Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vista Guardian (virus, rootkit)


  • This topic is locked This topic is locked
23 replies to this topic

#1 FumaGenius

FumaGenius

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 14 March 2010 - 03:22 AM

Was infected with Vista Guardian , tried system restore back 5 days before infection, tried using malwarebyte's, problem unsolved.
As much as i have seen this virus is pretty complicated to me, it seems to have hijacked my firewall so that in control panel when i try to activate firewall the virus pops up, and when i try to activate windows defender. This virus also seems to be active when mozilla firefox and internet explorer starts, but does not activate with Google Chrome. Removing the Infected files detected by malwarebyte's only temporarily solves problem 2 hours later the virus returns. I am researching and suspect this to be a rootkit virus infected in different programs, and I am not sure where to look.

Thank You for your help,




DDS (Ver_09-12-01.01) - NTFSX64
Run by Benson Lam at 0:15:14.82 on 14/03/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_16
Microsoft« Windows VistaÖ Home Premium 6.0.6002.2.1252.2.1033.18.4093.2546 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Benson Lam\AppData\Local\Temp\Amd.exe
C:\Users\Benson Lam\AppData\Local\av.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\WINDOWS\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\WINDOWS\Samsung\PanelMgr\caller64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Users\Benson Lam\Documents\Downloads\dds.scr
C:\Windows\SysWOW64\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://elm.mcmaster.ca/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\benson lam\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [TOY5KNQ8OC] c:\users\benson lam\appdata\local\temp\Amd.exe
mRun: [QPService] "c:\program files (x86)\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [hpWirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files (x86)\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NACAgentUI] c:\program files (x86)\cisco\cisco nac agent\NACAgentUI.exe
StartupFolder: c:\users\benson~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

================= FIREFOX ===================

FF - ProfilePath - c:\users\benson~1\appdata\roaming\mozilla\firefox\profiles\42fk3eg3.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\benson lam\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 NACAgent;Cisco NAC Agent;c:\program files (x86)\cisco\cisco nac agent\NACAgent.exe [2010-2-5 742144]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2007-8-12 11576]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw4v64.sys [2008-6-5 3148288]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-12-18 56832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-1-27 1038088]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]

=============== Created Last 30 ================

2010-03-14 05:09:22 188 ----a-w- c:\users\benson lam\defogger_reenable
2010-03-13 00:55:59 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-13 00:55:59 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-03-13 00:55:57 620032 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-13 00:55:57 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-03-13 00:55:57 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-03-12 23:53:27 65536 --sha-w- c:\users\benson lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TM.blf
2010-03-12 23:53:27 524288 --sha-w- c:\users\benson lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TMContainer00000000000000000002.regtrans-ms
2010-03-12 23:53:27 524288 --sha-w- c:\users\benson lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TMContainer00000000000000000001.regtrans-ms
2010-03-12 22:58:27 0 d-----w- c:\program files (x86)\Dr. Guard
2010-03-07 22:25:17 162304 ----a-w- c:\windows\Afuraa.exe
2010-03-06 04:03:39 0 d-----w- c:\programdata\Blizzard
2010-03-06 04:03:16 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment
2010-03-04 03:16:32 0 d-----w- c:\programdata\Blizzard Entertainment
2010-03-02 19:11:39 1181022 ----a-w- c:\windows\syswow64\TmpA340121101
2010-02-28 22:14:11 0 d-----w- c:\programdata\Cisco
2010-02-28 22:14:03 0 d-----w- c:\program files (x86)\common files\Cisco
2010-02-28 22:14:03 0 d-----w- c:\program files (x86)\Cisco
2010-02-26 20:48:27 147425 ----a-w- c:\windows\syswow64\SYNSOACC-Aide.chm
2010-02-26 20:48:27 120468 ----a-w- c:\windows\syswow64\SYNSOACC-Hilfe.chm
2010-02-26 20:48:27 114279 ----a-w- c:\windows\syswow64\SYNSOACC-Help.chm
2010-02-26 20:48:19 45056 ----a-w- c:\windows\syswow64\Synsopos.exe
2010-02-26 20:48:19 401462 ----a-w- c:\windows\syswow64\temp.007
2010-02-26 20:48:19 147456 ----a-w- c:\windows\syswow64\SynsoLChk.dll
2010-02-26 20:23:36 401462 ----a-w- c:\windows\syswow64\temp.006
2010-02-25 15:14:49 401462 ----a-w- c:\windows\syswow64\temp.005
2010-02-25 15:13:28 401462 ----a-w- c:\windows\syswow64\temp.004
2010-02-25 04:05:02 471 ----a-w- c:\windows\syswow64\Datei4
2010-02-25 04:05:02 471 ----a-w- c:\windows\syswow64\Datei2
2010-02-25 04:05:02 470 ----a-w- c:\windows\syswow64\Datei3
2010-02-25 04:05:02 470 ----a-w- c:\windows\syswow64\Datei1
2010-02-25 04:05:02 469 ----a-w- c:\windows\syswow64\Datei7
2010-02-25 04:05:02 469 ----a-w- c:\windows\syswow64\Datei5
2010-02-25 04:05:02 468 ----a-w- c:\windows\syswow64\Datei0
2010-02-25 04:05:02 467 ----a-w- c:\windows\syswow64\Datei9
2010-02-25 04:05:02 467 ----a-w- c:\windows\syswow64\Datei8
2010-02-25 04:05:02 467 ----a-w- c:\windows\syswow64\Datei10
2010-02-25 04:05:02 465 ----a-w- c:\windows\syswow64\Datei6
2010-02-25 04:03:20 401462 ----a-w- c:\windows\syswow64\temp.003
2010-02-25 04:02:04 401462 ----a-w- c:\windows\syswow64\temp.002
2010-02-25 03:56:58 401462 ----a-w- c:\windows\syswow64\temp.001
2010-02-25 03:56:55 708608 ----a-w- c:\windows\syswow64\SYNSOACC.dll
2010-02-15 21:49:02 479232 ----a-w- c:\windows\ssndii.exe
2010-02-15 21:49:01 73728 ----a-w- c:\windows\system32\ssdevm64.dll
2010-02-15 21:49:01 57344 ----a-w- c:\windows\syswow64\ssdevm.dll
2010-02-15 21:49:01 49152 ----a-w- c:\windows\syswow64\ssusbpn.dll
2010-02-15 21:49:01 47104 ----a-w- c:\windows\system32\ssusbp64.dll
2010-02-15 21:49:01 21776 ----a-w- c:\windows\syswow64\msxml2a.dll
2010-02-15 21:49:00 0 d-----w- c:\windows\Samsung
2010-02-15 21:48:05 11502 ------w- c:\windows\Dr. Printer Icon.ico
2010-02-15 21:42:18 89600 ----a-w- c:\windows\system32\cl31cci.dll
2010-02-15 21:42:18 151552 ----a-w- c:\windows\system32\cl31cci.exe
2010-02-15 21:42:17 357 ----a-w- c:\windows\system32\cl31cl6.smt
2010-02-15 21:42:16 22016 ----a-w- c:\windows\system32\cl31cl6.dll
2010-02-15 21:42:16 0 d-----w- c:\windows\DRIVERS
2010-02-15 21:42:07 0 d-----w- c:\program files (x86)\Samsung

==================== Find3M ====================

2010-03-14 05:12:46 56042 ----a-w- c:\programdata\nvModes.dat
2010-03-13 03:04:24 750480 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-13 03:04:24 162688 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-15 21:43:32 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-15 21:43:32 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-15 21:43:31 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-27 15:28:11 39936 ----a-w- c:\users\benson~1\appdata\roaming\nig597A.tmp.bat
2010-01-25 12:10:22 538624 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:10:22 160768 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:10:22 160768 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:10:03 539136 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:08:59 460288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 12:00:35 471552 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\syswow64\msdrm.dll
2010-01-25 08:29:35 413696 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:29:31 600576 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:29:31 409600 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:29:28 599552 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:20 526336 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-23 09:44:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 09:26:13 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-01-10 02:46:29 10752 ----a-w- c:\windows\syswow64\BASSMOD.dll
2010-01-06 16:00:02 1927680 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:58:36 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:39:38 1696256 ----a-w- c:\windows\syswow64\gameux.dll
2010-01-06 15:38:47 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-01-06 14:03:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-06 13:30:41 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-01-05 20:43:45 15756 ----a-w- c:\windows\fonts\Avatar.ttf
2010-01-05 20:43:42 25504 ----a-w- c:\windows\fonts\Avatar Serif.ttf
2010-01-05 20:43:41 39124 ----a-w- c:\windows\fonts\Avatar Outline.ttf
2010-01-05 20:43:39 32732 ----a-w- c:\windows\fonts\Avatar Drawn.ttf
2010-01-05 20:43:38 31356 ----a-w- c:\windows\fonts\Avatar Bold.ttf
2009-12-18 13:08:01 86528 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 13:01:56 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2009-12-17 16:44:13 43520 ----a-w- c:\windows\syswow64\CmdLineExt03.dll
2009-12-16 12:16:02 1032192 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 11:44:23 834048 ----a-w- c:\windows\syswow64\wininet.dll
2009-12-16 11:44:14 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2009-12-16 11:42:38 3600896 ----a-w- c:\windows\syswow64\mshtml.dll
2009-12-16 11:42:09 6079488 ----a-w- c:\windows\syswow64\ieframe.dll
2009-12-16 11:42:09 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2009-12-16 11:42:09 180736 ----a-w- c:\windows\syswow64\ieui.dll
2009-12-16 11:42:08 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2009-11-17 16:06:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-02-26 01:59:14 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2008-02-26 01:59:14 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2008-02-26 01:59:14 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2008-02-26 01:59:14 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-19 21:21:11 22 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 0:18:58.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:09 PM

Posted 15 March 2010 - 03:16 PM

Hello, FumaGenius.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 FumaGenius

FumaGenius
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 15 March 2010 - 04:29 PM

Dear aommaster,

Thank you for helping me,

I carried out the instructions as told, but i was only able to get a log.txt file i did not get a second file info.txt after running RSIT, as for GMER , all the boxes above services are disabled; they were unclickable so i am not sure whether the Sections, IAT/EAT were checked or not.

Here is the log.txt file.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Benson Lam at 2010-03-15 16:52:20
Microsoft« Windows VistaÖ Home Premium Service Pack 2
System drive C: has 19 GB (9%) free of 225 GB
Total RAM: 4093 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:22 PM, on 15/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Benson Lam\AppData\Local\av.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Benson Lam\AppData\Local\Temp\Amd.exe
C:\Users\Benson Lam\Documents\Downloads\RSIT (1).exe
C:\Program Files (x86)\trend micro\Benson Lam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elm.mcmaster.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Benson Lam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Benson Lam\AppData\Local\Temp\Amd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel« Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13131 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2492597187-2832661440-983162839-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2492597187-2832661440-983162839-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{605D3AF6-D7F2-49D2-9F52-B1F27EFB0F43}.job
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QPService"=C:\Program Files (x86)\HP\QuickPlay\QPService.exe [2007-12-19 468264]
"QlbCtrl"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-08-17 218408]
"hpWirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-02 149280]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-01-22 141608]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-08-08 524288]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"NACAgentUI"=C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [2010-02-05 454400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968]
"Google Update"=C:\Users\Benson Lam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-03 133104]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2009-10-09 25623336]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Steam"=c:\program files (x86)\steam\steam.exe [2010-02-20 1217872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
"TOY5KNQ8OC"=C:\Users\Benson Lam\AppData\Local\Temp\Amd.exe [2010-03-07 164352]

C:\Users\Benson Lam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\PPStream\PPStream.exe"="C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPS═°┬šÁš╩Ë"
"C:\Program Files (x86)\PPStream\PPSAP.exe"="C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ═°┬š╝Ë╦┘ø"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16d2acf3-c703-11de-a128-001e687b1187}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79314f43-daba-11de-b989-001e687b1187}]
shell\AutoRun\command - H:\AutoRun.exe


======File associations======

.exe - open - "C:\Users\Benson Lam\AppData\Local\av.exe" /START "%1" %*

======List of files/folders created in the last 1 months======

2010-03-15 16:48:41 ----D---- C:\rsit
2010-03-15 16:48:41 ----D---- C:\Program Files (x86)\trend micro
2010-03-14 23:40:22 ----D---- C:\sysreset
2010-03-12 20:55:59 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-12 20:55:57 ----A---- C:\Windows\system32\httpapi.dll
2010-03-12 18:58:27 ----D---- C:\Program Files (x86)\Dr. Guard
2010-03-07 18:25:17 ----A---- C:\Windows\Afuraa.exe
2010-03-06 00:03:39 ----D---- C:\ProgramData\Blizzard
2010-03-06 00:03:16 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-03-03 23:16:32 ----D---- C:\ProgramData\Blizzard Entertainment
2010-02-28 18:14:11 ----D---- C:\ProgramData\Cisco
2010-02-28 18:14:03 ----D---- C:\Program Files (x86)\Common Files\Cisco
2010-02-28 18:14:03 ----D---- C:\Program Files (x86)\Cisco
2010-02-26 16:48:19 ----A---- C:\Windows\system32\Synsopos.exe
2010-02-26 16:48:19 ----A---- C:\Windows\system32\SynsoLChk.dll
2010-02-24 23:56:55 ----A---- C:\Windows\system32\SYNSOACC.dll
2010-02-24 10:42:50 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 10:42:37 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 10:42:37 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 10:42:36 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 10:42:36 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 10:42:36 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 10:42:36 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 10:42:36 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 10:42:36 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 10:42:36 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 10:42:34 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 10:42:33 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 10:42:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-21 21:28:11 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of files/folders modified in the last 1 months======

2010-03-15 16:48:41 ----RD---- C:\Program Files (x86)
2010-03-15 16:46:20 ----D---- C:\Windows\Tasks
2010-03-15 09:41:51 ----D---- C:\Users\Benson Lam\AppData\Roaming\Skype
2010-03-15 08:04:29 ----D---- C:\Users\Benson Lam\AppData\Roaming\skypePM
2010-03-15 01:46:06 ----D---- C:\Windows\System32
2010-03-15 01:46:05 ----D---- C:\Windows\inf
2010-03-14 23:38:01 ----D---- C:\Users\Benson Lam\AppData\Roaming\mIRC
2010-03-14 02:24:40 ----SHD---- C:\System Volume Information
2010-03-14 01:37:26 ----D---- C:\Windows\Temp
2010-03-14 01:14:18 ----D---- C:\Program Files (x86)\Steam
2010-03-13 23:03:03 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-03-13 16:45:20 ----D---- C:\Windows\winsxs
2010-03-13 16:32:16 ----D---- C:\Program Files (x86)\DivX
2010-03-13 16:31:07 ----D---- C:\Windows\SysWOW64
2010-03-13 16:31:07 ----D---- C:\Program Files (x86)\Windows Mail
2010-03-13 15:08:06 ----D---- C:\WINDOWS
2010-03-13 15:07:01 ----SHD---- C:\$RECYCLE.BIN
2010-03-13 15:06:32 ----RD---- C:\Users
2010-03-13 15:05:58 ----D---- C:\Users\Benson Lam\AppData\Roaming\DC++
2010-03-12 23:13:39 ----SHD---- C:\Windows\Installer
2010-03-12 23:13:39 ----D---- C:\Program Files (x86)\Common Files
2010-03-12 22:50:56 ----RD---- C:\Windows\Fonts
2010-03-12 22:50:50 ----D---- C:\ProgramData\FLEXnet
2010-03-12 22:50:50 ----D---- C:\Program Files (x86)\VirtualDJ
2010-03-12 22:50:50 ----D---- C:\Program Files (x86)\Syncrosoft
2010-03-12 22:50:49 ----D---- C:\Program Files (x86)\QuickTime
2010-03-12 22:50:49 ----D---- C:\Program Files (x86)\iTunes
2010-03-12 22:50:49 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-03-12 22:50:49 ----D---- C:\Program Files (x86)\Common Files\LightScribe
2010-03-12 22:50:49 ----D---- C:\Program Files (x86)\Antares Audio Technologies
2010-03-12 22:50:46 ----D---- C:\Windows\registration
2010-03-12 22:46:54 ----D---- C:\Program Files (x86)\Steinberg
2010-03-12 22:46:42 ----D---- C:\Program Files (x86)\Screaming Bee
2010-03-12 22:46:31 ----D---- C:\Program Files (x86)\Activision
2010-03-12 20:55:44 ----D---- C:\ProgramData\Microsoft Help
2010-03-12 19:30:41 ----D---- C:\Program Files (x86)\Windows Media Player
2010-03-12 18:50:16 ----D---- C:\Program Files (x86)\Adobe
2010-03-12 18:49:01 ----D---- C:\Program Files (x86)\Internet Explorer
2010-03-11 16:01:10 ----D---- C:\Windows\Prefetch
2010-03-08 17:42:05 ----D---- C:\Program Files (x86)\VstPlugins
2010-03-07 22:18:20 ----D---- C:\Users\Benson Lam\AppData\Roaming\uTorrent
2010-03-06 00:03:39 ----HD---- C:\ProgramData
2010-03-05 12:50:37 ----D---- C:\Program Files (x86)\LearnLink 9.1
2010-03-02 14:33:12 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-03-02 14:23:18 ----D---- C:\Program Files (x86)\Bonjour
2010-03-02 14:22:02 ----D---- C:\Users\Benson Lam\AppData\Roaming\Adobe
2010-02-26 15:42:42 ----D---- C:\Program Files (x86)\Valve
2010-02-25 15:29:41 ----D---- C:\Windows\rescache
2010-02-25 11:16:44 ----D---- C:\Windows\system32\fr-FR
2010-02-25 11:16:44 ----D---- C:\Windows\system32\en-US
2010-02-25 11:16:38 ----D---- C:\Windows\AppPatch
2010-02-25 10:56:11 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-10-19 475696]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys []
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys []
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys []
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
R3 NETw4v64;Intel« Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw4v64.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys []
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files (x86)\softnyx\GunboundWC\GameGuard\dump_wmimmc.sys []
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM); C:\Windows\system32\DRIVERS\vrtaucbl.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-01 4682]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x64.sys []
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel« Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-24 358936]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 NACAgent;Cisco NAC Agent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2010-02-05 742144]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 660256]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-11-07 72704]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S3 Com4Qlb;Com4Qlb; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-27 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-26 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-10-29 3407292]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-11-01 320760]

-----------------EOF-----------------
info.txt file
info.txt logfile of random's system information tool 1.06 2010-03-15 16:48:43

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bricks of Egypt\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chicken Invaders 3 - Revenge of the Yolk\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Sudoku Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->"c:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U
-->MsiExec /X{5DB65884-C963-4454-AABA-4CA3089281FA}
ÁTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Antares Autotune VST RTAS TDM v5.08-->"C:\Program Files (x86)\Antares Audio Technologies\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
Cisco NAC Agent -->MsiExec.exe /X{6632ABC5-9AEE-4243-9086-FB358DB58147}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe
DC++ 0.750-->"C:\Program Files (x86)\DC++\uninstall.exe"
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EA Link-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1033
FilePhile (remove only)-->C:\Program Files (x86)\FilePhile\Uninstall.exe
FL Studio 9-->C:\Program Files (x86)\Image-Line\FL Studio 9\uninstall.exe
GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
Guitar Pro 5.2-->"C:\Program Files (x86)\Guitar Pro 5\unins000.exe"
Hardcore-->C:\Program Files (x86)\Image-Line\Hardcore\uninstall.exe
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~2\WinTV\UNSftMCE.EXE C:\PROGRA~2\WinTV\softMCE.LOG
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP LaserJet P1000 series-->C:\Program Files (x86)\Avago-HP\{42f3db5a-74e4-408a-9b82-f261c2cafbfb}\uninstall.exe SYSTEMHORNET "C:\Program Files (x86)\Avago-HP\{42f3db5a-74e4-408a-9b82-f261c2cafbfb}"
HP Quick Launch Buttons 6.30 E1-->C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPSSupply-->MsiExec.exe /X{7902E313-FF0F-4493-ACB1-A8147B78DCD0}
IL Download Manager-->C:\Program Files (x86)\Image-Line\Downloader\uninstall.exe
InfraRecorder-->C:\Program Files (x86)\InfraRecorder\uninstall.exe
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LearnLink 9.1-->"C:\Program Files (x86)\LearnLink 9.1\unins000.exe"
Left 4 Dead-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/500
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
mIRC-->"C:\sysreset\mirc.exe" -uninstall
Mozilla Firefox (3.5.8)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MrvlUsgTracking-->MsiExec.exe /I{02C85EC5-E864-4847-AF55-42730861004C}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MusicLab RealGuitar 2.0-->"C:\Program Files (x86)\VstPlugins\Uninstall.exe" "C:\Program Files (x86)\VstPlugins\install.log"
muvee autoProducer 6.1-->C:\Program Files (x86)\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
NVIDIA PhysX-->MsiExec.exe /X{5DB65884-C963-4454-AABA-4CA3089281FA}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PoiZone-->C:\Program Files (x86)\Image-Line\PoiZone\uninstall.exe
Power2Go-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PyMOL-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\DeLano Scientific\PyMOL\Uninst.isu"
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files (x86)\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd64.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Samsung CLP-310 Series-->C:\Program Files (x86)\Samsung\Samsung CLP-310 Series\Install\Setup.exe /R
Sawer-->C:\Program Files (x86)\Image-Line\Sawer\uninstall.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SkypeÖ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg Hypersonic 2-->"C:\Program Files (x86)\Image-Line\FL Studio 9\Plugins\VST\Hypersonic Content\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SyncroSoft Emu (Remove only)-->C:\Program Files (x86)\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosoft's License Control-->C:\PROGRA~2\SYNCRO~1\UNWISE.EXE C:\PROGRA~2\SYNCRO~1\INSTALL.LOG
Toxic Biohazard-->C:\Program Files (x86)\Image-Line\Toxic Biohazard\uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Viewpoint Media Player-->C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual DJ - Atomix Productions-->C:\PROGRA~2\VIRTUA~1\UNWISE.EXE C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

======Security center information======

AS: Windows Defender
AS: Norton Internet Security (disabled) (outdated)

======System event log======

Computer Name: BensonLam-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001F3BA10B7D. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 61860
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20100108061729.000000-000
Event Type: Warning
User:

Computer Name: BensonLam-PC
Event Code: 19
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: Generic Cache Hierarchy Error

Processor ID Valid: Yes
Processor ID: 0x0
Bank Number: 3
Transaction Type: N/A
Processor Participation: N/A
Request Type: N/A
Memory/Io: N/A
Memory Hierarchy Level: Level 2
Timeout: N/A
Record Number: 61824
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100108034422.533000-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: BensonLam-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001F3BA10B7D. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 61821
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20100108034335.000000-000
Event Type: Warning
User:

Computer Name: BensonLam-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001F3BA10B7D. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 61816
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20100108034325.000000-000
Event Type: Warning
User:

Computer Name: BensonLam-PC
Event Code: 19
Message: A corrected hardware error occurred.

Error Source: Corrected Machine Check

Error Type: Generic Cache Hierarchy Error

Processor ID Valid: Yes
Processor ID: 0x0
Bank Number: 3
Transaction Type: N/A
Processor Participation: N/A
Request Type: N/A
Memory/Io: N/A
Memory Hierarchy Level: Level 2
Timeout: N/A
Record Number: 61797
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20100108015809.078647-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

=====Application event log=====

Computer Name: BensonLam-PC
Event Code: 508
Message: wlcomm (4652) C:\Users\Benson Lam\AppData\Local\Microsoft\Windows Live Contacts\{562b082b-31ed-4c65-aa09-a7aacb633306}\: A request to write to the file "C:\Users\Benson Lam\AppData\Local\Microsoft\Windows Live Contacts\{562b082b-31ed-4c65-aa09-a7aacb633306}\DBStore\contacts.edb" at offset 4276224 (0x0000000000414000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (1355 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 379
Source Name: ESENT
Time Written: 20091003052048.000000-000
Event Type: Warning
User:

Computer Name: BensonLam-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 373
Source Name: Microsoft-Windows-WMI
Time Written: 20091003043720.000000-000
Event Type: Error
User:

Computer Name: BensonLam-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2492597187-2832661440-983162839-1000_Classes:
Process 504 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2492597187-2832661440-983162839-1000_CLASSES

Record Number: 343
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091002181610.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: BensonLam-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
4 user registry handles leaked from \Registry\User\S-1-5-21-2492597187-2832661440-983162839-1000:
Process 672 (\Device\HarddiskVolume1\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2492597187-2832661440-983162839-1000
Process 504 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2492597187-2832661440-983162839-1000
Process 760 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2492597187-2832661440-983162839-1000\Software
Process 760 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2492597187-2832661440-983162839-1000\Software\Policies

Record Number: 342
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091002181609.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: BensonLam-PC
Event Code: 1002
Message: The program msnmsgr.exe version 14.0.8089.726 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history i
GMER FILE IS HERE

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-15 17:29:15
Windows 6.0.6002 Service Pack 2
Running: 7uo02lkp.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7A 0xDA 0x4F 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAD 0x88 0x54 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0xE4 0xFD 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xCE 0x26 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF7 0xAF 0xD3 0x7A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7A 0xDA 0x4F 0x5E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAD 0x88 0x54 0x05 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0xE4 0xFD 0x8E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xCE 0x26 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF7 0xAF 0xD3 0x7A ...

---- Files - GMER 1.0.15 ----

File C:\Users\Benson Lam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWVY0AZX\tagsCAL2ESFP.htm 405 bytes
File C:\Users\Benson Lam\AppData\Roaming\Microsoft\Windows\Cookies\benson_lam@advertise[2].txt 0 bytes
File C:\Users\Benson Lam\AppData\Roaming\Microsoft\Windows\Cookies\benson_lam@www.dotellall[2].txt 0 bytes

---- EOF - GMER 1.0.15 ----

Edited by FumaGenius, 15 March 2010 - 05:03 PM.


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:09 PM

Posted 15 March 2010 - 04:31 PM

Hi!

You can find the info.txt file in the folder c:\rsit if it didn't pop up. Please copy and paste that into your next reply smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 FumaGenius

FumaGenius
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 15 March 2010 - 05:08 PM

For convenience i have just edited my previous response and have added the info.txt info, thanks for the help smile.gif

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:09 PM

Posted 15 March 2010 - 05:11 PM

Hello, FumaGenius.
Thank you smile.gif


P2P Program Warning!

uTorrent

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall the programs listed above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




Viewpoint Warning!

Your logs show Viewpoint Manager installed, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

Viewpoint to Plunge Into Adware

I suggest you remove the program now. Go to Start > Control Panel > Add or Remove Programs. From within Add or Remove Programs uninstall the following if they exist:
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player




We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 FumaGenius

FumaGenius
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 15 March 2010 - 09:36 PM

hey, does combofix work with vista (64bit)?; it says its only compatible with windows 2000 and XP

#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:09 PM

Posted 15 March 2010 - 09:39 PM

Hello, FumaGenius.
Oops! My bad. For some reason I didn't realise you were using a 64-bit system wacko.gif

And no, combofix does not work on 64-bit systems. Let's use another scanner.

We need to create an OTL report
  1. Please download OTL
  2. Save it to your desktop.
  3. Double click on the OTL icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the Run Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


In your next reply, please include the following:
  • OTL Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 FumaGenius

FumaGenius
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 15 March 2010 - 09:50 PM

Thank You aommaster,
here is the OTL log

OTL logfile created on: 15/03/2010 10:45:38 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Benson Lam\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.91 Gb Total Space | 19.81 Gb Free Space | 9.01% Space Free | Partition Type: NTFS
Drive D: | 11.42 Gb Total Space | 1.15 Gb Free Space | 10.04% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.52 Gb Free Space | 97.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232.88 Gb Total Space | 19.53 Gb Free Space | 8.38% Space Free | Partition Type: NTFS

Computer Name: BENSONLAM-PC
Current User Name: Benson Lam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/15 22:44:42 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Benson Lam\Desktop\OTL.exe
PRC - [2010/03/13 23:20:50 | 000,187,904 | -HS- | M] () -- C:\Users\Benson Lam\AppData\Local\av.exe
PRC - [2010/03/07 18:25:09 | 000,164,352 | ---- | M] () -- C:\Users\Benson Lam\AppData\Local\Temp\Amd.exe
PRC - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/02/05 14:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/10/02 13:15:13 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/08/17 23:59:28 | 000,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/07/26 19:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\conime.exe
PRC - [2009/02/26 13:06:28 | 000,521,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
PRC - [2009/02/06 20:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/25 08:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/08/08 01:03:41 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007/10/24 06:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/24 06:02:14 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/11/23 09:45:34 | 002,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\sysreset\mirc.exe


========== Modules (SafeList) ==========

MOD - [2010/03/15 22:44:42 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Benson Lam\Desktop\OTL.exe
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/27 01:28:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2010/01/26 13:56:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/01 12:27:10 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/29 02:02:00 | 003,407,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/10/24 06:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\WINDOWS\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/12/18 20:29:19 | 000,056,832 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV:64bit: - [2009/11/01 12:23:41 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/23 11:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/01/20 22:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 22:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 22:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:46:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2008/01/20 22:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/18 07:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/09/29 19:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/17 19:17:46 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007/08/12 22:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007/07/11 13:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/28 11:09:56 | 003,148,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/26 22:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 15:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/02/27 19:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/01/17 09:48:30 | 001,455,616 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\smserial.sys -- (smserial)
DRV:64bit: - [2006/11/02 01:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/09 22:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2009/10/19 08:13:14 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2005/01/01 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://elm.mcmaster.ca/
IE - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/13 15:08:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/12 23:15:14 | 000,000,000 | ---D | M]

[2009/10/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Benson Lam\AppData\Roaming\Mozilla\Extensions
[2010/03/13 23:13:03 | 000,000,000 | ---D | M] -- C:\Users\Benson Lam\AppData\Roaming\Mozilla\Firefox\Profiles\42fk3eg3.default\extensions
[2009/10/10 17:24:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benson Lam\AppData\Roaming\Mozilla\Firefox\Profiles\42fk3eg3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/20 13:31:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Benson Lam\AppData\Roaming\Mozilla\Firefox\Profiles\42fk3eg3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/01 12:32:46 | 000,002,399 | ---- | M] () -- C:\Users\Benson Lam\AppData\Roaming\Mozilla\Firefox\Profiles\42fk3eg3.default\searchplugins\daemon-search.xml
[2010/03/13 23:13:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/12/21 01:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/01/27 01:52:15 | 000,001,692 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 4 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000..\Run: [TOY5KNQ8OC] C:\Users\Benson Lam\AppData\Local\Temp\Amd.exe ()
O4 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Benson Lam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.113.128.1 130.113.64.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benson Lam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benson Lam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{16d2acf3-c703-11de-a128-001e687b1187}\Shell - "" = AutoRun
O33 - MountPoints2\{16d2acf3-c703-11de-a128-001e687b1187}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{79314f43-daba-11de-b989-001e687b1187}\Shell - "" = AutoRun
O33 - MountPoints2\{79314f43-daba-11de-b989-001e687b1187}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37:64bit: - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/15 22:44:42 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Users\Benson Lam\Desktop\OTL.exe
[2010/03/15 22:34:25 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/15 16:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/03/15 16:48:41 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/14 23:40:22 | 000,000,000 | ---D | C] -- C:\sysreset
[2010/03/12 20:55:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/12 20:55:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/12 20:55:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/12 20:55:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/12 18:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dr. Guard
[2010/03/06 00:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/03/06 00:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/03/03 23:16:36 | 000,000,000 | ---D | C] -- C:\Users\Benson Lam\AppData\Local\Blizzard Entertainment
[2010/03/03 23:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/03/03 23:16:31 | 000,000,000 | ---D | C] -- C:\Users\Benson Lam\Documents\StarCraft II Beta
[2010/02/28 18:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/02/28 18:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco
[2010/02/28 18:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/02/26 16:48:19 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.007
[2010/02/26 16:48:19 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\SynsoLChk.dll
[2010/02/26 16:48:19 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\Synsopos.exe
[2010/02/26 16:23:36 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.006
[2010/02/25 11:14:49 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.005
[2010/02/25 11:13:28 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004
[2010/02/25 00:03:20 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2010/02/25 00:02:04 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2010/02/24 23:56:58 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2010/02/24 23:56:55 | 000,708,608 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\SYNSOACC.dll
[2010/02/24 10:42:37 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/24 10:42:37 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/24 10:42:37 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/24 10:42:37 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/24 10:42:36 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/24 10:42:36 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/24 10:42:36 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/24 10:42:36 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/24 10:42:36 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010/02/24 10:42:36 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/24 10:42:36 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/24 10:42:36 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/24 10:42:36 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/24 10:42:36 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/24 10:42:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/24 10:42:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/24 10:42:36 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/24 10:42:36 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/24 10:42:34 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/02/24 10:42:34 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/02/24 10:42:33 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/02/24 10:42:33 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/02/24 10:42:33 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/24 10:42:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/02/21 21:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/02/15 17:49:01 | 000,073,728 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssdevm64.dll
[2010/02/15 17:49:01 | 000,057,344 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssdevm.dll
[2010/02/15 17:49:01 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssusbpn.dll
[2010/02/15 17:49:01 | 000,047,104 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssusbp64.dll
[2010/02/15 17:49:01 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml2a.dll
[2010/02/15 17:49:00 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2010/02/15 17:42:18 | 000,151,552 | ---- | C] (SS) -- C:\Windows\SysNative\cl31cci.exe
[2010/02/15 17:42:18 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\cl31cci.dll
[2010/02/15 17:42:16 | 000,000,000 | ---D | C] -- C:\Windows\DRIVERS
[2010/02/15 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2010/01/27 11:28:10 | 000,039,936 | ---- | C] (Xiph.Org Foundation) -- C:\Users\Benson Lam\AppData\Roaming\nig597A.tmp.bat
[2009/10/20 19:13:43 | 000,149,504 | ---- | C] (DoubleFusion) -- C:\Users\Benson Lam\AppData\Local\uvexuhij.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Benson Lam\Desktop\*.tmp files -> C:\Users\Benson Lam\Desktop\*.tmp -> ]
[1 C:\Users\Benson Lam\AppData\Roaming\*.tmp files -> C:\Users\Benson Lam\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/15 22:48:15 | 003,670,016 | -HS- | M] () -- C:\Users\Benson Lam\ntuser.dat
[2010/03/15 22:47:00 | 000,000,306 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/15 22:44:42 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Benson Lam\Desktop\OTL.exe
[2010/03/15 22:42:49 | 001,684,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/15 22:42:49 | 000,750,480 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/03/15 22:42:49 | 000,668,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/15 22:42:49 | 000,162,688 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/03/15 22:42:49 | 000,133,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/15 22:42:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2492597187-2832661440-983162839-1000UA.job
[2010/03/15 21:55:02 | 000,011,018 | -HS- | M] () -- C:\Users\Benson Lam\AppData\Local\8A3Kl71lr4L
[2010/03/15 21:54:58 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/15 21:54:58 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/15 20:41:58 | 000,000,680 | ---- | M] () -- C:\Users\Benson Lam\AppData\Local\d3d9caps.dat
[2010/03/15 19:23:03 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{605D3AF6-D7F2-49D2-9F52-B1F27EFB0F43}.job
[2010/03/15 15:55:27 | 000,056,042 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/15 15:55:27 | 000,056,042 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/15 15:54:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/15 02:42:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2492597187-2832661440-983162839-1000Core.job
[2010/03/14 01:12:48 | 000,000,361 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/03/14 01:11:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/14 01:11:46 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 01:10:53 | 000,524,288 | -HS- | M] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TMContainer00000000000000000001.regtrans-ms
[2010/03/14 01:10:53 | 000,065,536 | -HS- | M] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TM.blf
[2010/03/14 01:10:42 | 004,025,046 | -H-- | M] () -- C:\Users\Benson Lam\AppData\Local\IconCache.db
[2010/03/14 01:09:22 | 000,000,188 | ---- | M] () -- C:\Users\Benson Lam\defogger_reenable
[2010/03/13 23:20:50 | 000,187,904 | -HS- | M] () -- C:\Users\Benson Lam\AppData\Local\av.exe
[2010/03/13 17:38:32 | 000,011,170 | -HS- | M] () -- C:\Users\Benson Lam\AppData\Local\SlG6JVm4
[2010/03/13 15:08:06 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/03/13 14:35:26 | 000,856,005 | ---- | M] () -- C:\Users\Benson Lam\Desktop\for fun_Master.MP3
[2010/03/12 20:42:39 | 000,524,288 | -HS- | M] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TMContainer00000000000000000002.regtrans-ms
[2010/03/12 19:34:05 | 000,524,288 | -HS- | M] () -- C:\Users\Benson Lam\NTUSER.DAT{863dfeb4-fbf8-11de-8113-001e687b1187}.TMContainer00000000000000000001.regtrans-ms
[2010/03/12 19:34:05 | 000,065,536 | -HS- | M] () -- C:\Users\Benson Lam\NTUSER.DAT{863dfeb4-fbf8-11de-8113-001e687b1187}.TM.blf
[2010/03/12 19:29:21 | 000,010,402 | -HS- | M] () -- C:\Users\Benson Lam\AppData\Local\ysl0U8AKF0i0
[2010/03/11 13:29:23 | 000,000,552 | ---- | M] () -- C:\Users\Benson Lam\AppData\Local\d3d8caps.dat
[2010/03/10 03:26:38 | 000,000,000 | ---- | M] () -- C:\test.mpg
[2010/03/09 17:31:03 | 000,010,658 | ---- | M] () -- C:\Users\Benson Lam\Documents\my arguement.docx
[2010/03/09 16:24:59 | 000,180,224 | ---- | M] () -- C:\Users\Benson Lam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/07 18:25:09 | 000,162,304 | ---- | M] () -- C:\Windows\Afuraa.exe
[2010/03/05 04:29:02 | 010,404,510 | ---- | M] () -- C:\Users\Benson Lam\Desktop\03 - Magic.mp3
[2010/03/04 21:28:01 | 000,112,488 | ---- | M] () -- C:\Users\Benson Lam\Desktop\econ question.docx
[2010/03/04 13:03:02 | 002,468,352 | ---- | M] () -- C:\Users\Benson Lam\Desktop\XrayCrystallography.ppt
[2010/03/02 15:11:39 | 001,181,022 | ---- | M] () -- C:\Windows\SysWow64\TmpA340121101
[2010/02/28 18:14:08 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2010/02/26 16:40:46 | 000,000,471 | ---- | M] () -- C:\Windows\SysWow64\Datei4
[2010/02/26 16:40:46 | 000,000,471 | ---- | M] () -- C:\Windows\SysWow64\Datei2
[2010/02/26 16:40:46 | 000,000,470 | ---- | M] () -- C:\Windows\SysWow64\Datei3
[2010/02/26 16:40:46 | 000,000,470 | ---- | M] () -- C:\Windows\SysWow64\Datei1
[2010/02/26 16:40:46 | 000,000,469 | ---- | M] () -- C:\Windows\SysWow64\Datei7
[2010/02/26 16:40:46 | 000,000,469 | ---- | M] () -- C:\Windows\SysWow64\Datei5
[2010/02/26 16:40:46 | 000,000,468 | ---- | M] () -- C:\Windows\SysWow64\Datei0
[2010/02/26 16:40:46 | 000,000,467 | ---- | M] () -- C:\Windows\SysWow64\Datei9
[2010/02/26 16:40:46 | 000,000,467 | ---- | M] () -- C:\Windows\SysWow64\Datei8
[2010/02/26 16:40:46 | 000,000,467 | ---- | M] () -- C:\Windows\SysWow64\Datei10
[2010/02/26 16:40:46 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\Datei6
[2010/02/26 16:16:46 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Hypersonic.exe.lnk
[2010/02/25 15:08:07 | 000,080,304 | ---- | M] () -- C:\Users\Benson Lam\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 15:05:57 | 003,175,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/25 10:56:13 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/02/22 17:19:18 | 309,962,041 | ---- | M] () -- C:\Users\Benson Lam\Desktop\2am clips.rar
[2010/02/22 02:04:13 | 003,139,734 | ---- | M] () -- C:\Users\Benson Lam\Desktop\2amrough2.mp3
[2010/02/22 01:45:24 | 003,139,734 | ---- | M] () -- C:\Users\Benson Lam\Desktop\2amrough.mp3
[2010/02/21 02:04:53 | 000,074,124 | ---- | M] () -- C:\Users\Benson Lam\Desktop\References.pdf
[2010/02/21 02:04:21 | 000,134,440 | ---- | M] () -- C:\Users\Benson Lam\Desktop\Compiled Good Copy.pdf
[2010/02/20 19:15:56 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 19:14:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/02/20 19:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/02/20 19:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/02/19 17:13:02 | 000,100,130 | ---- | M] () -- C:\Users\Benson Lam\Desktop\wedding dress.rtf
[2010/02/19 14:17:42 | 028,576,576 | ---- | M] () -- C:\Users\Benson Lam\Desktop\audition 4.wmv
[2010/02/19 04:53:20 | 3297,482,885 | ---- | M] () -- C:\Users\Benson Lam\Desktop\CODMW2.rar
[2010/02/18 20:42:47 | 1737,034,803 | ---- | M] () -- C:\Users\Benson Lam\Desktop\Hypersonic.rar
[2010/02/16 20:40:38 | 003,251,130 | ---- | M] () -- C:\Users\Benson Lam\Documents\Youcam1.rar
[2010/02/16 20:37:53 | 000,112,307 | ---- | M] () -- C:\Users\Benson Lam\Documents\Orgo@York.rar
[2010/02/16 19:41:20 | 000,039,454 | ---- | M] () -- C:\Users\Benson Lam\Desktop\karalupin.jpg
[2010/02/16 15:55:05 | 347,846,613 | ---- | M] () -- C:\Users\Benson Lam\Documents\Cubase LE 4.rar
[2010/02/16 15:50:02 | 171,907,509 | ---- | M] () -- C:\Users\Benson Lam\Documents\1st Year Mac.rar
[2010/02/15 17:49:06 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2010/02/15 17:19:13 | 000,000,162 | -H-- | M] () -- C:\Users\Benson Lam\Desktop\~$signment Biochem1.docx
[2010/02/15 11:45:58 | 001,180,031 | ---- | M] () -- C:\Users\Benson Lam\Desktop\02 (2).mp3
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Benson Lam\Desktop\*.tmp files -> C:\Users\Benson Lam\Desktop\*.tmp -> ]
[1 C:\Users\Benson Lam\AppData\Roaming\*.tmp files -> C:\Users\Benson Lam\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/14 01:09:22 | 000,000,188 | ---- | C] () -- C:\Users\Benson Lam\defogger_reenable
[2010/03/13 23:20:51 | 000,011,018 | -HS- | C] () -- C:\Users\Benson Lam\AppData\Local\8A3Kl71lr4L
[2010/03/13 18:20:02 | 000,000,306 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/13 15:08:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/13 14:39:28 | 000,011,170 | -HS- | C] () -- C:\Users\Benson Lam\AppData\Local\SlG6JVm4
[2010/03/13 14:39:27 | 000,187,904 | -HS- | C] () -- C:\Users\Benson Lam\AppData\Local\av.exe
[2010/03/13 14:35:21 | 000,856,005 | ---- | C] () -- C:\Users\Benson Lam\Desktop\for fun_Master.MP3
[2010/03/12 19:53:27 | 000,524,288 | -HS- | C] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TMContainer00000000000000000002.regtrans-ms
[2010/03/12 19:53:27 | 000,524,288 | -HS- | C] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TMContainer00000000000000000001.regtrans-ms
[2010/03/12 19:53:27 | 000,065,536 | -HS- | C] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TM.blf
[2010/03/12 18:48:14 | 000,010,402 | -HS- | C] () -- C:\Users\Benson Lam\AppData\Local\ysl0U8AKF0i0
[2010/03/11 13:29:23 | 000,000,552 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\d3d8caps.dat
[2010/03/09 17:01:34 | 000,010,658 | ---- | C] () -- C:\Users\Benson Lam\Documents\my arguement.docx
[2010/03/07 18:25:17 | 000,162,304 | ---- | C] () -- C:\Windows\Afuraa.exe
[2010/03/05 04:25:22 | 010,404,510 | ---- | C] () -- C:\Users\Benson Lam\Desktop\03 - Magic.mp3
[2010/03/04 21:28:00 | 000,112,488 | ---- | C] () -- C:\Users\Benson Lam\Desktop\econ question.docx
[2010/03/04 13:02:58 | 002,468,352 | ---- | C] () -- C:\Users\Benson Lam\Desktop\XrayCrystallography.ppt
[2010/03/02 15:11:39 | 001,181,022 | ---- | C] () -- C:\Windows\SysWow64\TmpA340121101
[2010/02/28 18:14:08 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2010/02/26 16:48:27 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm
[2010/02/26 16:48:27 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm
[2010/02/26 16:48:27 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm
[2010/02/26 16:16:46 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Hypersonic.exe.lnk
[2010/02/25 10:56:13 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/02/25 00:05:02 | 000,000,471 | ---- | C] () -- C:\Windows\SysWow64\Datei4
[2010/02/25 00:05:02 | 000,000,471 | ---- | C] () -- C:\Windows\SysWow64\Datei2
[2010/02/25 00:05:02 | 000,000,470 | ---- | C] () -- C:\Windows\SysWow64\Datei3
[2010/02/25 00:05:02 | 000,000,470 | ---- | C] () -- C:\Windows\SysWow64\Datei1
[2010/02/25 00:05:02 | 000,000,469 | ---- | C] () -- C:\Windows\SysWow64\Datei7
[2010/02/25 00:05:02 | 000,000,469 | ---- | C] () -- C:\Windows\SysWow64\Datei5
[2010/02/25 00:05:02 | 000,000,468 | ---- | C] () -- C:\Windows\SysWow64\Datei0
[2010/02/25 00:05:02 | 000,000,467 | ---- | C] () -- C:\Windows\SysWow64\Datei9
[2010/02/25 00:05:02 | 000,000,467 | ---- | C] () -- C:\Windows\SysWow64\Datei8
[2010/02/25 00:05:02 | 000,000,467 | ---- | C] () -- C:\Windows\SysWow64\Datei10
[2010/02/25 00:05:02 | 000,000,465 | ---- | C] () -- C:\Windows\SysWow64\Datei6
[2010/02/22 17:13:10 | 309,962,041 | ---- | C] () -- C:\Users\Benson Lam\Desktop\2am clips.rar
[2010/02/22 02:03:14 | 003,139,734 | ---- | C] () -- C:\Users\Benson Lam\Desktop\2amrough2.mp3
[2010/02/22 01:44:31 | 003,139,734 | ---- | C] () -- C:\Users\Benson Lam\Desktop\2amrough.mp3
[2010/02/21 02:04:53 | 000,074,124 | ---- | C] () -- C:\Users\Benson Lam\Desktop\References.pdf
[2010/02/21 02:04:20 | 000,134,440 | ---- | C] () -- C:\Users\Benson Lam\Desktop\Compiled Good Copy.pdf
[2010/02/19 14:13:10 | 028,576,576 | ---- | C] () -- C:\Users\Benson Lam\Desktop\audition 4.wmv
[2010/02/19 02:22:45 | 3297,482,885 | ---- | C] () -- C:\Users\Benson Lam\Desktop\CODMW2.rar
[2010/02/18 20:22:31 | 1737,034,803 | ---- | C] () -- C:\Users\Benson Lam\Desktop\Hypersonic.rar
[2010/02/16 20:40:37 | 003,251,130 | ---- | C] () -- C:\Users\Benson Lam\Documents\Youcam1.rar
[2010/02/16 20:37:53 | 000,112,307 | ---- | C] () -- C:\Users\Benson Lam\Documents\Orgo@York.rar
[2010/02/16 19:41:20 | 000,039,454 | ---- | C] () -- C:\Users\Benson Lam\Desktop\karalupin.jpg
[2010/02/16 15:50:43 | 347,846,613 | ---- | C] () -- C:\Users\Benson Lam\Documents\Cubase LE 4.rar
[2010/02/16 15:48:09 | 171,907,509 | ---- | C] () -- C:\Users\Benson Lam\Documents\1st Year Mac.rar
[2010/02/15 17:49:06 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2010/02/15 17:49:02 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/02/15 17:48:05 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico
[2010/02/15 17:42:17 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\cl31cl6.smt
[2010/02/15 17:42:16 | 000,022,016 | ---- | C] () -- C:\Windows\SysNative\cl31cl6.dll
[2010/02/15 17:19:13 | 000,000,162 | -H-- | C] () -- C:\Users\Benson Lam\Desktop\~$signment Biochem1.docx
[2010/02/15 11:45:47 | 001,180,031 | ---- | C] () -- C:\Users\Benson Lam\Desktop\02 (2).mp3
[2010/02/01 10:29:25 | 000,001,227 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\ivakeyibewereco.dll
[2010/02/01 10:26:36 | 000,001,227 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\inujihanotiji.dll
[2010/01/09 22:34:07 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/01/05 00:06:32 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2009/12/17 12:03:52 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/12/04 15:42:51 | 000,056,042 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/04 15:42:30 | 000,056,042 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/29 17:28:47 | 000,028,109 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/11/29 17:28:20 | 000,033,214 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\dd_dotnetfx3install.txt
[2009/11/29 17:28:20 | 000,002,826 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\uxeventlog.txt
[2009/11/29 17:28:20 | 000,000,604 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\dd_dotnetfx3error.txt
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/21 07:40:49 | 000,000,680 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\d3d9caps.dat
[2009/10/20 19:14:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 19:12:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/18 18:52:16 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\HPPLVS.dll
[2009/10/09 22:07:54 | 000,028,314 | ---- | C] () -- C:\Users\Benson Lam\AppData\Roaming\nvModes.001
[2009/10/07 21:49:36 | 000,028,314 | ---- | C] () -- C:\Users\Benson Lam\AppData\Roaming\nvModes.dat
[2009/10/04 23:18:23 | 001,565,076 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/03 00:19:47 | 000,000,000 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\QSwitch.txt
[2009/10/03 00:19:47 | 000,000,000 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\DSwitch.txt
[2009/10/03 00:19:47 | 000,000,000 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\AtStart.txt
[2009/10/03 00:02:51 | 000,000,371 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/10/02 13:46:34 | 000,180,224 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll

========== Files - Unicode (All) ==========
[2010/02/24 02:38:14 | 003,148,835 | ---- | M] ()(C:\Users\Benson Lam\Desktop\2am ??? ??? cover.mp3) -- C:\Users\Benson Lam\Desktop\2am 죽어도 못보내 cover.mp3
[2010/02/22 15:00:35 | 003,148,835 | ---- | C] ()(C:\Users\Benson Lam\Desktop\2am ??? ??? cover.mp3) -- C:\Users\Benson Lam\Desktop\2am 죽어도 못보내 cover.mp3
[2010/02/11 12:06:00 | 003,167,352 | ---- | M] ()(C:\Users\Benson Lam\Desktop\?????? 2AM.mp3) -- C:\Users\Benson Lam\Desktop\죽어도못보내 2AM.mp3
[2010/02/11 12:05:46 | 003,167,352 | ---- | C] ()(C:\Users\Benson Lam\Desktop\?????? 2AM.mp3) -- C:\Users\Benson Lam\Desktop\죽어도못보내 2AM.mp3
[2010/02/01 01:26:29 | 004,385,385 | ---- | M] ()(C:\Users\Benson Lam\Desktop\wo99_com_????(??KARAOKE).wma) -- C:\Users\Benson Lam\Desktop\wo99_com_你瞞我瞞(原裝KARAOKE).wma
[2010/02/01 01:26:10 | 004,385,385 | ---- | C] ()(C:\Users\Benson Lam\Desktop\wo99_com_????(??KARAOKE).wma) -- C:\Users\Benson Lam\Desktop\wo99_com_你瞞我瞞(原裝KARAOKE).wma
[2010/01/21 14:38:36 | 010,270,232 | ---- | M] ()(C:\Users\Benson Lam\Desktop\??DuetCeci+Ben.mp3) -- C:\Users\Benson Lam\Desktop\어젠DuetCeci+Ben.mp3
[2010/01/04 18:57:53 | 000,013,978 | ---- | M] ()(C:\Users\Benson Lam\Desktop\?? ???? ???.docx) -- C:\Users\Benson Lam\Desktop\우리 사랑하게 됐어요.docx
[2010/01/04 18:57:38 | 000,013,978 | ---- | C] ()(C:\Users\Benson Lam\Desktop\?? ???? ???.docx) -- C:\Users\Benson Lam\Desktop\우리 사랑하게 됐어요.docx
[2010/01/04 18:45:42 | 010,270,232 | ---- | C] ()(C:\Users\Benson Lam\Desktop\??DuetCeci+Ben.mp3) -- C:\Users\Benson Lam\Desktop\어젠DuetCeci+Ben.mp3
[2010/01/02 12:46:12 | 010,312,123 | ---- | M] ()(C:\Users\Benson Lam\Desktop\??? ??? ??? Cover.mp3) -- C:\Users\Benson Lam\Desktop\그립고 그립고 그립다 Cover.mp3
[2009/12/30 11:42:35 | 010,312,123 | ---- | C] ()(C:\Users\Benson Lam\Desktop\??? ??? ??? Cover.mp3) -- C:\Users\Benson Lam\Desktop\그립고 그립고 그립다 Cover.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Benson Lam\Desktop\TTLkollab_mixdown.mp3:TOC.WMV
< End of report >


#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:09 PM

Posted 15 March 2010 - 09:58 PM

Hello, FumaGenius.
We need to run a custom OTL fix
  1. Please run OTL on your desktop.
  2. Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not copy the word "code".
    CODE
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000..\Run: [TOY5KNQ8OC] C:\Users\Benson Lam\AppData\Local\Temp\Amd.exe ()
    O4 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

    :Files
    C:\Users\Benson Lam\AppData\Local\Temp\Amd.exe
    C:\Users\Benson Lam\AppData\Local\uvexuhij.dll
    C:\Users\Benson Lam\AppData\Local\SlG6JVm4
    C:\Users\Benson Lam\AppData\Local\av.exe
    C:\Users\Benson Lam\AppData\Local\8A3Kl71lr4L
    C:\Users\Benson Lam\AppData\Local\ysl0U8AKF0i0

    :Commands
    [EmptyTemp]
  3. Click the Run Fix button
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click OK
  6. A report will open. Copy and Paste that report in your next reply.

In your next reply, please include the following:
  • OTL Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 FumaGenius

FumaGenius
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 15 March 2010 - 10:24 PM

Here is that second report upon reboot.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Health Check Scheduler not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2492597187-2832661440-983162839-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC deleted successfully.
C:\Users\Benson Lam\AppData\Local\Temp\Amd.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2492597187-2832661440-983162839-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
========== FILES ==========
File\Folder C:\Users\Benson Lam\AppData\Local\Temp\Amd.exe not found.
C:\Users\Benson Lam\AppData\Local\uvexuhij.dll moved successfully.
C:\Users\Benson Lam\AppData\Local\SlG6JVm4 moved successfully.
C:\Users\Benson Lam\AppData\Local\av.exe moved successfully.
C:\Users\Benson Lam\AppData\Local\8A3Kl71lr4L moved successfully.
C:\Users\Benson Lam\AppData\Local\ysl0U8AKF0i0 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Benson Lam
->Temp folder emptied: 909553604 bytes
->Temporary Internet Files folder emptied: 179345231 bytes
->Java cache emptied: 60639745 bytes
->FireFox cache emptied: 50698301 bytes
->Google Chrome cache emptied: 3397881484 bytes
->Flash cache emptied: 100085 bytes

User: Benson-BodyGuard
->Temp folder emptied: 45603 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 74168870 bytes
->Flash cache emptied: 883 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 222720 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2186034333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 27624453073 bytes

Total Files Cleaned = 32,886.00 mb


OTL by OldTimer - Version 3.1.37.1 log created on 03152010_231418

Files\Folders moved on Reboot...
C:\Users\Benson Lam\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Users\Benson Lam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWVY0AZX\SYTPCA2BSS94CAZD08J2CAKGZ9N4CA62MTHDCAHBD4AKCADZVIZACANXP4IQCASRH0RACA7ZAEKOCAX9GOTNCAYMZ25QCA9IJC44CARAJDYECA2Y62OBCA01BH5RCAZX18Q9CAIAB42UCAKQG03ICAGLHAON scheduled to be moved on reboot.
File move failed. C:\Users\Benson Lam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GO8N3I9\QAT4CAM153BFCADWWW7QCA3OMCTWCA322N8FCAP58F5VCAZW1NYRCALEE79ECAEYHDNXCA63PEC4CAJ32FSECA6A1YDQCA0P3CDICA2GACUZCA01YB6NCAPGI1VBCAEY9HHOCARD7YMTCAZT85T7CA9R1FEO scheduled to be moved on reboot.
C:\Users\Benson Lam\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...


#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:09 PM

Posted 15 March 2010 - 10:26 PM

Hello, FumaGenius.
Looks good! How's your computer doing?

We need to run an MBAM Scan
  1. Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2
  2. Make sure you are connected to the Internet.
  3. Double-click on Download_mbam-setup.exe to install the application.
  4. When the installation begins, follow the prompts and do not make any changes to default settings.
  5. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  6. Then click Finish.
  7. Run MBAM and you will be asked to update the program before performing a scan.
    If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If you encounter any problems while downloading the updates, manually download them from here
    and just double-click on mbam-rules.exe to install.
  8. On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  9. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  10. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  11. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  12. Click OK to close the message box and continue with the removal process.
  13. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  14. Make sure that everything is checked, and click Remove Selected.
  15. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  16. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  17. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



NEXT:

We need to run OTL
  1. Double click on the OTL icon on your desktop.
  2. Click the "Scan All Users" checkbox.
  3. Change the "Extra Registry" option to "SafeList"
  4. Push the Run Scan button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • MBAM Log
  • OTL Log

Edited by aommaster, 15 March 2010 - 10:26 PM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 FumaGenius

FumaGenius
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 15 March 2010 - 10:57 PM

Thanks aommaster
Here is the MBAM log

Malwarebytes' Anti-Malware 1.44
Database version: 3872
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

15/03/2010 11:44:04 PM
mbam-log-2010-03-15 (23-44-04).txt

Scan type: Quick Scan
Objects scanned: 113031
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\Dr. Guard (Rogue.DrGuard) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Benson Lam\AppData\Roaming\nig597A.tmp.bat (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Public\downloads\lazylaunch.exe (Hacktool.Gen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Dr. Guard\drg.db (Rogue.DrGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Here is the new OTL log

OTL logfile created on: 15/03/2010 11:50:24 PM - Run 2
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Benson Lam\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.91 Gb Total Space | 38.09 Gb Free Space | 17.32% Space Free | Partition Type: NTFS
Drive D: | 11.42 Gb Total Space | 1.15 Gb Free Space | 10.04% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.52 Gb Free Space | 97.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232.88 Gb Total Space | 32.62 Gb Free Space | 14.01% Space Free | Partition Type: NTFS

Computer Name: BENSONLAM-PC
Current User Name: Benson Lam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/15 22:44:42 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Benson Lam\Desktop\OTL.exe
PRC - [2010/02/20 11:51:06 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/02/05 18:29:12 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/02/05 14:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Users\Benson Lam\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/07/26 19:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 20:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/25 08:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/15 02:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/08/08 01:03:41 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007/10/24 06:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/24 06:02:14 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/03/15 22:44:42 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Benson Lam\Desktop\OTL.exe
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/27 01:28:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2010/01/26 13:56:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/01 12:27:10 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/29 02:02:00 | 003,407,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/10/24 06:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\WINDOWS\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/12/18 20:29:19 | 000,056,832 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV:64bit: - [2009/11/01 12:23:41 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/23 11:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/01/20 22:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 22:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 22:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:46:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2008/01/20 22:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/18 07:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/09/29 19:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/17 19:17:46 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007/08/12 22:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007/07/11 13:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/28 11:09:56 | 003,148,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/26 22:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 15:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/02/27 19:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/01/17 09:48:30 | 001,455,616 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\smserial.sys -- (smserial)
DRV:64bit: - [2006/11/02 01:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/09 22:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2009/10/19 08:13:14 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2005/01/01 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://elm.mcmaster.ca/
IE - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/13 15:08:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/12 23:15:14 | 000,000,000 | ---D | M]

[2009/10/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Benson Lam\AppData\Roaming\Mozilla\Extensions
[2010/03/13 23:13:03 | 000,000,000 | ---D | M] -- C:\Users\Benson Lam\AppData\Roaming\Mozilla\Firefox\Profiles\42fk3eg3.default\extensions
[2009/10/10 17:24:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benson Lam\AppData\Roaming\Mozilla\Firefox\Profiles\42fk3eg3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/20 13:31:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Benson Lam\AppData\Roaming\Mozilla\Firefox\Profiles\42fk3eg3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/01 12:32:46 | 000,002,399 | ---- | M] () -- C:\Users\Benson Lam\AppData\Roaming\Mozilla\Firefox\Profiles\42fk3eg3.default\searchplugins\daemon-search.xml
[2010/03/13 23:13:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/12/21 01:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/01/27 01:52:15 | 000,001,692 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 4 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Benson Lam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.113.128.1 130.113.64.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benson Lam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benson Lam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{16d2acf3-c703-11de-a128-001e687b1187}\Shell - "" = AutoRun
O33 - MountPoints2\{16d2acf3-c703-11de-a128-001e687b1187}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{79314f43-daba-11de-b989-001e687b1187}\Shell - "" = AutoRun
O33 - MountPoints2\{79314f43-daba-11de-b989-001e687b1187}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37:64bit: - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2492597187-2832661440-983162839-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/15 23:14:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/15 22:44:42 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Users\Benson Lam\Desktop\OTL.exe
[2010/03/15 22:34:25 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/15 16:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/03/15 16:48:41 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/14 23:40:22 | 000,000,000 | ---D | C] -- C:\sysreset
[2010/03/12 20:55:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/12 20:55:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/12 20:55:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/12 20:55:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/06 00:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/03/06 00:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/03/03 23:16:36 | 000,000,000 | ---D | C] -- C:\Users\Benson Lam\AppData\Local\Blizzard Entertainment
[2010/03/03 23:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/03/03 23:16:31 | 000,000,000 | ---D | C] -- C:\Users\Benson Lam\Documents\StarCraft II Beta
[2010/02/28 18:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/02/28 18:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco
[2010/02/28 18:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/02/26 16:48:19 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.007
[2010/02/26 16:48:19 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\SynsoLChk.dll
[2010/02/26 16:48:19 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\Synsopos.exe
[2010/02/26 16:23:36 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.006
[2010/02/25 11:14:49 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.005
[2010/02/25 11:13:28 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004
[2010/02/25 00:03:20 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2010/02/25 00:02:04 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2010/02/24 23:56:58 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2010/02/24 23:56:55 | 000,708,608 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\SYNSOACC.dll
[2010/02/24 10:42:37 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/24 10:42:37 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/24 10:42:37 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/24 10:42:37 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/24 10:42:36 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/24 10:42:36 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/24 10:42:36 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/24 10:42:36 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/24 10:42:36 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010/02/24 10:42:36 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/24 10:42:36 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/24 10:42:36 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/24 10:42:36 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/24 10:42:36 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/24 10:42:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/24 10:42:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/24 10:42:36 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/24 10:42:36 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/24 10:42:34 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/02/24 10:42:34 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/02/24 10:42:33 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/02/24 10:42:33 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/02/24 10:42:33 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/24 10:42:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/02/21 21:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/02/15 17:49:01 | 000,073,728 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssdevm64.dll
[2010/02/15 17:49:01 | 000,057,344 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssdevm.dll
[2010/02/15 17:49:01 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssusbpn.dll
[2010/02/15 17:49:01 | 000,047,104 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssusbp64.dll
[2010/02/15 17:49:01 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml2a.dll
[2010/02/15 17:49:00 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2010/02/15 17:42:18 | 000,151,552 | ---- | C] (SS) -- C:\Windows\SysNative\cl31cci.exe
[2010/02/15 17:42:18 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\cl31cci.dll
[2010/02/15 17:42:16 | 000,000,000 | ---D | C] -- C:\Windows\DRIVERS
[2010/02/15 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2 C:\Users\Benson Lam\Desktop\*.tmp files -> C:\Users\Benson Lam\Desktop\*.tmp -> ]
[1 C:\Users\Benson Lam\AppData\Roaming\*.tmp files -> C:\Users\Benson Lam\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/15 23:52:46 | 001,684,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/15 23:52:46 | 000,750,480 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/03/15 23:52:46 | 000,668,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/15 23:52:46 | 000,162,688 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/03/15 23:52:46 | 000,133,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/15 23:52:18 | 003,670,016 | -HS- | M] () -- C:\Users\Benson Lam\ntuser.dat
[2010/03/15 23:47:42 | 000,056,042 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/15 23:47:42 | 000,056,042 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/15 23:47:16 | 000,000,363 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/03/15 23:46:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/15 23:46:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/15 23:46:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/15 23:46:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/15 23:46:01 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/15 23:45:10 | 000,524,288 | -HS- | M] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TMContainer00000000000000000001.regtrans-ms
[2010/03/15 23:45:10 | 000,065,536 | -HS- | M] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TM.blf
[2010/03/15 23:44:58 | 006,291,456 | -H-- | M] () -- C:\Users\Benson Lam\AppData\Local\IconCache.db
[2010/03/15 23:42:04 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2492597187-2832661440-983162839-1000UA.job
[2010/03/15 23:05:27 | 000,000,680 | ---- | M] () -- C:\Users\Benson Lam\AppData\Local\d3d9caps.dat
[2010/03/15 22:44:42 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Benson Lam\Desktop\OTL.exe
[2010/03/15 19:23:03 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{605D3AF6-D7F2-49D2-9F52-B1F27EFB0F43}.job
[2010/03/15 02:42:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2492597187-2832661440-983162839-1000Core.job
[2010/03/14 01:09:22 | 000,000,188 | ---- | M] () -- C:\Users\Benson Lam\defogger_reenable
[2010/03/13 15:08:06 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/03/13 14:35:26 | 000,856,005 | ---- | M] () -- C:\Users\Benson Lam\Desktop\for fun_Master.MP3
[2010/03/12 20:42:39 | 000,524,288 | -HS- | M] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TMContainer00000000000000000002.regtrans-ms
[2010/03/12 19:34:05 | 000,524,288 | -HS- | M] () -- C:\Users\Benson Lam\NTUSER.DAT{863dfeb4-fbf8-11de-8113-001e687b1187}.TMContainer00000000000000000001.regtrans-ms
[2010/03/12 19:34:05 | 000,065,536 | -HS- | M] () -- C:\Users\Benson Lam\NTUSER.DAT{863dfeb4-fbf8-11de-8113-001e687b1187}.TM.blf
[2010/03/11 13:29:23 | 000,000,552 | ---- | M] () -- C:\Users\Benson Lam\AppData\Local\d3d8caps.dat
[2010/03/10 03:26:38 | 000,000,000 | ---- | M] () -- C:\test.mpg
[2010/03/09 17:31:03 | 000,010,658 | ---- | M] () -- C:\Users\Benson Lam\Documents\my arguement.docx
[2010/03/09 16:24:59 | 000,180,224 | ---- | M] () -- C:\Users\Benson Lam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/07 18:25:09 | 000,162,304 | ---- | M] () -- C:\Windows\Afuraa.exe
[2010/03/05 04:29:02 | 010,404,510 | ---- | M] () -- C:\Users\Benson Lam\Desktop\03 - Magic.mp3
[2010/03/04 21:28:01 | 000,112,488 | ---- | M] () -- C:\Users\Benson Lam\Desktop\econ question.docx
[2010/03/04 13:03:02 | 002,468,352 | ---- | M] () -- C:\Users\Benson Lam\Desktop\XrayCrystallography.ppt
[2010/03/02 15:11:39 | 001,181,022 | ---- | M] () -- C:\Windows\SysWow64\TmpA340121101
[2010/02/28 18:14:08 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2010/02/26 16:40:46 | 000,000,471 | ---- | M] () -- C:\Windows\SysWow64\Datei4
[2010/02/26 16:40:46 | 000,000,471 | ---- | M] () -- C:\Windows\SysWow64\Datei2
[2010/02/26 16:40:46 | 000,000,470 | ---- | M] () -- C:\Windows\SysWow64\Datei3
[2010/02/26 16:40:46 | 000,000,470 | ---- | M] () -- C:\Windows\SysWow64\Datei1
[2010/02/26 16:40:46 | 000,000,469 | ---- | M] () -- C:\Windows\SysWow64\Datei7
[2010/02/26 16:40:46 | 000,000,469 | ---- | M] () -- C:\Windows\SysWow64\Datei5
[2010/02/26 16:40:46 | 000,000,468 | ---- | M] () -- C:\Windows\SysWow64\Datei0
[2010/02/26 16:40:46 | 000,000,467 | ---- | M] () -- C:\Windows\SysWow64\Datei9
[2010/02/26 16:40:46 | 000,000,467 | ---- | M] () -- C:\Windows\SysWow64\Datei8
[2010/02/26 16:40:46 | 000,000,467 | ---- | M] () -- C:\Windows\SysWow64\Datei10
[2010/02/26 16:40:46 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\Datei6
[2010/02/26 16:16:46 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Hypersonic.exe.lnk
[2010/02/25 15:08:07 | 000,080,304 | ---- | M] () -- C:\Users\Benson Lam\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 15:05:57 | 003,175,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/25 10:56:13 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/02/22 17:19:18 | 309,962,041 | ---- | M] () -- C:\Users\Benson Lam\Desktop\2am clips.rar
[2010/02/22 02:04:13 | 003,139,734 | ---- | M] () -- C:\Users\Benson Lam\Desktop\2amrough2.mp3
[2010/02/22 01:45:24 | 003,139,734 | ---- | M] () -- C:\Users\Benson Lam\Desktop\2amrough.mp3
[2010/02/21 02:04:53 | 000,074,124 | ---- | M] () -- C:\Users\Benson Lam\Desktop\References.pdf
[2010/02/21 02:04:21 | 000,134,440 | ---- | M] () -- C:\Users\Benson Lam\Desktop\Compiled Good Copy.pdf
[2010/02/20 19:15:56 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/02/20 19:14:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/02/20 19:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/02/20 19:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/02/19 17:13:02 | 000,100,130 | ---- | M] () -- C:\Users\Benson Lam\Desktop\wedding dress.rtf
[2010/02/19 14:17:42 | 028,576,576 | ---- | M] () -- C:\Users\Benson Lam\Desktop\audition 4.wmv
[2010/02/19 04:53:20 | 3297,482,885 | ---- | M] () -- C:\Users\Benson Lam\Desktop\CODMW2.rar
[2010/02/18 20:42:47 | 1737,034,803 | ---- | M] () -- C:\Users\Benson Lam\Desktop\Hypersonic.rar
[2010/02/16 20:40:38 | 003,251,130 | ---- | M] () -- C:\Users\Benson Lam\Documents\Youcam1.rar
[2010/02/16 20:37:53 | 000,112,307 | ---- | M] () -- C:\Users\Benson Lam\Documents\Orgo@York.rar
[2010/02/16 19:41:20 | 000,039,454 | ---- | M] () -- C:\Users\Benson Lam\Desktop\karalupin.jpg
[2010/02/16 15:55:05 | 347,846,613 | ---- | M] () -- C:\Users\Benson Lam\Documents\Cubase LE 4.rar
[2010/02/16 15:50:02 | 171,907,509 | ---- | M] () -- C:\Users\Benson Lam\Documents\1st Year Mac.rar
[2010/02/15 17:49:06 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2010/02/15 17:19:13 | 000,000,162 | -H-- | M] () -- C:\Users\Benson Lam\Desktop\~$signment Biochem1.docx
[2010/02/15 11:45:58 | 001,180,031 | ---- | M] () -- C:\Users\Benson Lam\Desktop\02 (2).mp3
[2 C:\Users\Benson Lam\Desktop\*.tmp files -> C:\Users\Benson Lam\Desktop\*.tmp -> ]
[1 C:\Users\Benson Lam\AppData\Roaming\*.tmp files -> C:\Users\Benson Lam\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/14 01:09:22 | 000,000,188 | ---- | C] () -- C:\Users\Benson Lam\defogger_reenable
[2010/03/13 15:08:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/13 14:35:21 | 000,856,005 | ---- | C] () -- C:\Users\Benson Lam\Desktop\for fun_Master.MP3
[2010/03/12 19:53:27 | 000,524,288 | -HS- | C] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TMContainer00000000000000000002.regtrans-ms
[2010/03/12 19:53:27 | 000,524,288 | -HS- | C] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TMContainer00000000000000000001.regtrans-ms
[2010/03/12 19:53:27 | 000,065,536 | -HS- | C] () -- C:\Users\Benson Lam\ntuser.dat{4c6b329e-2e32-11df-86b1-001e687b1187}.TM.blf
[2010/03/11 13:29:23 | 000,000,552 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\d3d8caps.dat
[2010/03/09 17:01:34 | 000,010,658 | ---- | C] () -- C:\Users\Benson Lam\Documents\my arguement.docx
[2010/03/07 18:25:17 | 000,162,304 | ---- | C] () -- C:\Windows\Afuraa.exe
[2010/03/05 04:25:22 | 010,404,510 | ---- | C] () -- C:\Users\Benson Lam\Desktop\03 - Magic.mp3
[2010/03/04 21:28:00 | 000,112,488 | ---- | C] () -- C:\Users\Benson Lam\Desktop\econ question.docx
[2010/03/04 13:02:58 | 002,468,352 | ---- | C] () -- C:\Users\Benson Lam\Desktop\XrayCrystallography.ppt
[2010/03/02 15:11:39 | 001,181,022 | ---- | C] () -- C:\Windows\SysWow64\TmpA340121101
[2010/02/28 18:14:08 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2010/02/26 16:48:27 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm
[2010/02/26 16:48:27 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm
[2010/02/26 16:48:27 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm
[2010/02/26 16:16:46 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Hypersonic.exe.lnk
[2010/02/25 10:56:13 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/02/25 00:05:02 | 000,000,471 | ---- | C] () -- C:\Windows\SysWow64\Datei4
[2010/02/25 00:05:02 | 000,000,471 | ---- | C] () -- C:\Windows\SysWow64\Datei2
[2010/02/25 00:05:02 | 000,000,470 | ---- | C] () -- C:\Windows\SysWow64\Datei3
[2010/02/25 00:05:02 | 000,000,470 | ---- | C] () -- C:\Windows\SysWow64\Datei1
[2010/02/25 00:05:02 | 000,000,469 | ---- | C] () -- C:\Windows\SysWow64\Datei7
[2010/02/25 00:05:02 | 000,000,469 | ---- | C] () -- C:\Windows\SysWow64\Datei5
[2010/02/25 00:05:02 | 000,000,468 | ---- | C] () -- C:\Windows\SysWow64\Datei0
[2010/02/25 00:05:02 | 000,000,467 | ---- | C] () -- C:\Windows\SysWow64\Datei9
[2010/02/25 00:05:02 | 000,000,467 | ---- | C] () -- C:\Windows\SysWow64\Datei8
[2010/02/25 00:05:02 | 000,000,467 | ---- | C] () -- C:\Windows\SysWow64\Datei10
[2010/02/25 00:05:02 | 000,000,465 | ---- | C] () -- C:\Windows\SysWow64\Datei6
[2010/02/22 17:13:10 | 309,962,041 | ---- | C] () -- C:\Users\Benson Lam\Desktop\2am clips.rar
[2010/02/22 02:03:14 | 003,139,734 | ---- | C] () -- C:\Users\Benson Lam\Desktop\2amrough2.mp3
[2010/02/22 01:44:31 | 003,139,734 | ---- | C] () -- C:\Users\Benson Lam\Desktop\2amrough.mp3
[2010/02/21 02:04:53 | 000,074,124 | ---- | C] () -- C:\Users\Benson Lam\Desktop\References.pdf
[2010/02/21 02:04:20 | 000,134,440 | ---- | C] () -- C:\Users\Benson Lam\Desktop\Compiled Good Copy.pdf
[2010/02/19 14:13:10 | 028,576,576 | ---- | C] () -- C:\Users\Benson Lam\Desktop\audition 4.wmv
[2010/02/19 02:22:45 | 3297,482,885 | ---- | C] () -- C:\Users\Benson Lam\Desktop\CODMW2.rar
[2010/02/18 20:22:31 | 1737,034,803 | ---- | C] () -- C:\Users\Benson Lam\Desktop\Hypersonic.rar
[2010/02/16 20:40:37 | 003,251,130 | ---- | C] () -- C:\Users\Benson Lam\Documents\Youcam1.rar
[2010/02/16 20:37:53 | 000,112,307 | ---- | C] () -- C:\Users\Benson Lam\Documents\Orgo@York.rar
[2010/02/16 19:41:20 | 000,039,454 | ---- | C] () -- C:\Users\Benson Lam\Desktop\karalupin.jpg
[2010/02/16 15:50:43 | 347,846,613 | ---- | C] () -- C:\Users\Benson Lam\Documents\Cubase LE 4.rar
[2010/02/16 15:48:09 | 171,907,509 | ---- | C] () -- C:\Users\Benson Lam\Documents\1st Year Mac.rar
[2010/02/15 17:49:06 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2010/02/15 17:49:02 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/02/15 17:48:05 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico
[2010/02/15 17:42:17 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\cl31cl6.smt
[2010/02/15 17:42:16 | 000,022,016 | ---- | C] () -- C:\Windows\SysNative\cl31cl6.dll
[2010/02/15 17:19:13 | 000,000,162 | -H-- | C] () -- C:\Users\Benson Lam\Desktop\~$signment Biochem1.docx
[2010/02/15 11:45:47 | 001,180,031 | ---- | C] () -- C:\Users\Benson Lam\Desktop\02 (2).mp3
[2010/02/01 10:29:25 | 000,001,227 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\ivakeyibewereco.dll
[2010/02/01 10:26:36 | 000,001,227 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\inujihanotiji.dll
[2010/01/09 22:34:07 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/01/05 00:06:32 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2009/12/17 12:03:52 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/12/04 15:42:51 | 000,056,042 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/04 15:42:30 | 000,056,042 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/29 17:28:47 | 000,028,109 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/11/29 17:28:20 | 000,033,214 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\dd_dotnetfx3install.txt
[2009/11/29 17:28:20 | 000,002,826 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\uxeventlog.txt
[2009/11/29 17:28:20 | 000,000,604 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\dd_dotnetfx3error.txt
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/21 07:40:49 | 000,000,680 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\d3d9caps.dat
[2009/10/20 19:14:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 19:12:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/18 18:52:16 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\HPPLVS.dll
[2009/10/09 22:07:54 | 000,028,314 | ---- | C] () -- C:\Users\Benson Lam\AppData\Roaming\nvModes.001
[2009/10/07 21:49:36 | 000,028,314 | ---- | C] () -- C:\Users\Benson Lam\AppData\Roaming\nvModes.dat
[2009/10/04 23:18:23 | 001,565,076 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/03 00:19:47 | 000,000,000 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\QSwitch.txt
[2009/10/03 00:19:47 | 000,000,000 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\DSwitch.txt
[2009/10/03 00:19:47 | 000,000,000 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\AtStart.txt
[2009/10/03 00:02:51 | 000,000,371 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/10/02 13:46:34 | 000,180,224 | ---- | C] () -- C:\Users\Benson Lam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll

========== Files - Unicode (All) ==========
[2010/02/24 02:38:14 | 003,148,835 | ---- | M] ()(C:\Users\Benson Lam\Desktop\2am ??? ??? cover.mp3) -- C:\Users\Benson Lam\Desktop\2am 죽어도 못보내 cover.mp3
[2010/02/22 15:00:35 | 003,148,835 | ---- | C] ()(C:\Users\Benson Lam\Desktop\2am ??? ??? cover.mp3) -- C:\Users\Benson Lam\Desktop\2am 죽어도 못보내 cover.mp3
[2010/02/11 12:06:00 | 003,167,352 | ---- | M] ()(C:\Users\Benson Lam\Desktop\?????? 2AM.mp3) -- C:\Users\Benson Lam\Desktop\죽어도못보내 2AM.mp3
[2010/02/11 12:05:46 | 003,167,352 | ---- | C] ()(C:\Users\Benson Lam\Desktop\?????? 2AM.mp3) -- C:\Users\Benson Lam\Desktop\죽어도못보내 2AM.mp3
[2010/02/01 01:26:29 | 004,385,385 | ---- | M] ()(C:\Users\Benson Lam\Desktop\wo99_com_????(??KARAOKE).wma) -- C:\Users\Benson Lam\Desktop\wo99_com_你瞞我瞞(原裝KARAOKE).wma
[2010/02/01 01:26:10 | 004,385,385 | ---- | C] ()(C:\Users\Benson Lam\Desktop\wo99_com_????(??KARAOKE).wma) -- C:\Users\Benson Lam\Desktop\wo99_com_你瞞我瞞(原裝KARAOKE).wma
[2010/01/21 14:38:36 | 010,270,232 | ---- | M] ()(C:\Users\Benson Lam\Desktop\??DuetCeci+Ben.mp3) -- C:\Users\Benson Lam\Desktop\어젠DuetCeci+Ben.mp3
[2010/01/04 18:57:53 | 000,013,978 | ---- | M] ()(C:\Users\Benson Lam\Desktop\?? ???? ???.docx) -- C:\Users\Benson Lam\Desktop\우리 사랑하게 됐어요.docx
[2010/01/04 18:57:38 | 000,013,978 | ---- | C] ()(C:\Users\Benson Lam\Desktop\?? ???? ???.docx) -- C:\Users\Benson Lam\Desktop\우리 사랑하게 됐어요.docx
[2010/01/04 18:45:42 | 010,270,232 | ---- | C] ()(C:\Users\Benson Lam\Desktop\??DuetCeci+Ben.mp3) -- C:\Users\Benson Lam\Desktop\어젠DuetCeci+Ben.mp3
[2010/01/02 12:46:12 | 010,312,123 | ---- | M] ()(C:\Users\Benson Lam\Desktop\??? ??? ??? Cover.mp3) -- C:\Users\Benson Lam\Desktop\그립고 그립고 그립다 Cover.mp3
[2009/12/30 11:42:35 | 010,312,123 | ---- | C] ()(C:\Users\Benson Lam\Desktop\??? ??? ??? Cover.mp3) -- C:\Users\Benson Lam\Desktop\그립고 그립고 그립다 Cover.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Benson Lam\Desktop\TTLkollab_mixdown.mp3:TOC.WMV
< End of report >


#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:09 PM

Posted 15 March 2010 - 11:04 PM

Hello, FumaGenius.
How's your computer doing? If you're not experiencing any more problems, please proceed with the steps below:

We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 18 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run a Panda Active Scan
  1. Please go here to run Panda's ActiveScan
  2. Once you are on the Panda site click the Scan your PC button
  3. Click the big Scan Now button
  4. If it wants to install an ActiveX component allow it
  5. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  6. When download is complete, click on My Computer to start the scan
  7. When the scan completes, if anything malicious is detected, click the Export to button, Post the contents of the ActiveScan report

In your next reply, please include the following:
  • ActiveScan Report

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 FumaGenius

FumaGenius
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 16 March 2010 - 07:27 AM

Active Scan Report


;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-16 08:26:50
PROTECTIONS: 1
MALWARE: 51
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@tradedoubler[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@mediaplex[2].txt
00145792 Cookie/SexList TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@sexlist[2].txt
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@spylog[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@clickbank[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@ccbill[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@revenue[2].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@www.myaffiliateprogram[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@yadro[1].txt
00167706 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@counter3.sextracker[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@statcounter[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@counter.hitslink[1].txt
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@counter15.sextracker[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@ad.yieldmanager[1].txt
00168057 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@counter10.sextracker[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@bs.serving-sys[1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@888[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@weborama[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@advertising[2].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@sextracker[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@ads.pointroll[2].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@hc2.humanclick[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@realmedia[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@zedo[2].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@xxxcounter[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@adultfriendfinder[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@searchportal.information[1].txt
00206953 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@counter14.sextracker[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@did-it[1].txt
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@www2.addfreestats[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@smartadserver[2].txt
01081310 Generic Trojan Virus/Trojan No 0 Yes No c:\program files (x86)\screaming bee\morphvox pro\morphvox.pro.3.0.5.build.39239-patch.exe
01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\users\benson lam\appdata\roaming\microsoft\windows\cookies\benson_lam@enhance[2].txt
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\benson lam\downloads\adobe photoshop cs4 extended + keygen + activation\cs4 crack folder\adobe-master-cs4-keygen.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\_otl\movedfiles\03152010_231418\c_users\benson lam\appdata\local\temp\amd.exe
06086369 Generic Trojan Virus/Trojan No 0 Yes No c:\windows\system32\spool\prtprocs\x64\00000390.tmp
06092711 Generic Trojan Virus/Trojan No 0 Yes No c:\windows\afuraa.exe
06094305 Generic Trojan Virus/Trojan No 0 Yes No c:\windows\system32\spool\prtprocs\x64\00006663.tmp
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
Yes c:\users\benson lam\documents\downloads\sysreset255.exe
Yes c:\windows\system32\spool\prtprocs\x64\00004ef9.tmp
Yes c:\_otl\movedfiles\03152010_231418\c_users\benson lam\appdata\local\uvexuhij.dll
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users