-003.asf
2010-03-11 12:46:11 2475744 ----a-w- c:\users\user\A000426-20100311-002.asf
2010-03-11 12:45:49 2883115 ----a-w- c:\users\user\A000426-20100311-001.asf
2010-03-11 12:09:07 2390714 ----a-w- c:\users\user\A000426-20100311-006.asf
2010-03-11 10:50:02 2859152 ----a-w- c:\users\user\A000426-20100311-005.asf
2010-03-11 10:44:40 2597105 ----a-w- c:\users\user\A000426-20100311-004.asf
2010-03-11 10:12:08 4357423 ----atw- c:\users\user\_DSC5485.JPG
2010-03-11 10:12:03 3600311 ----atw- c:\users\user\_DSC5484.JPG
2010-03-11 10:01:01 2850647 ----a-w- c:\users\user\A000904-20100310-003.asf
2010-03-11 09:51:03 3428078 ----a-w- c:\users\user\A000904-20100310-006.asf
2010-03-11 09:36:04 3132792 ----a-w- c:\users\user\A000904-20100310-005.asf
2010-03-11 09:12:15 3305171 ----a-w- c:\users\user\A000904-20100310-004.asf
2010-03-11 08:47:58 3465955 ----a-w- c:\users\user\A000904-20100310-002.asf
2010-03-11 08:34:55 3114240 ----a-w- c:\users\user\A000904-20100310-001.asf
2010-03-11 02:36:26 30169 ----a-w- c:\users\user\(鈴聲)司徒法正 出事架嘛.mp3
2010-03-10 21:43:51 65536 --sha-w- c:\users\user\ntuser.dat{594eaed8-2c86-11df-ba35-0022156b8f6a}.TM.blf
2010-03-10 21:43:51 524288 --sha-w- c:\users\user\ntuser.dat{594eaed8-2c86-11df-ba35-0022156b8f6a}.TMContainer00000000000000000002.regtrans-ms
2010-03-10 21:43:51 524288 --sha-w- c:\users\user\ntuser.dat{594eaed8-2c86-11df-ba35-0022156b8f6a}.TMContainer00000000000000000001.regtrans-ms
2010-03-10 10:44:46 2841363 ----a-w- c:\users\user\A000900-20100309-001.asf
2010-03-10 10:32:32 3527787 ----a-w- c:\users\user\A000900-20100225-003.asf
2010-03-10 10:30:40 1957824 ----a-w- c:\users\user\A000900-20100225-002.asf
2010-03-10 10:30:35 2495059 ----a-w- c:\users\user\A000900-20100225-001.asf
2010-03-10 10:18:00 3652240 ----a-w- c:\users\user\A000900-20100225-004.asf
2010-03-10 07:56:40 2843692 ----a-w- c:\users\user\A000426-20100310-006.asf
2010-03-10 07:55:59 104967 ----a-w- c:\users\user\mar0910_avs_salo_pog_b.jpg
2010-03-10 03:52:07 2526762 ----a-w- c:\users\user\A000426-20100310-003.asf
2010-03-10 03:51:56 3009114 ----a-w- c:\users\user\A000426-20100310-002.asf
2010-03-10 03:49:36 3297443 ----a-w- c:\users\user\A000426-20100310-001.asf
2010-03-10 03:48:06 9773 ----a-w- c:\users\user\13545_188858858095_500873095_3040502_515715_n.jpg
2010-03-10 03:31:39 2848330 ----a-w- c:\users\user\A000426-20100310-005.asf
2010-03-10 03:26:21 2672859 ----a-w- c:\users\user\A000426-20100310-004.asf
2010-03-10 01:17:46 3598138 ----a-w- c:\users\user\A000904-20100309-006.asf
2010-03-10 01:17:14 2891614 ----a-w- c:\users\user\A000904-20100309-005.asf
2010-03-10 01:13:32 0 d-----w- c:\users\user\吳克群 ~ 寄生
2010-03-10 01:04:50 3432716 ----a-w- c:\users\user\A000904-20100309-003.asf
2010-03-10 00:27:38 196 ----a-w- c:\users\user\kosatsu.asx
2010-03-10 00:18:28 3510016 ----a-w- c:\users\user\A000904-20100309-002.asf
2010-03-10 00:14:20 3378606 ----a-w- c:\users\user\A000904-20100309-001.asf
2010-03-09 22:52:24 2649667 ----a-w- c:\users\user\A000904-20100309-004.asf
2010-03-09 21:32:10 3084085 ----a-w- c:\users\user\A000347-20100309-001.asf
2010-03-09 21:30:23 2702223 ----a-w- c:\users\user\A000347-20100309-002.asf
2010-03-09 16:32:17 51325 ----a-w- c:\users\user\n727210023_1017648_2812.jpg
2010-03-09 16:32:12 46971 ----a-w- c:\users\user\n727210023_1152810_7581.jpg
2010-03-09 16:24:21 3319850 ----a-w- c:\users\user\A000347-20100308-002.asf
2010-03-09 16:21:04 2927941 ----a-w- c:\users\user\A000422-20100309-001.asf
2010-03-09 16:20:05 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-09 16:19:48 0 d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
2010-03-09 16:19:48 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-09 15:48:52 3207767 ----a-w- c:\users\user\A000422-20100309-003.asf
2010-03-09 15:47:08 2653526 ----a-w- c:\users\user\A000422-20100309-002.asf
2010-03-09 14:54:22 0 d-----w- c:\program files\SpywareBlaster
2010-03-09 13:57:18 0 d-----w- c:\users\user\appdata\roaming\Spyware Terminator
2010-03-09 13:56:47 0 d-----w- c:\programdata\Spyware Terminator
2010-03-09 13:56:42 0 d-----w- c:\program files\Spyware Terminator
2010-03-09 06:48:32 2787253 ----a-w- c:\users\user\A000347-20100308-001.asf
2010-03-09 06:18:12 3977681 ----a-w- c:\users\user\A000904-20100308-006.asf
2010-03-08 20:58:14 1991040 ----a-w- c:\users\user\我願意.mp3
2010-03-08 14:40:04 4257364 ----a-w- c:\users\user\楊千嬅 - 呼吸需要.mp3
2010-03-08 14:23:23 12070 ----a-w- c:\users\user\Gun.wav
2010-03-08 14:18:55 0 d-----w- c:\users\user\??? - 天地合
2010-03-08 13:58:08 3478913 ----a-w- c:\users\user\張敬軒 - 茶想曲.mp3
2010-03-08 13:56:21 5761492 ----a-w- c:\users\user\周柏豪 - 我不要被你記住.mp3
2010-03-08 13:50:25 9213986 ----a-w- c:\users\user\摵安硯 & 陳慧稍 - 文字流淚.mp3
2010-03-08 13:48:54 4523307 ----a-w- c:\users\user\陳奕迅~大人 (CD Version).mp3
2010-03-08 02:11:48 0 d---a-w- c:\programdata\TEMP
2010-03-07 03:55:39 12052 ----a-w- c:\users\user\HKSA ELECTION FORM.docx
2010-03-06 14:04:06 160487 ----a-w- c:\users\user\Chisato Suzuki2 Ferrari.jpg
2010-03-06 14:02:08 126715 ----a-w- c:\users\user\Chisato Suzuki2 MAC.jpg
2010-03-06 14:00:51 193499 ----a-w- c:\users\user\Chisato Suzuki2.jpg
2010-03-05 11:42:35 11131 ----a-w- c:\users\user\book list.docx
2010-02-27 06:37:03 0 d-----w- C:\Car Radio
2010-02-26 06:42:12 18962 ----a-w- c:\users\user\2010 - Disagree on changing children's dictionary.docx
2010-02-24 17:25:19 27648 ----a-w- c:\users\user\Love at uncertain times.doc
2010-02-22 13:35:28 262456 ----a-w- c:\users\user\K i n G S L e Y ?_22_02_2010@5_35_07.wav

==================== Find3M ====================

2010-03-11 22:13:30 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-27 11:15:57 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-14 19:12:06 181120 ----a-w- c:\windows\system32\MpSigStub.exe
2009-12-19 09:02:55 977920 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-08-12 02:07:43 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2009-08-12 02:07:43 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2009-08-12 02:07:43 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-13 09:10:21 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:43:50.83 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 03/11/2009 1:05:49 AM
System Uptime: 03/11/2010 9:32:11 PM (-5673 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5Q-PRO
Processor: Intel® Core™2 Quad CPU Q9550 @ 2.83GHz | LGA 775 | 2833/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 932 GiB total, 88.631 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB MS Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#058F63626376&3#
Manufacturer: Generic
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#058F63626376&3#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SD Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#058F63626376&0#
Manufacturer: Generic
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#058F63626376&0#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: WPD FileSystem Volume Driver
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TOSHIBA&PROD_TRANSMEMORY&REV_PMAP#5B8408000038&0#
Manufacturer: Microsoft
Name: MY FINGER
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_TOSHIBA&PROD_TRANSMEMORY&REV_PMAP#5B8408000038&0#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB xD/SM Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_XD#SM_READER&REV_1.02#058F63626376&2#
Manufacturer: Generic
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_XD#SM_READER&REV_1.02#058F63626376&2#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#058F63626376&1#
Manufacturer: Generic
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#058F63626376&1#
Service: WUDFRd

==== System Restore Points ===================

RP63: 08/02/2010 2:20:56 PM - Windows Update
RP64: 11/02/2010 3:00:27 AM - Windows Update
RP65: 11/02/2010 4:36:37 PM - Windows Update
RP66: 22/02/2010 2:26:07 AM - Windows Update
RP67: 22/02/2010 6:54:47 AM - Windows Update
RP68: 24/02/2010 3:00:14 AM - Windows Update
RP69: 25/02/2010 1:46:35 AM - Windows Update
RP70: 26/02/2010 5:36:44 AM - Windows Update
RP71: 01/03/2010 12:19:02 PM - Windows Update
RP72: 04/03/2010 11:43:47 PM - Windows Update
RP73: 08/03/2010 3:00:36 AM - Windows Update
RP74: 09/03/2010 8:19:24 AM - Installed SUPERAntiSpyware Free Edition
RP75: 09/03/2010 9:19:34 AM - Windows Update
RP76: 10/03/2010 1:35:56 PM - Restore Operation
RP77: 11/03/2010 3:00:20 AM - Windows Update
RP78: 12/03/2010 3:00:39 AM - Windows Update

==== Installed Programs ======================

3DMark06
AAC Decoder
AC3Filter (remove only)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Reader Chinese Simplified Fonts
Adobe Reader Chinese Traditional Fonts
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AutoUpdate
AviSynth 2.5
Bonjour
CCleaner
CDDRV_Installer
Combat Arms
Debugging Tools for Windows (x86)
DiskAid 3.1
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Media Foundation Components
DivX Plus Web Player
DivX Version Checker
Dynasty Warriors 6
EA Download Manager
EPU-6 Engine
Farm Frenzy Pizza Party
FlashGet(JetCar)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
Foxy v1.9.9
Free RM to AVI Converter Splitter v2.0
Google Chrome
Google Update Helper
Google 地球
H.264 Decoder
Hong Kong Toolbar 3.3.4.0
HP LaserJet P1000 series
hppMSRedist
hppusgP1000
HPSSupply
ImagXpress
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java™ 6 Update 17
Junk Mail filter update
Kaspersky Internet Security 2010
KhalInstallWrapper
Left 4 Dead
Left 4 Dead Dedicated Server
LevelOne WNC-0600
LightScribe System Software 1.14.17.1
Logitech GamePanel Software 3.01
Logitech SetPoint
MarketResearch
marvell 61xx
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help 更新程式 (KB963678)
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office Powerpoint 2007 Help 更新程式 (KB963669)
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word 2007 Help 更新程式 (KB963665)
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.5.7)
MrvlUsgTracking
MSTPCRT
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
Nero 8 Lite
neroxml
NVIDIA Drivers
NVIDIA PhysX
OpenAL
Pando Media Booster
Pro Evolution Soccer 2010 1.0
QuickTime
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SopCast 3.2.4
Spybot - Search & Destroy
Steam
System Requirements Lab
The Sims? 3
UltraEdit 15.00
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb979895)
VC80CRTRedist - 8.0.50727.4053
Video Card Stability Test
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
WavePad Sound Editor
WinAVI MP4 Converter
WinAVI Video Converter
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
WinSCP 4.1.9
WMA MP3 Converter 2.8 build 966
WNC-0600 N_One Wireless PCI Card
YouTube Downloader 2.5.3
μTorrent
小蒙恬

==== Event Viewer Messages From Past Week ========

11/03/2010 9:33:00 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
10/03/2010 4:02:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
10/03/2010 2:52:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/03/2010 2:52:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
10/03/2010 2:52:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
10/03/2010 2:51:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2010 2:50:04 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2010 12:49:38 PM, Error: Service Control Manager [7000] - The Spyware Terminator Realtime Shield Service service failed to start due to the following error: The system cannot find the file specified.
10/03/2010 1:48:17 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-17-F2-4D-96-A4. Network operations on this system may be disrupted as a result.
10/03/2010 1:34:58 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
09/03/2010 9:15:39 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x832a0fde, 0xbc24da44, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030910-41870-01.
09/03/2010 10:12:27 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
08/03/2010 1:10:28 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
08/03/2010 1:08:28 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/03/2010 9:59:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
07/03/2010 9:59:18 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/03/2010 6:53:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
06/03/2010 6:53:53 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================





#5 rs1985

rs1985
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 12 March 2010 - 04:18 PM

i am not sure if this is the report you guys want for GMER

this is the best i can do after a few BSOD even at safe mode

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-12 13:05:41
Windows 6.1.7600
Running: 6hjs6kji.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A41AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A41104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A413F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A29898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A411DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A41958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A416F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A41F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A421A8

---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 85C74A9A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x0A 0x08 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0xE2 0x65 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x1E 0x55 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x0A 0x08 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0xE2 0x65 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x1E 0x55 0xD4 ...
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\596648679\Groups@ 1

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:39 AM

Posted 13 March 2010 - 03:40 AM

Hello, rs1985
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 rs1985

rs1985
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 13 March 2010 - 05:56 AM

do you mind to give me a few days, i am going back to my computer in like 2-3 days
and i am wonder what does this new scanning do ?
thanks

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:39 AM

Posted 13 March 2010 - 11:18 AM

This will remove the malware smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 rs1985

rs1985
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 13 March 2010 - 05:56 PM

i am really stupid but
i am wondering from the logs
do you guys see all the freezing and all the new tabs and stuff are from malwares ?
thanks

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:39 AM

Posted 13 March 2010 - 06:00 PM

Sure :D

QUOTE
File C:\Windows\system32\drivers\atapi.sys suspicious modification


Thats enough to see smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 rs1985

rs1985
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 13 March 2010 - 06:32 PM

are there anyting about msn freezing ?
thanks
hahaha
because other than the redirection, msn and stuff are freezing quite a bit and i have to turn off the computer phyically as the whole thing just freeze sometimes with fire fox

Edited by rs1985, 13 March 2010 - 06:33 PM.


#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:39 AM

Posted 14 March 2010 - 08:52 AM

Please follow the steps above and we will handle these problems.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 rs1985

rs1985
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 16 March 2010 - 05:15 AM

ComboFix 10-03-15.05 - user 16/03/2010 2:58.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.950.852.1033.18.3327.2501 [GMT -7:00]
執行位置: c:\users\user\Desktop\schrauber.exe
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\user\AppData\Roaming\inst.exe

發現受感染 c:\windows\system32\DRIVERS\atapi.sys 並且成功解毒
從 - Kitty ate it tongue.gif 恢復原來檔案
.
((((((((((((((((((((((((( 2010-02-16 至 2010-03-16 的新的檔案 )))))))))))))))))))))))))))))))
.

2010-03-16 09:43 . 2010-03-16 09:44 -------- d-----w- C:\32788R22FWJFW
2010-03-15 09:30 . 2010-03-15 21:11 -------- d-----w- c:\users\user\陳奕迅 - Time Flies
2010-03-12 21:20 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-03-12 21:20 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-03-12 21:20 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-03-12 21:20 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-12 21:20 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-12 21:20 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-12 21:20 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-12 21:20 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-03-12 21:20 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-12 21:20 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-12 21:20 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-12 21:20 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-12 20:43 . 2010-03-12 20:43 293376 ----a-w- c:\users\user\6hjs6kji.exe
2010-03-12 20:41 . 2010-03-12 20:41 524288 ----a-w- c:\users\user\dds.scr
2010-03-10 01:13 . 2010-03-10 02:05 -------- d-----w- c:\users\user\吳克群 ~ 寄生
2010-03-10 00:33 . 2010-03-10 00:33 -------- d-----w- c:\users\user\AppData\Local\Adobe
2010-03-09 16:20 . 2010-03-09 16:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-09 16:19 . 2010-03-10 21:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-09 16:19 . 2010-03-09 16:19 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2010-03-09 14:54 . 2010-03-10 21:41 -------- d-----w- c:\program files\SpywareBlaster
2010-03-09 13:57 . 2010-03-10 21:41 -------- d-----w- c:\users\user\AppData\Roaming\Spyware Terminator
2010-03-09 13:56 . 2010-03-10 21:41 -------- d-----w- c:\programdata\Spyware Terminator
2010-03-09 13:56 . 2010-03-10 21:41 -------- d-----w- c:\program files\Spyware Terminator
2010-03-08 14:18 . 2010-03-08 14:18 -------- d-----w- c:\users\user\??? - 天地合
2010-03-04 02:46 . 2010-03-15 17:31 -------- d-----w- c:\users\user\March 1 show
2010-03-04 02:45 . 2010-03-15 17:31 -------- d-----w- c:\users\user\2010 Feb 1 Show
2010-03-04 02:45 . 2010-03-15 17:31 -------- d-----w- c:\users\user\2010 Feb 8 Show
2010-03-04 02:45 . 2010-03-04 02:45 -------- d-----w- c:\users\user\iPhone Ringtones
2010-02-27 06:37 . 2010-02-27 06:45 -------- d-----w- C:\Car Radio
2010-02-26 11:31 . 2010-02-26 11:31 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2010-02-22 11:31 . 2010-03-10 21:41 -------- d-----w- c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 10:07 . 2009-01-21 06:56 -------- d-----w- c:\program files\Steam
2010-03-16 10:07 . 2009-05-26 11:48 -------- d-----w- c:\programdata\Kaspersky Lab
2010-03-16 04:56 . 2009-02-02 07:40 -------- d-----w- c:\users\user\AppData\Roaming\uTorrent
2010-03-12 11:01 . 2009-01-27 07:17 -------- d-----w- c:\programdata\Microsoft Help
2010-03-12 06:32 . 2009-01-22 03:55 -------- d-----w- c:\users\user\AppData\Roaming\dvdcss
2010-03-11 22:13 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-10 21:41 . 2009-01-22 03:55 -------- d-----w- c:\users\user\AppData\Roaming\vlc
2010-03-10 21:41 . 2009-08-12 08:37 -------- d-----w- c:\users\user\AppData\Roaming\IrfanView
2010-03-10 21:41 . 2010-02-07 04:07 -------- d-----w- c:\programdata\PMB Files
2010-03-10 21:41 . 2009-10-19 10:15 -------- d--h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-03-10 21:41 . 2009-05-26 14:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-10 21:41 . 2009-02-14 22:09 -------- d-----w- c:\programdata\Lavasoft
2010-03-10 21:41 . 2009-12-07 13:04 -------- d-----w- c:\program files\YouTube Downloader
2010-03-10 21:41 . 2009-05-26 14:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-10 21:41 . 2009-02-14 22:09 -------- d-----w- c:\program files\Lavasoft
2010-03-10 21:39 . 2009-12-08 08:56 -------- d-----w- c:\program files\Foxy
2010-02-07 05:20 . 2010-02-07 05:20 -------- d-----w- c:\programdata\Nexon
2010-02-07 05:20 . 2010-02-07 04:44 -------- d-----w- c:\programdata\NexonUS
2010-02-07 04:44 . 2010-02-07 04:44 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-02-07 04:44 . 2010-02-07 04:44 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-02-07 04:44 . 2010-02-07 04:44 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-02-07 04:44 . 2010-02-07 04:44 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-02-07 04:44 . 2010-02-07 04:44 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-02-07 04:44 . 2010-02-07 04:44 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-02-07 04:26 . 2009-01-19 23:43 -------- d-----w- c:\program files\Google
2010-02-07 04:06 . 2010-02-07 04:06 -------- d-----w- c:\program files\Pando Networks
2010-02-04 17:15 . 2009-10-19 10:15 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 17:15 . 2009-10-19 10:15 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 17:15 . 2009-10-19 10:15 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 17:15 . 2009-10-19 10:15 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 16:52 . 2009-03-12 22:20 -------- d-----w- c:\program files\iTunes
2010-02-02 16:52 . 2010-02-02 16:52 -------- d-----w- c:\program files\iPod
2010-02-02 16:52 . 2009-01-20 07:32 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 16:47 . 2009-09-15 07:51 -------- d-----w- c:\program files\QuickTime
2010-02-02 16:44 . 2010-02-02 16:44 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-29 00:52 . 2009-03-11 07:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 11:16 . 2009-10-19 10:15 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-21 19:13 . 2009-02-12 05:34 -------- d-----w- c:\users\user\AppData\Roaming\881903
2010-01-21 13:07 . 2009-01-19 22:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 13:43 . 2010-01-17 11:32 -------- d-----w- c:\program files\Ubisoft
2010-01-20 13:42 . 2009-01-15 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-20 03:03 . 2010-01-20 03:03 98304 ----a-w- c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
2010-01-20 03:03 . 2010-01-20 03:03 90112 ----a-w- c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDESEx.dll
2010-01-20 03:03 . 2010-01-20 03:03 28672 ----a-w- c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDES.dll
2010-01-18 03:07 . 2009-01-16 20:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 02:39 . 2009-01-16 20:47 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-18 02:30 . 2009-01-16 00:16 -------- d-----w- c:\programdata\NVIDIA
2010-01-18 02:30 . 2010-01-18 02:30 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-17 12:11 . 2010-01-17 12:11 -------- d-----w- c:\users\user\AppData\Roaming\Ubisoft
2010-01-17 12:11 . 2010-01-17 12:11 -------- d-----w- c:\programdata\Ubisoft
2010-01-14 19:12 . 2009-10-03 06:59 181120 ----a-w- c:\windows\system32\MpSigStub.exe
2010-01-08 03:18 . 2010-03-12 21:21 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-03-12 21:21 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-08 03:10 . 2010-01-08 03:10 101376 ----a-w- c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{59676c50-f36b-4584-85a9-67e455a0e89c}\components\RadioWMPCore.dll
2009-12-24 09:46 . 2010-01-08 03:10 52224 ----a-w- c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{59676c50-f36b-4584-85a9-67e455a0e89c}\components\FFExternalAlert.dll
2009-12-19 09:02 . 2010-01-21 19:25 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-03-12 21:21 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-03-12 21:21 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-03-12 21:21 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-03-12 21:21 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-03-12 21:21 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-03-12 21:21 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-03-12 21:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-03-12 21:21 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-17 03:45 . 2009-12-17 03:45 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-10-13 09:10 . 2009-10-13 09:10 604140 --sha-w- c:\windows\System32\drivers\ISwift3.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-19 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2010-03-12 1217872]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-07 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-19 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 foxy;Foxy: Filtering HTTP Proxy;c:\program files\Foxy-1.3.0\foxy.exe [x]
R2 gupdate1c9f41535522420;Google Update Service (gupdate1c9f41535522420);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 133104]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-02 691696]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-23 150568]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-04 21520]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 19472]

.
計劃任務 文件夾 裡的內容

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 15:13]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 15:13]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4138482827-2038174420-3310939869-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-19 21:39]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4138482827-2038174420-3310939869-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-19 21:39]
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
IE: Foxy 下載 - c:\program files\Foxy\Foxy.exe/download.htm
IE: Foxy 搜尋 - c:\program files\Foxy\Foxy.exe/search.htm
IE: 使用 FlashGet 下載 - c:\program files\FlashGet\jc_link.htm
IE: 全部使用 FlashGet 下載 - c:\program files\FlashGet\jc_all.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B7147C56-C0D9-4C49-8311-E51130552D9F} = 64.59.160.13,64.59.160.15
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{59676c50-f36b-4584-85a9-67e455a0e89c}\components\FFExternalAlert.dll
FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{59676c50-f36b-4584-85a9-67e455a0e89c}\components\RadioWMPCore.dll
FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudioEx.dll
FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDES.dll
FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDESEx.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- 火狐配置文件 ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.external.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.warn-external.foxy", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.expose.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("general.useragent.extra.foxy1", "Foxy/1");
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'Explorer.exe'(1204)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\taskhost.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
完成時間: 2010-03-16 03:12:08 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2010-03-16 10:12

Pre-Run: 66,809,274,368 bytes free
Post-Run: 68,953,432,064 bytes free

- - End Of File - - 6262693301DAFA97753AD2CEBC3A7108


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:39 AM

Posted 17 March 2010 - 01:14 PM

Hi,

Please post back with a fresh Gmer logfile, also please do this:

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 rs1985

rs1985
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 17 March 2010 - 08:33 PM

thanks for helping

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-17 18:31:57
Windows 6.1.7600
Running: 0sxx09es.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8C6DEBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8C6E052C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8C6E0782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8C6E09FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8C6DF450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8C6DFB32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8C6DFF3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8C6DF5F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8C6DFE14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8C6DE7D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8C6DFCD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8C6DE992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8C6E006E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8C6E1CB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8C6DF0EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8C6DF1EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8C6DFD72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8C6E16A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8C6E2672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8C6DF752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8C6E1734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8C6E1D64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8C6DFFDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8C6DF4D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8C6DFEAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8C6DEDD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8C6E1CDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8C6E0110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8C6DECFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8C6E0C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8C6E207C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8C6E19CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8C6E049A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8C6E0360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8C6E1442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8C6E2554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8C6DF86C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8C6DF30C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8C6E0CF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8C6E182E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8C6E21BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8C6E22A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8C6E23C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8C6E15CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8C6DEF4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8C6DEEA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8C6E1F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8C6DF02E]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83221AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83221104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832213F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8320A2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83209898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832211DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83221958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832216F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83221F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832221A8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x0A 0x08 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0xE2 0x65 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x1E 0x55 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x0A 0x08 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0xE2 0x65 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x1E 0x55 0xD4 ...
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\596648679\Groups@ 1

---- EOF - GMER 1.0.15 ----


Extra TXT

OTL Extras logfile created on: 17/03/2010 2:10:30 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\user\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 105.93 Gb Free Space | 11.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 7.45 Gb Total Space | 6.70 Gb Free Space | 89.93% Space Free | Partition Type: FAT32

Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10106AA7-38E7-4348-8396-9F535DF763EF}" = MSTPCRT
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01028}" = Nero 7 Essentials
"{1EEE4B66-0645-4CAC-ADBE-B283ED622FA9}" = LevelOne WNC-0600
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29902D0B-4BA9-4C6F-9FF4-E0C4D669186B}" = WNC-0600 N_One Wireless PCI Card
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google 地球
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F6B6F18-936D-4A64-B95F-6E7E19D4D610}" = UltraEdit 15.00
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = Dynasty Warriors 6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_ENTERPRISE_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_ENTERPRISE_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_ENTERPRISE_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_ENTERPRISE_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_ENTERPRISE_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_ENTERPRISE_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_ENTERPRISE_{33FA7680-10ED-444E-BC72-214064317283}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_ENTERPRISE_{5E6C6E79-40BE-491B-9ABF-C665667E1B07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0404-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
"{90120000-0044-0404-0000-0000000FF1CE}_ENTERPRISE_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_ENTERPRISE_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0404-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
"{90120000-00A1-0404-0000-0000000FF1CE}_ENTERPRISE_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0404-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (Chinese (Traditional)) 2007
"{90120000-0114-0404-0000-0000000FF1CE}_ENTERPRISE_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AC76BA86-7AD7-2447-5A64-7E8A45000001}" = Adobe Reader Chinese Simplified Fonts
"{AC76BA86-7AD7-2448-5A64-7E8A45000001}" = Adobe Reader Chinese Traditional Fonts
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}" = 小蒙恬
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"Combat Arms" = Combat Arms
"DiskAid_is1" = DiskAid 3.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Farm Frenzy Pizza Party1.0" = Farm Frenzy Pizza Party
"FlashGet(JetCar)" = FlashGet(JetCar)
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
"Foxy_is1" = Foxy v1.9.9
"Free RM to AVI Converter Splitter_is1" = Free RM to AVI Converter Splitter v2.0
"Hong Kong Toolbar_is1" = Hong Kong Toolbar 3.3.4.0
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IrfanView" = IrfanView (remove only)
"Left 4 Dead" = Left 4 Dead
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"mv61xxDriver" = marvell 61xx
"Nero8Lite_is1" = Nero 8 Lite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pro Evolution Soccer 2010_is1" = Pro Evolution Soccer 2010 1.0
"RealAlt_is1" = Real Alternative 1.9.0
"SopCast" = SopCast 3.2.4
"Steam App 500" = Left 4 Dead
"Steam App 510" = Left 4 Dead Dedicated Server
"SystemRequirementsLab" = System Requirements Lab
"Video Card Stability Test" = Video Card Stability Test
"VLC media player" = VLC media player 0.9.8a
"WavePad" = WavePad Sound Editor
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.9
"WMA MP3 Converter" = WMA MP3 Converter 2.8 build 966

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"InstallShield_{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = DYNASTY WARRIORS 6
"uTorrent" = Torrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


OTL

OTL logfile created on: 17/03/2010 2:10:30 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\user\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 105.93 Gb Free Space | 11.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 7.45 Gb Total Space | 6.70 Gb Free Space | 89.93% Space Free | Partition Type: FAT32

Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/17 14:02:55 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2010/03/11 22:34:19 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2010/03/10 14:50:13 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2010/02/04 10:15:31 | 000,823,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
PRC - [2010/01/22 20:16:38 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/01/19 11:40:44 | 000,815,104 | ---- | M] (Hong Kong Commercial Broadcasting Co. Ltd.) -- C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
PRC - [2010/01/15 20:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009/08/28 23:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/08/28 19:48:08 | 000,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
PRC - [2009/08/28 19:48:02 | 000,245,288 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
PRC - [2009/07/13 18:14:46 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/11/07 17:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/06 13:41:14 | 000,358,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2008/11/06 13:39:46 | 002,816,520 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2008/11/06 13:21:42 | 001,548,296 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2008/11/06 13:21:32 | 000,526,856 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2008/11/06 13:21:14 | 000,676,360 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2008/06/03 02:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2008/05/20 03:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/03/17 14:02:55 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 14:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2008/11/07 17:41:46 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/11/07 17:37:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (foxy)
SRV - [2010/02/04 10:15:29 | 001,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/12 00:56:58 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://sympatico.msn.ca/?lang=en-CA&OCID=FW69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 19 93 94 FF D9 C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {93ed9dfe-1cdd-4b73-840b-22051ad9955b}:4.0.0.4
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 14:46:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/12 14:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/11/18 13:06:14 | 000,000,000 | ---D | M]

[2009/11/03 00:36:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010/03/17 00:01:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5m9x9czo.default\extensions
[2009/11/03 00:36:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/05 18:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2010/03/10 14:41:46 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/01/19 20:03:12 | 000,000,000 | ---D | M] (Hong Kong Toolbar(Version: 4.0.0.4)) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}
[2009/11/03 00:36:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5m9x9czo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/10 13:54:45 | 000,002,279 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\5m9x9czo.default\searchplugins\ask.xml
[2010/03/10 13:54:46 | 000,001,034 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\5m9x9czo.default\searchplugins\bing.xml
[2010/02/10 11:06:11 | 000,000,526 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\5m9x9czo.default\searchplugins\yahoo.xml
[2010/03/17 00:01:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/03 00:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/02/06 21:06:54 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/03/16 03:06:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ShowHKToolbar Class) - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6A19C29D-ED45-4483-8999-9F939C8161F2} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Hong Kong Toolbar) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll (Hong Kong Commercial Broadcasting Co. Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Foxy ?? - C:\Program Files\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: Foxy 下載 - C:\Program Files\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: Foxy 搜尋 - C:\Program Files\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\user\Pictures\LSD Wallpaper.JPG
O24 - Desktop BackupWallPaper: C:\Users\user\Pictures\LSD Wallpaper.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 19:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - FSFilter System Recovery
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - FSFilter System Recovery
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 14 Days ==========

[2010/03/17 14:02:53 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/03/16 03:07:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/03/16 03:05:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/16 03:05:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2010/03/16 02:47:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/16 02:47:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/16 02:47:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/16 02:47:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/16 02:43:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/16 02:43:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/16 02:43:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/15 02:30:55 | 000,000,000 | ---D | C] -- C:\Users\user\陳奕迅 - Time Flies
[2010/03/12 13:55:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/09 18:13:32 | 000,000,000 | ---D | C] -- C:\Users\user\吳克群 ~ 寄生
[2010/03/09 17:33:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
[2010/03/09 09:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/03/09 09:19:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
[2010/03/09 09:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/09 07:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/03/09 06:57:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Spyware Terminator
[2010/03/09 06:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010/03/09 06:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010/03/07 19:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/03/03 19:46:22 | 000,000,000 | ---D | C] -- C:\Users\user\March 1 show
[2010/03/03 19:45:56 | 000,000,000 | ---D | C] -- C:\Users\user\2010 Feb 1 Show
[2010/03/03 19:45:31 | 000,000,000 | ---D | C] -- C:\Users\user\2010 Feb 8 Show
[2009/06/30 04:27:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\user\*.tmp files -> C:\Users\user\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/17 14:13:12 | 004,980,736 | -HS- | M] () -- C:\Users\user\ntuser.dat
[2010/03/17 14:12:09 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138482827-2038174420-3310939869-1000Core.job
[2010/03/17 14:09:21 | 003,633,696 | ---- | M] () -- C:\Users\user\Desktop\A000904-20100317-006.asf
[2010/03/17 14:08:42 | 002,970,462 | ---- | M] () -- C:\Users\user\Desktop\A000904-20100317-005.asf
[2010/03/17 14:07:41 | 003,745,008 | ---- | M] () -- C:\Users\user\Desktop\A000904-20100317-004.asf
[2010/03/17 14:06:57 | 002,958,867 | ---- | M] () -- C:\Users\user\Desktop\A000904-20100317-001.asf
[2010/03/17 14:06:29 | 003,635,242 | ---- | M] () -- C:\Users\user\Desktop\A000904-20100317-002.asf
[2010/03/17 14:05:33 | 002,979,738 | ---- | M] () -- C:\Users\user\Desktop\A000904-20100317-003.asf
[2010/03/17 14:02:55 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/03/17 14:00:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138482827-2038174420-3310939869-1000UA.job
[2010/03/17 13:55:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/17 13:55:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/17 08:10:38 | 003,632,150 | ---- | M] () -- C:\Users\user\A000904-20100316-006.asf
[2010/03/17 08:06:20 | 003,194,632 | ---- | M] () -- C:\Users\user\A000904-20100316-005.asf
[2010/03/17 07:51:56 | 003,395,612 | ---- | M] () -- C:\Users\user\A000904-20100316-004.asf
[2010/03/17 07:20:50 | 002,747,838 | ---- | M] () -- C:\Users\user\A000904-20100316-003.asf
[2010/03/17 07:17:53 | 003,917,387 | ---- | M] () -- C:\Users\user\A000904-20100316-002.asf
[2010/03/17 07:17:19 | 002,974,327 | ---- | M] () -- C:\Users\user\A000904-20100316-001.asf
[2010/03/17 07:15:55 | 000,055,945 | ---- | M] () -- C:\Users\user\19575_499444285345_816590345_10780594_3417649_n.jpg
[2010/03/17 06:06:43 | 000,063,280 | ---- | M] () -- C:\Users\user\13837_189259139920_778999920_2774244_5471538_n.jpg
[2010/03/17 06:06:36 | 000,025,104 | ---- | M] () -- C:\Users\user\13837_189259224920_778999920_2774256_3869028_n.jpg
[2010/03/17 06:06:29 | 000,047,451 | ---- | M] () -- C:\Users\user\8926_171746709920_778999920_2628547_467515_n.jpg
[2010/03/17 05:51:23 | 000,209,565 | ---- | M] () -- C:\Users\user\bg01.jpg
[2010/03/17 05:50:20 | 002,729,288 | ---- | M] () -- C:\Users\user\A000426-20100317-005.asf
[2010/03/17 05:49:44 | 002,918,673 | ---- | M] () -- C:\Users\user\A000426-20100317-004.asf
[2010/03/17 05:49:18 | 003,109,604 | ---- | M] () -- C:\Users\user\A000426-20100317-003.asf
[2010/03/17 05:48:51 | 002,095,428 | ---- | M] () -- C:\Users\user\A000426-20100317-002.asf
[2010/03/17 05:05:59 | 002,738,564 | ---- | M] () -- C:\Users\user\A000426-20100317-006.asf
[2010/03/17 04:05:41 | 003,067,089 | ---- | M] () -- C:\Users\user\A000426-20100317-001.asf
[2010/03/17 04:01:48 | 000,081,899 | ---- | M] () -- C:\Users\user\23685_1356810114849_1069351836_1085800_7402553_n.jpg
[2010/03/17 00:13:10 | 002,832,860 | ---- | M] () -- C:\Users\user\A000347-20100316-002.asf
[2010/03/16 23:53:09 | 002,744,738 | ---- | M] () -- C:\Users\user\A000347-20100316-001.asf
[2010/03/16 23:52:43 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/16 23:52:43 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/16 23:51:04 | 000,752,744 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/16 23:51:04 | 000,633,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/16 23:51:04 | 000,114,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/16 23:45:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/16 23:45:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/16 23:45:14 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/16 23:43:56 | 002,377,070 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2010/03/16 22:07:11 | 000,000,063 | ---- | M] () -- C:\Users\user\Just Beautiful Men.URL
[2010/03/16 10:26:27 | 002,836,727 | ---- | M] () -- C:\Users\user\A000422-20100316-003.asf
[2010/03/16 10:00:25 | 002,835,954 | ---- | M] () -- C:\Users\user\A000422-20100316-002.asf
[2010/03/16 06:42:57 | 005,780,503 | ---- | M] () -- C:\Users\user\林頤-墨爾本的翡翠.mp3
[2010/03/16 06:33:39 | 010,136,555 | ---- | M] () -- C:\Users\user\F.I.R.---We-Are.mp3
[2010/03/16 04:50:46 | 000,039,247 | ---- | M] () -- C:\Users\user\19338_347982859407_662664407_5055038_4119801_n.jpg
[2010/03/16 04:41:22 | 000,043,829 | ---- | M] () -- C:\Users\user\17363_101054003260498_100000676970532_27791_1380869_n.jpg
[2010/03/16 03:07:08 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/16 03:06:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/15 13:35:40 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/15 09:31:28 | 000,023,407 | ---- | M] () -- C:\Users\user\19948_1320220360076_1067792217_986655_7913579_n.jpg
[2010/03/15 09:31:25 | 000,029,102 | ---- | M] () -- C:\Users\user\19455_270753062324_564422324_2871333_4777580_n.jpg
[2010/03/15 09:31:00 | 000,034,097 | ---- | M] () -- C:\Users\user\19338_347982864407_662664407_5055039_4870662_n.jpg
[2010/03/15 09:30:46 | 000,021,193 | ---- | M] () -- C:\Users\user\26861_412735234407_662664407_5308781_4513513_n.jpg
[2010/03/15 03:22:53 | 003,440,919 | ---- | M] () -- C:\Users\user\海鳴威 - 下一站香港 (Full Version).mp3
[2010/03/15 03:18:59 | 009,294,722 | ---- | M] () -- C:\Users\user\洪卓立 - 你好嗎.mp3
[2010/03/15 02:48:43 | 000,114,704 | ---- | M] () -- C:\Users\user\headshot (1 shot)(1).wav
[2010/03/15 02:39:15 | 004,834,369 | ---- | M] () -- C:\Users\user\野仔 - 我生日 (野仔 8 週年紀念歌).mp3
[2010/03/15 02:21:30 | 007,710,969 | ---- | M] () -- C:\Users\user\鄧麗欣 - 心甜.mp3
[2010/03/15 02:19:17 | 005,967,960 | ---- | M] () -- C:\Users\user\06.+我不懂愛.mp3
[2010/03/13 01:03:02 | 000,528,750 | ---- | M] () -- C:\Users\user\商台DJ余迪偉 呀Bu醉摑警員案件重演!.mp3
[2010/03/12 14:46:16 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/12 14:20:00 | 000,000,760 | ---- | M] () -- C:\Users\user\AppData\Roaming\setup_ldm.iss
[2010/03/12 13:43:10 | 000,293,376 | ---- | M] () -- C:\Users\user\6hjs6kji.exe
[2010/03/12 13:42:11 | 000,000,126 | ---- | M] () -- C:\Users\user\dds.htm
[2010/03/12 13:41:48 | 000,524,288 | ---- | M] () -- C:\Users\user\dds.scr
[2010/03/12 04:48:09 | 000,061,554 | ---- | M] () -- C:\Users\user\55112_m15.jpg
[2010/03/11 16:21:32 | 000,027,648 | ---- | M] () -- C:\Users\user\Book Review 2.doc
[2010/03/11 10:02:32 | 000,459,745 | ---- | M] () -- C:\Users\user\Mb_EV12-coupe_1662_1920x1200.jpg
[2010/03/11 10:02:28 | 000,218,279 | ---- | M] () -- C:\Users\user\Mb_EV12-coupe_1661_1920x1200.jpg
[2010/03/11 10:02:24 | 000,375,357 | ---- | M] () -- C:\Users\user\Mb_EV12-coupe_1660_1920x1200.jpg
[2010/03/11 10:02:20 | 000,362,626 | ---- | M] () -- C:\Users\user\Mb_EV12-coupe_1659_1920x1200.jpg
[2010/03/11 10:02:16 | 000,221,785 | ---- | M] () -- C:\Users\user\Mb_EV12-coupe_1658_1920x1200.jpg
[2010/03/11 10:02:12 | 000,230,167 | ---- | M] () -- C:\Users\user\Mb_EV12-coupe_1657_1920x1200.jpg
[2010/03/11 10:02:08 | 000,224,478 | ---- | M] () -- C:\Users\user\Mb_EV12-coupe_1656_1920x1200.jpg
[2010/03/11 10:02:03 | 000,248,159 | ---- | M] () -- C:\Users\user\Mb_EV12-coupe_1655_1920x1200.jpg
[2010/03/11 10:01:58 | 000,188,785 | ---- | M] () -- C:\Users\user\Mb_EV12-coupe_1654_1920x1200.jpg
[2010/03/11 10:01:51 | 000,258,985 | ---- | M] () -- C:\Users\user\Mb_EV12-coupe_1653_1920x1200.jpg
[2010/03/11 05:48:01 | 000,312,537 | ---- | M] () -- C:\Users\user\jpg_lloris-1280.jpg
[2010/03/11 05:47:48 | 000,217,953 | ---- | M] () -- C:\Users\user\LLoris_1024.jpg
[2010/03/11 03:17:48 | 004,357,423 | ---- | M] () -- C:\Users\user\_DSC5485.JPG
[2010/03/11 03:17:04 | 003,600,311 | ---- | M] () -- C:\Users\user\_DSC5484.JPG
[2010/03/10 19:36:26 | 000,030,169 | ---- | M] () -- C:\Users\user\(鈴聲)司徒法正 出事架嘛.mp3
[2010/03/10 14:43:51 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{594eaed8-2c86-11df-ba35-0022156b8f6a}.TMContainer00000000000000000002.regtrans-ms
[2010/03/10 14:43:51 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{594eaed8-2c86-11df-ba35-0022156b8f6a}.TMContainer00000000000000000001.regtrans-ms
[2010/03/10 14:43:51 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{594eaed8-2c86-11df-ba35-0022156b8f6a}.TM.blf
[2010/03/10 14:35:42 | 000,023,552 | ---- | M] () -- C:\Users\user\History 436A Term Essay.doc
[2010/03/10 00:55:59 | 000,104,967 | ---- | M] () -- C:\Users\user\mar0910_avs_salo_pog_b.jpg
[2010/03/09 20:48:07 | 000,009,773 | ---- | M] () -- C:\Users\user\13545_188858858095_500873095_3040502_515715_n.jpg
[2010/03/09 17:27:38 | 000,000,196 | ---- | M] () -- C:\Users\user\kosatsu.asx
[2010/03/09 09:32:18 | 000,051,325 | ---- | M] () -- C:\Users\user\n727210023_1017648_2812.jpg
[2010/03/09 09:32:15 | 000,046,971 | ---- | M] () -- C:\Users\user\n727210023_1152810_7581.jpg
[2010/03/08 14:00:24 | 001,991,040 | ---- | M] () -- C:\Users\user\我願意.mp3
[2010/03/08 07:44:43 | 004,257,364 | ---- | M] () -- C:\Users\user\楊千嬅 - 呼吸需要.mp3
[2010/03/08 07:23:24 | 000,012,070 | ---- | M] () -- C:\Users\user\Gun.wav
[2010/03/08 06:58:10 | 003,478,913 | ---- | M] () -- C:\Users\user\張敬軒 - 茶想曲.mp3
[2010/03/08 06:56:24 | 005,761,492 | ---- | M] () -- C:\Users\user\周柏豪 - 我不要被你記住.mp3
[2010/03/08 06:52:13 | 009,213,986 | ---- | M] () -- C:\Users\user\謝安琪 & 陳慧琳 - 文字流淚.mp3
[2010/03/08 06:49:23 | 004,523,307 | ---- | M] () -- C:\Users\user\陳奕迅~大人 (CD Version).mp3
[2010/03/07 14:39:06 | 000,000,036 | ---- | M] () -- C:\Users\user\AppData\Local\housecall.guid.cache
[2010/03/07 03:26:06 | 000,012,052 | ---- | M] () -- C:\Users\user\HKSA ELECTION FORM.docx
[2010/03/06 16:25:33 | 000,010,755 | ---- | M] () -- C:\Users\user\Documents\story.docx
[2010/03/06 16:25:33 | 000,000,162 | -H-- | M] () -- C:\Users\user\Documents\~$story.docx
[2010/03/06 07:04:14 | 000,160,487 | ---- | M] () -- C:\Users\user\Chisato Suzuki2 Ferrari.jpg
[2010/03/06 07:02:14 | 000,126,715 | ---- | M] () -- C:\Users\user\Chisato Suzuki2 MAC.jpg
[2010/03/06 07:00:56 | 000,193,499 | ---- | M] () -- C:\Users\user\Chisato Suzuki2.jpg
[2010/03/05 04:42:36 | 000,011,131 | ---- | M] () -- C:\Users\user\book list.docx
[2010/03/03 19:40:48 | 000,165,667 | ---- | M] () -- C:\Users\user\bookmarks.html
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\user\*.tmp files -> C:\Users\user\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/17 14:08:56 | 003,633,696 | ---- | C] () -- C:\Users\user\Desktop\A000904-20100317-006.asf
[2010/03/17 14:07:58 | 002,970,462 | ---- | C] () -- C:\Users\user\Desktop\A000904-20100317-005.asf
[2010/03/17 14:07:05 | 003,745,008 | ---- | C] () -- C:\Users\user\Desktop\A000904-20100317-004.asf
[2010/03/17 14:06:35 | 002,958,867 | ---- | C] () -- C:\Users\user\Desktop\A000904-20100317-001.asf
[2010/03/17 14:06:04 | 003,635,242 | ---- | C] () -- C:\Users\user\Desktop\A000904-20100317-002.asf
[2010/03/17 14:05:33 | 002,979,738 | ---- | C] () -- C:\Users\user\Desktop\A000904-20100317-003.asf
[2010/03/17 08:10:38 | 003,632,150 | ---- | C] () -- C:\Users\user\A000904-20100316-006.asf
[2010/03/17 07:57:54 | 003,194,632 | ---- | C] () -- C:\Users\user\A000904-20100316-005.asf
[2010/03/17 07:51:56 | 003,395,612 | ---- | C] () -- C:\Users\user\A000904-20100316-004.asf
[2010/03/17 07:18:02 | 002,747,838 | ---- | C] () -- C:\Users\user\A000904-20100316-003.asf
[2010/03/17 07:17:25 | 003,917,387 | ---- | C] () -- C:\Users\user\A000904-20100316-002.asf
[2010/03/17 07:17:01 | 002,974,327 | ---- | C] () -- C:\Users\user\A000904-20100316-001.asf
[2010/03/17 07:15:54 | 000,055,945 | ---- | C] () -- C:\Users\user\19575_499444285345_816590345_10780594_3417649_n.jpg
[2010/03/17 06:06:42 | 000,063,280 | ---- | C] () -- C:\Users\user\13837_189259139920_778999920_2774244_5471538_n.jpg
[2010/03/17 06:06:36 | 000,025,104 | ---- | C] () -- C:\Users\user\13837_189259224920_778999920_2774256_3869028_n.jpg
[2010/03/17 06:06:28 | 000,047,451 | ---- | C] () -- C:\Users\user\8926_171746709920_778999920_2628547_467515_n.jpg
[2010/03/17 05:49:51 | 002,729,288 | ---- | C] () -- C:\Users\user\A000426-20100317-005.asf
[2010/03/17 05:49:27 | 002,918,673 | ---- | C] () -- C:\Users\user\A000426-20100317-004.asf
[2010/03/17 05:48:59 | 003,109,604 | ---- | C] () -- C:\Users\user\A000426-20100317-003.asf
[2010/03/17 05:48:38 | 002,095,428 | ---- | C] () -- C:\Users\user\A000426-20100317-002.asf
[2010/03/17 05:05:59 | 002,738,564 | ---- | C] () -- C:\Users\user\A000426-20100317-006.asf
[2010/03/17 04:06:58 | 000,209,565 | ---- | C] () -- C:\Users\user\bg01.jpg
[2010/03/17 04:05:21 | 003,067,089 | ---- | C] () -- C:\Users\user\A000426-20100317-001.asf
[2010/03/17 04:01:48 | 000,081,899 | ---- | C] () -- C:\Users\user\23685_1356810114849_1069351836_1085800_7402553_n.jpg
[2010/03/17 00:13:10 | 002,832,860 | ---- | C] () -- C:\Users\user\A000347-20100316-002.asf
[2010/03/16 23:53:08 | 002,744,738 | ---- | C] () -- C:\Users\user\A000347-20100316-001.asf
[2010/03/16 22:07:11 | 000,000,063 | ---- | C] () -- C:\Users\user\Just Beautiful Men.URL
[2010/03/16 10:09:49 | 002,836,727 | ---- | C] () -- C:\Users\user\A000422-20100316-003.asf
[2010/03/16 10:00:24 | 002,835,954 | ---- | C] () -- C:\Users\user\A000422-20100316-002.asf
[2010/03/16 06:39:46 | 005,780,503 | ---- | C] () -- C:\Users\user\林頤-墨爾本的翡翠.mp3
[2010/03/16 06:31:13 | 010,136,555 | ---- | C] () -- C:\Users\user\F.I.R.---We-Are.mp3
[2010/03/16 04:41:21 | 000,043,829 | ---- | C] () -- C:\Users\user\17363_101054003260498_100000676970532_27791_1380869_n.jpg
[2010/03/16 02:47:48 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/16 02:47:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/16 02:47:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/16 02:47:48 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/16 02:47:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/15 09:31:27 | 000,023,407 | ---- | C] () -- C:\Users\user\19948_1320220360076_1067792217_986655_7913579_n.jpg
[2010/03/15 09:31:22 | 000,029,102 | ---- | C] () -- C:\Users\user\19455_270753062324_564422324_2871333_4777580_n.jpg
[2010/03/15 09:31:10 | 000,039,247 | ---- | C] () -- C:\Users\user\19338_347982859407_662664407_5055038_4119801_n.jpg
[2010/03/15 09:30:59 | 000,034,097 | ---- | C] () -- C:\Users\user\19338_347982864407_662664407_5055039_4870662_n.jpg
[2010/03/15 09:30:45 | 000,021,193 | ---- | C] () -- C:\Users\user\26861_412735234407_662664407_5308781_4513513_n.jpg
[2010/03/15 03:22:52 | 003,440,919 | ---- | C] () -- C:\Users\user\海鳴威 - 下一站香港 (Full Version).mp3
[2010/03/15 02:53:47 | 009,294,722 | ---- | C] () -- C:\Users\user\洪卓立 - 你好嗎.mp3
[2010/03/15 02:48:35 | 000,114,704 | ---- | C] () -- C:\Users\user\headshot (1 shot)(1).wav
[2010/03/15 02:39:10 | 004,834,369 | ---- | C] () -- C:\Users\user\野仔 - 我生日 (野仔 8 週年紀念歌).mp3
[2010/03/15 02:32:13 | 010,278,929 | ---- | C] () -- C:\Users\user\F.I.R飛兒樂團 讓我們一起微笑吧-07.荊棘裡的花.mp3
[2010/03/15 02:20:28 | 007,710,969 | ---- | C] () -- C:\Users\user\鄧麗欣 - 心甜.mp3
[2010/03/15 02:16:14 | 005,967,960 | ---- | C] () -- C:\Users\user\06.+我不懂愛.mp3
[2010/03/13 01:06:04 | 000,528,750 | ---- | C] () -- C:\Users\user\商台DJ余迪偉 呀Bu醉摑警員案件重演!.mp3
[2010/03/12 14:46:16 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/12 14:20:00 | 000,000,760 | ---- | C] () -- C:\Users\user\AppData\Roaming\setup_ldm.iss
[2010/03/12 13:43:09 | 000,293,376 | ---- | C] () -- C:\Users\user\6hjs6kji.exe
[2010/03/12 13:42:09 | 000,000,126 | ---- | C] () -- C:\Users\user\dds.htm
[2010/03/12 13:41:43 | 000,524,288 | ---- | C] () -- C:\Users\user\dds.scr
[2010/03/12 04:48:08 | 000,061,554 | ---- | C] () -- C:\Users\user\55112_m15.jpg
[2010/03/11 12:04:45 | 000,027,648 | ---- | C] () -- C:\Users\user\Book Review 2.doc
[2010/03/11 10:02:32 | 000,459,745 | ---- | C] () -- C:\Users\user\Mb_EV12-coupe_1662_1920x1200.jpg
[2010/03/11 10:02:28 | 000,218,279 | ---- | C] () -- C:\Users\user\Mb_EV12-coupe_1661_1920x1200.jpg
[2010/03/11 10:02:23 | 000,375,357 | ---- | C] () -- C:\Users\user\Mb_EV12-coupe_1660_1920x1200.jpg
[2010/03/11 10:02:20 | 000,362,626 | ---- | C] () -- C:\Users\user\Mb_EV12-coupe_1659_1920x1200.jpg
[2010/03/11 10:02:15 | 000,221,785 | ---- | C] () -- C:\Users\user\Mb_EV12-coupe_1658_1920x1200.jpg
[2010/03/11 10:02:11 | 000,230,167 | ---- | C] () -- C:\Users\user\Mb_EV12-coupe_1657_1920x1200.jpg
[2010/03/11 10:02:07 | 000,224,478 | ---- | C] () -- C:\Users\user\Mb_EV12-coupe_1656_1920x1200.jpg
[2010/03/11 10:02:02 | 000,248,159 | ---- | C] () -- C:\Users\user\Mb_EV12-coupe_1655_1920x1200.jpg
[2010/03/11 10:01:57 | 000,188,785 | ---- | C] () -- C:\Users\user\Mb_EV12-coupe_1654_1920x1200.jpg
[2010/03/11 10:01:51 | 000,258,985 | ---- | C] () -- C:\Users\user\Mb_EV12-coupe_1653_1920x1200.jpg
[2010/03/11 05:48:00 | 000,312,537 | ---- | C] () -- C:\Users\user\jpg_lloris-1280.jpg
[2010/03/11 05:47:47 | 000,217,953 | ---- | C] () -- C:\Users\user\LLoris_1024.jpg
[2010/03/11 03:12:08 | 004,357,423 | ---- | C] () -- C:\Users\user\_DSC5485.JPG
[2010/03/11 03:12:03 | 003,600,311 | ---- | C] () -- C:\Users\user\_DSC5484.JPG
[2010/03/10 19:36:26 | 000,030,169 | ---- | C] () -- C:\Users\user\(鈴聲)司徒法正 出事架嘛.mp3
[2010/03/10 14:43:51 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{594eaed8-2c86-11df-ba35-0022156b8f6a}.TMContainer00000000000000000002.regtrans-ms
[2010/03/10 14:43:51 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{594eaed8-2c86-11df-ba35-0022156b8f6a}.TMContainer00000000000000000001.regtrans-ms
[2010/03/10 14:43:51 | 000,065,536 | -HS- | C] () -- C:\Users\user\ntuser.dat{594eaed8-2c86-11df-ba35-0022156b8f6a}.TM.blf
[2010/03/10 14:36:26 | 000,023,552 | ---- | C] () -- C:\Users\user\History 436A Term Essay.doc
[2010/03/10 00:55:59 | 000,104,967 | ---- | C] () -- C:\Users\user\mar0910_avs_salo_pog_b.jpg
[2010/03/09 20:48:06 | 000,009,773 | ---- | C] () -- C:\Users\user\13545_188858858095_500873095_3040502_515715_n.jpg
[2010/03/09 17:27:38 | 000,000,196 | ---- | C] () -- C:\Users\user\kosatsu.asx
[2010/03/09 09:32:17 | 000,051,325 | ---- | C] () -- C:\Users\user\n727210023_1017648_2812.jpg
[2010/03/09 09:32:12 | 000,046,971 | ---- | C] () -- C:\Users\user\n727210023_1152810_7581.jpg
[2010/03/08 13:58:14 | 001,991,040 | ---- | C] () -- C:\Users\user\我願意.mp3
[2010/03/08 07:40:04 | 004,257,364 | ---- | C] () -- C:\Users\user\楊千嬅 - 呼吸需要.mp3
[2010/03/08 07:23:23 | 000,012,070 | ---- | C] () -- C:\Users\user\Gun.wav
[2010/03/08 06:58:08 | 003,478,913 | ---- | C] () -- C:\Users\user\張敬軒 - 茶想曲.mp3
[2010/03/08 06:56:21 | 005,761,492 | ---- | C] () -- C:\Users\user\周柏豪 - 我不要被你記住.mp3
[2010/03/08 06:50:25 | 009,213,986 | ---- | C] () -- C:\Users\user\謝安琪 & 陳慧琳 - 文字流淚.mp3
[2010/03/08 06:48:54 | 004,523,307 | ---- | C] () -- C:\Users\user\陳奕迅~大人 (CD Version).mp3
[2010/03/07 14:39:06 | 000,000,036 | ---- | C] () -- C:\Users\user\AppData\Local\housecall.guid.cache
[2010/03/06 20:55:39 | 000,012,052 | ---- | C] () -- C:\Users\user\HKSA ELECTION FORM.docx
[2010/03/06 16:25:33 | 000,000,162 | -H-- | C] () -- C:\Users\user\Documents\~$story.docx
[2010/03/06 16:25:32 | 000,010,755 | ---- | C] () -- C:\Users\user\Documents\story.docx
[2010/03/06 07:04:06 | 000,160,487 | ---- | C] () -- C:\Users\user\Chisato Suzuki2 Ferrari.jpg
[2010/03/06 07:02:08 | 000,126,715 | ---- | C] () -- C:\Users\user\Chisato Suzuki2 MAC.jpg
[2010/03/06 07:00:51 | 000,193,499 | ---- | C] () -- C:\Users\user\Chisato Suzuki2.jpg
[2010/03/06 05:26:27 | 000,145,088 | ---- | C] () -- C:\Users\user\b140.jpg
[2010/03/06 05:26:27 | 000,134,219 | ---- | C] () -- C:\Users\user\b131.jpg
[2010/03/06 05:26:27 | 000,126,580 | ---- | C] () -- C:\Users\user\b218.jpg
[2010/03/06 05:26:27 | 000,103,023 | ---- | C] () -- C:\Users\user\b219.jpg
[2010/03/06 05:26:26 | 000,155,410 | ---- | C] () -- C:\Users\user\b123.jpg
[2010/03/06 05:26:25 | 000,127,634 | ---- | C] () -- C:\Users\user\b221.jpg
[2010/03/05 04:42:35 | 000,011,131 | ---- | C] () -- C:\Users\user\book list.docx
[2010/03/03 19:45:31 | 000,011,522 | ---- | C] () -- C:\Users\user\Documents\Ronald So V00187006 Written Statement.docx
[2010/03/03 19:45:30 | 000,022,874 | ---- | C] () -- C:\Users\user\Documents\Mid Term Examination.docx
[2010/03/03 19:45:29 | 000,018,068 | ---- | C] () -- C:\Users\user\Documents\Book Review 1.docx
[2010/03/03 19:45:29 | 000,014,662 | ---- | C] () -- C:\Users\user\Documents\February_1st_2010.docx
[2010/03/03 19:45:29 | 000,013,765 | ---- | C] () -- C:\Users\user\Documents\Hindi chini bhai bhai.docx
[2010/03/03 19:45:29 | 000,013,339 | ---- | C] () -- C:\Users\user\Documents\Sino Indian Relation.docx
[2010/03/03 19:45:29 | 000,013,060 | ---- | C] () -- C:\Users\user\Documents\Feb 10th 2010.docx
[2010/03/03 19:45:29 | 000,011,213 | ---- | C] () -- C:\Users\user\Documents\The Abuse of Comfort Women during Japanese Occupation in China.docx
[2010/03/03 19:45:29 | 000,010,787 | ---- | C] () -- C:\Users\user\Documents\1930.docx
[2010/03/03 19:45:29 | 000,010,383 | ---- | C] () -- C:\Users\user\Documents\Song of Youth Flagged chapters.docx
[2010/03/03 19:45:29 | 000,010,286 | ---- | C] () -- C:\Users\user\Documents\mid term.docx
[2010/03/03 19:45:28 | 000,041,472 | ---- | C] () -- C:\Users\user\Documents\Mid Term Examination.doc
[2010/03/03 19:45:28 | 000,015,082 | ---- | C] () -- C:\Users\user\Documents\UVic_HKSA_Basketball_Tournament_Sign_edited.docx
[2010/03/03 19:45:28 | 000,013,688 | ---- | C] () -- C:\Users\user\Documents\Feb 1 Chinese Foreign policy.docx
[2010/03/03 19:45:28 | 000,013,207 | ---- | C] () -- C:\Users\user\Documents\1970 Lin Biao Affair.docx
[2010/03/03 19:45:28 | 000,012,068 | ---- | C] () -- C:\Users\user\Documents\Lost Opportunity for PRC to take Taiwan.docx
[2010/03/03 19:45:28 | 000,011,971 | ---- | C] () -- C:\Users\user\Documents\Clean out the finished wordings.docx
[2010/03/03 19:45:28 | 000,010,951 | ---- | C] () -- C:\Users\user\Documents\Ideological Disputes.docx
[2010/03/03 19:45:28 | 000,010,496 | ---- | C] () -- C:\Users\user\Documents\Lu Xun.docx
[2010/03/03 19:45:27 | 000,230,195 | ---- | C] () -- C:\Users\user\Documents\Henry Ford and the model T.docx
[2010/03/03 19:45:27 | 000,211,500 | ---- | C] () -- C:\Users\user\Documents\MUS_115_2009-10_Outline.pdf
[2010/03/03 19:45:27 | 000,012,486 | ---- | C] () -- C:\Users\user\Documents\22 Sept 09.docx
[2010/03/03 19:45:27 | 000,012,387 | ---- | C] () -- C:\Users\user\Documents\Henry Morton Stanley.docx
[2010/03/03 19:45:26 | 000,020,086 | ---- | C] () -- C:\Users\user\Documents\Research Paper Proposal.docx
[2010/03/03 19:45:26 | 000,012,861 | ---- | C] () -- C:\Users\user\Documents\Questions.docx
[2010/03/03 19:45:26 | 000,012,334 | ---- | C] () -- C:\Users\user\Documents\Sahara.docx
[2010/03/03 19:45:26 | 000,010,968 | ---- | C] () -- C:\Users\user\Documents\Roads in America.docx
[2010/03/03 19:45:26 | 000,010,888 | ---- | C] () -- C:\Users\user\Documents\Pierre Savornan De Brazza.docx
[2010/03/03 19:45:26 | 000,010,387 | ---- | C] () -- C:\Users\user\Documents\5.docx
[2010/03/03 19:45:25 | 000,013,799 | ---- | C] () -- C:\Users\user\Documents\Key Actors.docx
[2010/03/03 19:45:25 | 000,012,288 | ---- | C] () -- C:\Users\user\Documents\Sept 28 meeting minutes.docx
[2010/03/03 19:45:25 | 000,012,042 | ---- | C] () -- C:\Users\user\Documents\Sept 28th History Cars.docx
[2010/03/03 19:45:25 | 000,011,957 | ---- | C] () -- C:\Users\user\Documents\Music 115.docx
[2010/03/03 19:45:25 | 000,011,771 | ---- | C] () -- C:\Users\user\Documents\History 468 A01.docx
[2010/03/03 19:45:25 | 000,011,426 | ---- | C] () -- C:\Users\user\Documents\Minutes oct 5th.docx
[2010/03/03 19:45:25 | 000,011,274 | ---- | C] () -- C:\Users\user\Documents\The roaring 20s.docx
[2010/03/03 19:45:25 | 000,010,794 | ---- | C] () -- C:\Users\user\Documents\Life and Death are wearing me out.docx
[2010/03/03 19:45:25 | 000,010,535 | ---- | C] () -- C:\Users\user\Documents\Organum.docx
[2010/03/03 19:45:25 | 000,010,325 | ---- | C] () -- C:\Users\user\Documents\Ordinary.docx
[2010/03/03 19:45:24 | 005,468,746 | ---- | C] () -- C:\Users\user\Hotcha - 好姊妹.mp3
[2010/03/03 19:45:24 | 000,110,053 | ---- | C] () -- C:\Users\user\roberto-luongo.jpg
[2010/03/03 19:45:24 | 000,035,840 | ---- | C] () -- C:\Users\user\English_115_Argumentative_Essay, Spr 2010.doc
[2010/03/03 19:45:24 | 000,016,522 | ---- | C] () -- C:\Users\user\2010 - Disagree on changing children's dictionary.docx
[2010/03/03 19:45:24 | 000,011,909 | ---- | C] () -- C:\Users\user\Documents\Scramble for Africa 1870.docx
[2010/03/03 19:45:23 | 000,093,290 | ---- | C] () -- C:\Users\user\feb2310_luongo_b.jpg
[2010/03/03 19:45:23 | 000,090,868 | ---- | C] () -- C:\Users\user\feb1710_luongo_b.jpg
[2010/03/03 19:40:46 | 000,165,667 | ---- | C] () -- C:\Users\user\bookmarks.html
[2010/01/29 14:51:30 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/05 19:21:31 | 000,008,192 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/17 19:49:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/20 08:12:05 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/08/16 17:47:34 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Roaming\winscp.rnd
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/30 13:42:05 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/06/30 13:42:05 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/06/30 13:42:05 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/06/30 13:42:05 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/06/30 04:27:44 | 000,000,033 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.log
[2009/06/30 04:27:00 | 000,007,887 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat
[2009/06/30 04:27:00 | 000,001,144 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf
[2009/05/19 02:17:52 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2009/03/06 23:41:18 | 000,278,528 | ---- | C] () -- C:\Windows\System32\WinDll.dll
[2009/02/20 06:46:01 | 000,000,029 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.rss
[2009/02/20 06:46:01 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Roaming\downloads.m3u
[2009/02/11 22:34:34 | 000,278,528 | ---- | C] () -- C:\Windows\System32\Unhtml.dll
[2009/01/19 16:06:06 | 000,131,072 | ---- | C] () -- C:\Windows\System32\PPWORDW.DLL
[2009/01/19 16:06:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PPadApi.dll
[2009/01/16 14:07:33 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2009/01/15 16:05:38 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2009/01/15 16:05:38 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/01/15 16:05:29 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009/01/15 16:05:29 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009/01/15 15:51:33 | 000,034,684 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/01/15 15:51:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/01/15 15:51:24 | 000,034,294 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/12/28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2005/05/27 08:10:24 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2010/01/21 12:13:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\881903
[2009/11/03 00:36:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2009/11/15 08:03:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DiskAid
[2009/12/08 01:58:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxy
[2009/11/03 00:36:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeStone Group
[2009/11/15 07:39:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ
[2010/03/10 14:41:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IrfanView
[2009/12/08 08:03:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2009/11/03 00:36:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ludia
[2009/11/03 00:36:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NCH Swift Sound
[2010/03/10 14:41:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Spyware Terminator
[2009/11/03 00:36:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SystemRequirementsLab
[2009/11/03 00:36:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\The Creative Assembly
[2010/01/17 05:11:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft
[2010/03/17 08:16:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2009/11/03 00:37:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ValuSoft
[2009/06/30 04:29:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vso
[2010/03/10 15:50:03 | 000,009,710 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010/03/11 15:13:30 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2010/03/11 15:13:30 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2010/03/15 13:36:52 | 005,096,304 | ---- | M] ()(C:\Users\user\12??? - 天地合 01.天地?.mp3) -- C:\Users\user\12萨顶顶 - 天地合 01.天地记.mp3
[2010/03/15 13:36:35 | 005,096,304 | ---- | C] ()(C:\Users\user\12??? - 天地合 01.天地?.mp3) -- C:\Users\user\12萨顶顶 - 天地合 01.天地记.mp3
[2010/03/15 02:19:57 | 005,563,536 | ---- | M] ()(C:\Users\user\Twins+-+人人?起+(CD+Version).mp3) -- C:\Users\user\Twins+-+人人弹起+(CD+Version).mp3
[2010/03/15 02:19:16 | 005,563,536 | ---- | C] ()(C:\Users\user\Twins+-+人人?起+(CD+Version).mp3) -- C:\Users\user\Twins+-+人人弹起+(CD+Version).mp3
[2010/03/08 07:18:55 | 000,000,000 | ---D | M](C:\Users\user\??? - 天地合) -- C:\Users\user\萨顶顶 - 天地合
[2010/03/08 07:18:55 | 000,000,000 | ---D | C](C:\Users\user\??? - 天地合) -- C:\Users\user\萨顶顶 - 天地合
[2010/03/03 19:45:30 | 000,029,802 | ---- | C] ()(C:\Users\user\Documents\我在霞村的?候.docx) -- C:\Users\user\Documents\我在霞村的时候.docx
[2010/03/03 19:45:28 | 000,016,282 | ---- | C] ()(C:\Users\user\Documents\下台吧,董建?.docx) -- C:\Users\user\Documents\下台吧,董建华.docx
[2010/02/22 06:35:28 | 000,262,456 | ---- | M] ()(C:\Users\user\K i n G S L e Y ?_22_02_2010@5_35_07.wav) -- C:\Users\user\K i n G S L e Y ✖_22_02_2010@5_35_07.wav
[2010/02/22 06:35:28 | 000,262,456 | ---- | C] ()(C:\Users\user\K i n G S L e Y ?_22_02_2010@5_35_07.wav) -- C:\Users\user\K i n G S L e Y ✖_22_02_2010@5_35_07.wav
[2010/02/12 09:22:40 | 000,029,802 | ---- | M] ()(C:\Users\user\Documents\我在霞村的?候.docx) -- C:\Users\user\Documents\我在霞村的时候.docx
[2010/01/28 12:10:24 | 000,016,282 | ---- | M] ()(C:\Users\user\Documents\下台吧,董建?.docx) -- C:\Users\user\Documents\下台吧,董建华.docx
[2009/04/07 01:57:46 | 000,027,648 | ---- | M] ()(C:\Users\user\Documents\_AIOIIiANOAoeAEIAuOoAuE?EEAiEu.doc) -- C:\Users\user\Documents\_ƴʫ.doc
[2009/04/07 01:57:46 | 000,027,648 | ---- | C] ()(C:\Users\user\Documents\_AIOIIiANOAoeAEIAuOoAuE?EEAiEu.doc) -- C:\Users\user\Documents\_ƴʫ.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users