Buffer overrun detected error - Possible virus/malware infection?

[jch02140]

Hi,

I downloaded a program called Thunder and when I tried to install it, an error message pops up saying buffer overrun detected when the installation is near complete.

I am worried that some data might get corrupted because of this and immediately pull the internet cable and remove all traces of the program I tried to install.

Then run Spybot, NIS and Anti-malware which doesn't seems to produce any infections results.

I also ran chkdsk and it doesn't seems to show any errors.

However, to be on the safe side. I have attached the DDS and Attach logs in case there are something malicious in my system.

DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by CHOI YIN FUNG at 8:41:49 on 2012-07-11

Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.2052.18.8047.4905 [GMT 8:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\Hpservice.exe

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

C:\windows\system32\taskhost.exe

c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\windows\SysWOW64\PnkBstrA.exe

C:\windows\SysWOW64\PnkBstrB.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system\uArcCapture.exe

C:\Program Files\PacketiX VPN Client\vpnclient_x64.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\SysWOW64\svchost -k XLServicePlatform

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\windows\System32\rundll32.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\PacketiX VPN Client\vpnclient_x64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\PacketiX VPN Client\vpncmgr_x64.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\windows\system32\conhost.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.choiyinfung.com/

uInternet Settings,ProxyOverride = local;*.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID 登录帮助程序: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - C:\PROGRA~2\Zend\ZENDST~1.0\toolbars\ZENDIE~1.DLL

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [smart] C:\Program Files (x86)\Restoring Data\SmartData\SMART.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\CHOIYI~1.CHO\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PACKET~1.LNK - C:\Program Files (x86)\PacketiX VPN Client\vpncmgr_x64.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &?牪狔粖朋?

IE: &?牪狔粖朋??笰柆?

IE: &使用优蛋下载

IE: &使用优蛋下载?部链接

IE: &使用优蛋下载全部链接

IE: &妏蚚蚥粥狟婥 - C:\Program Files (x86)\115\UDown\getUrl.htm

IE: &妏蚚蚥粥狟婥?窒蟈?

IE: &妏蚚蚥粥狟婥?窒蟈諉

IE: &妏蚚蚥粥狟婥?窒蟈諉 - C:\Program Files (x86)\115\UDown\getAllUrl.htm

IE: &?牪狔粖朋?

IE: &?牪狔粖朋??笰柆?

IE: ?像?送到 Bluetooth ??(&B)...

IE: ?钩?癳 Bluetooth ??(&B)...

IE: ?面?送到 Bluetooth ??(&B)...

IE: ??癳 Bluetooth ??(&B)...

IE: Download by easyMule - C:\Program Files (x86)\easyMule\IE2EM.htm

IE: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm

IE: 图像发送到 Bluetooth 设备(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: 珜醱楷冞善 Bluetooth 扢掘(&B)...

IE: 芞砉楷冞善 Bluetooth 扢掘(&B)...

IE: 页面发送到 Bluetooth 设备(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0000016b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm

IE: {0000026b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} - hxxp://images.hangame.co.jp/hangame/core/common/speccheck/HGReport.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{C9DD7F34-D8C5-4619-AFE3-D495BB5228CF} : DhcpNameServer = 10.11.105.101 10.11.110.102

TCP: Interfaces\{F7A830AD-72FF-4F34-BF5B-358F8D04C8EC} : DhcpNameServer = 192.168.1.1 210.87.253.1

TCP: Interfaces\{FBB9E5BE-1EE4-4F8F-96BD-F65101DB6BB9} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{FD638E1D-1B8C-41B6-80DD-AF9FF61EAC33} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{FD638E1D-1B8C-41B6-80DD-AF9FF61EAC33}\2375942554839313 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{FD638E1D-1B8C-41B6-80DD-AF9FF61EAC33}\27F626562747 : DhcpNameServer = 192.168.1.1 61.247.0.2 202.73.99.2

TCP: Interfaces\{FD638E1D-1B8C-41B6-80DD-AF9FF61EAC33}\84B424E4F5630313332353 : DhcpNameServer = 192.168.0.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: DeviceNP - DeviceNP.dll

LSA: Notification Packages = DPPassFilter scecli

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{3134413B-49B4-425C-98A5-893C1F195601}

{395610AE-C624-4f58-B89E-23733EA00F9A}

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}

{6D53EC84-6AAE-4787-AEEE-F4628F01010C}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

{95188727-288F-4581-A48D-EAB3BD027314}

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun-x64: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(默认)]

mRun-x64: [smart] C:\Program Files (x86)\Restoring Data\SmartData\SMART.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {0000016b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm

IE-X64: {0000026b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\58lcuucm.default\

FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Private Search

FF - prefs.js: browser.startup.homepage - hxxp://www.choiyinfung.com/|http://daohang.google.cn/|http://www.artfederations.com/

FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\components\dpffcli.dll

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\cpmanager@mozillaonline.com\components\cpmanager-com.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\58lcuucm.default\extensions\fontsetter@mozillaonline.com\components\ClearTypeTuner.dll

FF - component: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\58lcuucm.default\extensions\livemargins@mozillaonline.com\components\mediacenter-com.dll

FF - component: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\58lcuucm.default\extensions\livemargins@mozillaonline.com\components\windowTrayIcon.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.4.(730).dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\Fancy\npfancygame.dll

FF - plugin: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll

FF - plugin: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\58lcuucm.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll

FF - plugin: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\58lcuucm.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

FF - plugin: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\58lcuucm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\58lcuucm.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll

FF - plugin: C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\58lcuucm.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-19 1161376]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120707.001\IDSviA64.sys [2012-7-10 509088]

R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2011-1-8 89600]

R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-14 20992]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-4-13 8704]

R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-6-19 103992]

R2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-19 36864]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-4-6 103992]

R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-5-10 90112]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]

R2 hpHotkeyMonitor;HP Hotkey Monitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-1 280120]

R2 hpsrv;HP Service;C:\windows\system32\Hpservice.exe --> C:\windows\system32\Hpservice.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-9 13336]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-7 375176]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-10 654408]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008]

R2 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-15 1153368]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SPDFCreatorReadSpool;SolidPDFCreatorReadSpool;C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe [2011-10-3 215880]

R2 uArcCapture;ArcCapture;C:\Windows\system\uArcCapture.exe [2011-1-8 506472]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-8 2320920]

R2 vpnclient;PacketiX VPN Client;C:\Program Files\PacketiX VPN Client\vpnclient_x64.exe [2011-2-28 3396480]

R2 XLServicePlatform;XLServicePlatform;C:\windows\system32\svchost -k XLServicePlatform --> C:\windows\system32\svchost -k XLServicePlatform [?]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 appliandMP;appliandMP;C:\windows\system32\DRIVERS\appliand.sys --> C:\windows\system32\DRIVERS\appliand.sys [?]

R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\system32\DRIVERS\ArcSoftVCapture.sys --> C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [?]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 Neo_VPN;VPN Client Device Driver - VPN;C:\windows\system32\DRIVERS\Neo_0109.sys --> C:\windows\system32\DRIVERS\Neo_0109.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]

S2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-12-15 1639728]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]

S3 appliand;Applian Network Service;C:\windows\system32\DRIVERS\appliand.sys --> C:\windows\system32\DRIVERS\appliand.sys [?]

S3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys --> C:\windows\system32\drivers\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

S3 DAMDrv;DAMDrv;C:\windows\system32\DRIVERS\DAMDrv64.sys --> C:\windows\system32\DRIVERS\DAMDrv64.sys [?]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-11-18 362040]

S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 Neo_Giganews;VPN Client Device Driver - Giganews;C:\windows\system32\DRIVERS\Neo_0004.sys --> C:\windows\system32\DRIVERS\Neo_0004.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\system32\DRIVERS\netaapl64.sys --> C:\windows\system32\DRIVERS\netaapl64.sys [?]

S3 NisSrv;Microsoft 网络检查;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2012-4-4 38912]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 SecRomDrv;Secure CDROM Property;C:\windows\system32\DRIVERS\cdrom.sys --> C:\windows\system32\DRIVERS\cdrom.sys [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TesSafe;TesSafe;\??\C:\windows\system32\TesSafe.sys --> C:\windows\system32\TesSafe.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows 激活技术服务;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]

S3 xsherlock;xsherlock;C:\Windows\xsherlock.xem [2011-11-6 660496]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-10 15:31:43 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-07-10 15:31:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-10 15:00:59 -------- d-----w- C:\Program Files (x86)\Common Files\Thunder Network

2012-07-10 15:00:58 -------- d-----w- C:\ProgramData\Thunder Network

2012-07-09 18:59:26 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\QuickScan

2012-07-09 06:10:51 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\{F91EC11C-291A-4FF7-A9D8-4D524515D325}

2012-07-09 06:10:39 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\{EB7B4BB5-0BE9-401E-8B8E-B7837584E3AA}

2012-07-07 09:24:54 -------- d-----w- C:\Program Files (x86)\SEGA

2012-07-07 04:43:16 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\SEGA

2012-07-06 12:43:56 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\{4C369C81-ADE9-48E1-9E43-1047A09E0A2F}

2012-07-06 12:43:45 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\{8F99448B-CA20-483D-ADAB-9ADA671EA3F2}

2012-07-06 02:41:21 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\CrossFnt

2012-07-06 02:41:21 -------- d-----w- C:\Program Files (x86)\CrossFont

2012-07-04 16:07:12 -------- d-----w- C:\战地之王

2012-07-04 12:01:03 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\MP3 Speed

2012-07-03 09:18:21 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\{CC0417B9-4AF3-40C0-88E2-E4FAB3FB8B91}

2012-07-03 09:18:10 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\{C852E2CA-8DFA-4534-AE88-E0A3BA87E707}

2012-07-02 21:33:19 -------- d-----w- C:\Program Files (x86)\psx emulation cheater

2012-06-29 03:27:55 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-29 03:27:32 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-06-28 21:23:23 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\fancy

2012-06-28 21:23:18 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\Fancy

2012-06-27 03:03:49 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\content_shell

2012-06-23 10:38:00 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-23 10:37:45 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-23 10:37:30 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-23 10:37:30 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-21 12:59:22 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\{BF016252-6740-4CB7-B067-C52B566AD560}

2012-06-21 12:59:10 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\{6BEAC760-0B96-413F-82FA-0C26B0973665}

2012-06-21 02:20:42 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Roaming\GameSalad

2012-06-21 02:20:37 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\GameSalad

2012-06-18 19:48:14 -------- d-----w- C:\Program Files\Febooti fileTweak Hash and CRC

2012-06-18 05:31:35 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\{B279A59F-BB61-40EC-87DB-04015CA52D57}

2012-06-17 15:32:01 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\{8FD6FA51-372F-4719-873B-8DB7E7BED917}

2012-06-17 11:23:40 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\.thumbnails

2012-06-17 10:39:53 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\Macromedia

2012-06-15 15:02:58 -------- d-----w- C:\Users\CHOI YIN FUNG.CHOIYINFUNG-HP\AppData\Local\Humanbalance

2012-06-15 15:02:55 -------- d-----w- C:\Program Files (x86)\GraphicsGale

2012-06-14 05:47:22 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-06-14 05:47:22 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-06-14 05:47:22 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-06-14 05:47:11 3146752 ----a-w- C:\windows\System32\win32k.sys

2012-06-14 05:47:11 209920 ----a-w- C:\windows\System32\profsvc.dll

2012-06-14 05:47:08 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-06-14 05:47:08 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-06-14 05:47:07 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-06-14 05:46:51 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-06-14 05:46:50 3216384 ----a-w- C:\windows\System32\msi.dll

2012-06-14 05:46:50 2342400 ----a-w- C:\windows\SysWow64\msi.dll

2012-06-14 05:46:45 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-06-14 05:46:45 1462272 ----a-w- C:\windows\System32\crypt32.dll

2012-06-14 05:46:45 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-06-14 05:46:45 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-06-14 05:46:45 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-06-14 05:46:45 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

2012-06-11 21:43:31 912504 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys

2012-06-11 21:43:31 744568 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\srtsp64.sys

2012-06-11 21:43:31 450680 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys

2012-06-11 21:43:31 40568 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\srtspx64.sys

2012-06-11 21:43:31 386168 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys

2012-06-11 21:43:31 171128 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys

2012-06-11 21:43:17 -------- d-----w- C:\windows\System32\drivers\NISx64\1207020.003

.

==================== Find3M ====================

.

2012-07-04 16:36:46 163920 ----a-w- C:\windows\System32\TesSafe.sys

2012-06-23 06:58:26 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 06:58:26 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-06-20 15:28:03 4145600 ----a-w- C:\windows\SysWow64\GameMon.des

2012-05-31 15:02:39 134528 ----a-w- C:\windows\System32\vpncmd.exe

2012-05-30 06:50:44 34768 ----a-w- C:\windows\xinstaller.exe

2012-05-30 06:50:42 79824 ----a-w- C:\windows\xinstaller.dll

2012-05-21 20:19:18 87456 ----a-w- C:\windows\System32\LMIRfsClientNP.dll

2012-05-21 20:19:18 80768 ----a-w- C:\windows\System32\LMIinit.dll

2012-05-21 20:19:18 34688 ----a-w- C:\windows\System32\LMIport.dll

2012-05-18 10:22:45 670816 ----a-w- C:\windows\SysWow64\xsherlock.xem

2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-05-05 17:08:15 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 11:29:16 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-04-12 09:28:56 189248 ----a-w- C:\windows\SysWow64\PnkBstrB.exe

2012-04-12 09:28:52 189248 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0

2012-04-12 09:28:35 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe

.

============= FINISH: 8:43:03.86 ===============

Attach Log

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2011/2/2 8:17:50

System Uptime: 2012/7/11 0:01:10 (8 hours ago)

.

Motherboard: Hewlett-Packard | | 1411

Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz | CPU 1 | 1190/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 448 GiB total, 12.592 GiB free.

D: is FIXED (NTFS) - 0 GiB total, .253 GiB free.

E: is FIXED (NTFS) - 15 GiB total, 4.146 GiB free.

F: is FIXED (FAT32) - 2 GiB total, 1.409 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP390: 2012/7/8 1:10:52 - PacketiX VPN Client 64-bit (Japanese) をインストールしました

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Recommended Settings

Adobe Color NA Extra Settings

Adobe Community Help

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Photoshop CS5.1

Adobe Reader X (10.1.3) - Chinese Simplified

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Adobe? Shadow

Akamai NetSession Interface

Akamai NetSession Interface Service

Allods Online 2.0.04.49

Amazon MP3 Downloader 1.0.9

Apple Application Support

Apple Software Update

ArchlordX

ArcSoft TotalMedia

ArcSoft Webcam Sharing Manager

ASUS RT-N66U Wireless Router Utilities

Bandisoft MPEG-1 Decoder

Belarc Advisor 8.2

Bing Rewards Client Installer

Blacklight Retribution

C9

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Champions Online

Cheat Engine 6.0

City of Transformers

Comical 0.8

Corel Home Office

Corel Home Office - CS Templates

Corel Home Office - CT Templates

Corel Home Office - IPM

Corel Home Office - JP Templates

Corel Home Office - KR Templates

Corel Home Office - Launcher

Corel Home Office - Templates RU

Corel Home Office - Templates1

Creation Kit

CrossFont version 6.3

Curse Client

D3DX10

DAEMON Tools Lite

DC Universe Online Live

Divine Souls

Dragona

Earthrise

Eligium

Energy Star Digital Logo

EverQuest II

EverQuest II Extended

Exact Audio Copy 1.0beta2

Fallen Earth

File Sanitizer For HP ProtectTools

Global Agenda Launcher

Global Agenda Live

GrabIt 1.7.2 Beta 4 (build 997)

GraphicsGale version 1.93.20

Hellgate

Hewlett-Packard ACLM.NET v1.1.1.0

HP Customer Experience Enhancements

HP Deskjet 3050 J610 series 帮助

HP Documentation

HP ESU for Microsoft Windows 7

HP Product Detection

HP QuickWeb

HP Setup

HP SoftPaq Download Manager

HP Software Framework

HP Software Setup

HP Support Assistant

HP Update

HP Webcam Driver

IDT Audio

iExplorer 2.2.1.2

ImgBurn

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

Japanese Fonts Support For Adobe Reader X

Java Auto Updater

Java™ 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Kalydo Player 4.03.00

LightScribe System Software

LogMeIn

Malwarebytes Anti-Malware version 1.61.0.1400

MATonline2.1.6.343

Medieval CUE Splitter

Mesh Runtime

Messenger 分享元件

Messenger 浏览器插件

Microsoft AppLocale

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Starter 2010 - 中文(简体)

Microsoft Office 即点即用 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

mIRC

Monkey's Audio

Mozilla Firefox 11.0 (x86 zh-CN)

MSVCRT

MSVCRT_amd64

Nexon Game Manager

NNDD - v1.27.6

Norton Internet Security

Norton Online Backup

NVIDIA PhysX

OpenOffice.org 3.2

Origin

Pando Media Booster

PDF Settings

PDF Settings CS5

Perpetuum

PHANTASY STAR ONLINE 2

Pistonsoft BPM Detector 1.0

Project Blackout

PunkBuster Services

QuickPar 0.9

QuickTime

R2 2nd Revolution 20110407

Realtek Ethernet Controller All-In-One Windows Driver

Realtek USB 2.0 Card Reader

Replay Media Catcher 4 (4.3.2)

Repulse

Requiem

RIFT

RunesOfMagic

SeaTools for Windows

SecondLifeViewer2 (remove only)

Section 8: Prejudice

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype? 4.1

SmartSound Quicktracks 5

SolidPDFCreator

Sound Forge Pro 10.0

Spybot - Search & Destroy

Steam

swMSM

System Requirements Lab CYRI

TERA

The Elder Scrolls V: Skyrim

Theft Recovery

Tiled - Tiled Map Editor

TotalMedia Suite update

Tribes Ascend Closed Beta

Unity

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Vindictus

Warhammer Online - Age of Reckoning

WEBZEN Browser Extension

Windows 7 Default Setting

Windows Live Communications Platform

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Live 程式集

Windows Live 软件包

Windows Live 影像中心

Windows Live 照片库

Zend Studio 8.0.0

暗黑世界 主程式

华康字型

茎答2Online

穞堵肚弧Online

魔獸世界

桵華眳卼

神鬼传奇(正式版) 客户端

神鬼世界Online 客户端

適用遠端連線的 Windows Live Mesh ActiveX 控制項

腾讯QQ2011

小蒙恬

迅雷看看播放器

迅雷看看高清播放组件

用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)

战地之王

.

==== End Of File ===========================

[screen317]

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program in resident mode (Microsoft and Norton). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE malware to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program. Reboot.

Are you experiencing any symptoms of infection currently?

[jch02140]

Hi,

I actually have the Microsoft Security Essentials disabled and only running Norton in my system, but I have uninstall MSE and rebooted.

My systems seems to be normal as of right now. However, I am not sure if it was a virus/malware infection or just the particular installation file was bad though Anti-Malware and NIS all return no results.

I am also fear of data corruptions in my system but unsure what method I should use to check for the integrity of the the system and my files...

[screen317]

Hi,

Thanks for the update.

Open a command prompt (cmd.exe) and enter this command:

chkdsk

Press Enter. When it finishes, it will tell you if there are any errors on the hard drive.

[jch02140]

Hi,

I ran the chkdsk via the command prompt, it doesn't return any errors... but I will continue to check for a day or to and see if everything is stabled down...

Thanks

[screen317]

Okay thanks for the update.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[jch02140]

Yes. I haven't been running into any problem for the past couple of days. I guess this thread can be close for now.

If I have any more problem I will post it again.

Thanks for the help.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!