Jump to content


Photo
- - - - -

Suspicious activity


  • This topic is locked This topic is locked
22 replies to this topic

#1 warmmilk

warmmilk

    New Member

  • Members
  • Pip
  • 11 posts

Posted 28 April 2012 - 05:45 PM

My laptop has slowed down and I have noticed suspicious activity like icons being added to / moved around on my desktop.

Here is the DDS.txt file, followed by the Attach.txt file.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Shao Ping at 18:29:41 on 2012-04-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3548.2662 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norton Internet Security\Engine\19.6.1.8\WSCStub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.6.1.8\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.6.1.8\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.6.1.8\coIEPlg.dll
uRun: [Google Update] "c:\users\shao ping\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\shao ping\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979} : DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\059636B6C65637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\255575962756C6563737 : DhcpNameServer = 128.6.224.114 128.6.216.19
TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\2656C6B696E6E2160356 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\2656C6B696E6E2730383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\34D43434 : DhcpNameServer = 211.136.112.50 211.136.150.66
TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\35A796A7F627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\8415 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FE686D9C-1118-4B6D-AF90-485802F9C4E4} : DhcpNameServer = 128.6.216.19 128.6.224.114
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1306010.008\symds.sys [2012-3-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1306010.008\symefa.sys [2012-3-17 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-21 820856]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1306010.008\ccsetx86.sys [2012-3-17 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120320.002\IDSvix86.sys [2012-3-21 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1306010.008\ironx86.sys [2012-3-17 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1306010.008\symnets.sys [2012-3-17 318584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.6.1.8\ccsvchst.exe [2012-3-17 138232]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-24 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-24 49152]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-16 146528]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-10-6 232512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-16 106104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-24 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-16 13336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-16 134144]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-24 38400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-22 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-4 1343400]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-03-17 16:34:34 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:31:50.62 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/3/2011 8:25:54 AM
System Uptime: 4/28/2012 6:27:36 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 047MWF
Processor: Intel® Core™2 Duo CPU T6570 @ 2.10GHz | Microprocessor | 1197/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 105.894 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1C97BBA9&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1C97BBA9&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP214: 3/15/2012 1:01:48 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.7 - CPSID_83708
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.12 (Unicode)
BitTorrent
Bonjour
CDisplay 1.8
Conexant HD Audio
D3DX10
DAEMON Tools Lite
DC++ 0.791
Dell Edoc Viewer
Dell Touchpad
Dell Webcam Central
Diablo II
Finale 2011 Demo
Free YouTube to MP3 Converter version 3.10.11.923
Google Chrome
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Intel® TV Wizard
iTunes
Java Auto Updater
Java™ 6 Update 29
Malwarebytes Anti-Malware version 1.60.1.1000
Maple 13
MATLAB R2011a
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 Express - ENU
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Monkey's Audio
Moyea YouTube FLV Downloader version: 3.1.2.9
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Pando Media Booster
PDF Settings
Pharos
Project64 1.6
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SecureW2 Enterprise Client 3.5.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Skype™ 5.1
StarCraft
StarCraft II
SUPERAntiSpyware
System Requirements Lab CYRI
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
VLC media player 0.9.2
VoiceOver Kit
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
ZSNESw 1.51
.
==== End Of File ===========================

I hope that you can help me. In any case, thank you in advance.

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 April 2012 - 10:44 PM

Welcome to the forum

Please uninstall the somototoolbar, guide below:

http://toolbar.somot...-removal-guide/

----------------------------------

Go to your control panel > Java > Update Tab > Update Now

Java™ 6 Update 29 <--should be 32

Posted Image

---------------------------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, there not all bad!)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 warmmilk

warmmilk

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 April 2012 - 11:53 AM

Thanks for the help!

I followed the instructions for removing the Somoto Toolbar, but I couldn't find it in the list of Programs and Features. I updated Java, however, and ran Rogue Killer. Here are the results:



RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Shao Ping [Admin rights]
Mode: Scan -- Date: 04/29/2012 12:47:51

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82F20B93 -> HOOKED (Unknown @ 0x89FF7590)
SSDT[14] : NtAlertThread @ 0x82E73B80 -> HOOKED (Unknown @ 0x89FF7650)
SSDT[19] : NtAllocateVirtualMemory @ 0x82E6CB8C -> HOOKED (Unknown @ 0x89FF7E20)
SSDT[22] : NtAlpcConnectPort @ 0x82EB83CE -> HOOKED (Unknown @ 0x88A72CA8)
SSDT[43] : NtAssignProcessToJobObject @ 0x82E41F96 -> HOOKED (Unknown @ 0x898D2F90)
SSDT[74] : NtCreateMutant @ 0x82E5325A -> HOOKED (Unknown @ 0x89FF8F00)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E448B9 -> HOOKED (Unknown @ 0x89911EC0)
SSDT[87] : NtCreateThread @ 0x82F1EE36 -> HOOKED (Unknown @ 0x89FF7EF0)
SSDT[88] : NtCreateThreadEx @ 0x82EB32F4 -> HOOKED (Unknown @ 0x89911FB0)
SSDT[96] : NtDebugActiveProcess @ 0x82EF0D10 -> HOOKED (Unknown @ 0x89D96958)
SSDT[111] : NtDuplicateObject @ 0x82E7461A -> HOOKED (Unknown @ 0x89D8E310)
SSDT[131] : NtFreeVirtualMemory @ 0x82CFC4DB -> HOOKED (Unknown @ 0x89FF7C80)
SSDT[145] : NtImpersonateAnonymousToken @ 0x82E38888 -> HOOKED (Unknown @ 0x89FF8FD0)
SSDT[147] : NtImpersonateThread @ 0x82EBC7CC -> HOOKED (Unknown @ 0x89FF74B0)
SSDT[155] : NtLoadDriver @ 0x82E08BC8 -> HOOKED (Unknown @ 0x8875A588)
SSDT[168] : NtMapViewOfSection @ 0x82E894D2 -> HOOKED (Unknown @ 0x89FF7BA0)
SSDT[177] : NtOpenEvent @ 0x82E52C56 -> HOOKED (Unknown @ 0x89D94A90)
SSDT[190] : NtOpenProcess @ 0x82E54AA0 -> HOOKED (Unknown @ 0x89A38B10)
SSDT[191] : NtOpenProcessToken @ 0x82EA71CF -> HOOKED (Unknown @ 0x8A008430)
SSDT[194] : NtOpenSection @ 0x82EAC844 -> HOOKED (Unknown @ 0x88D63B78)
SSDT[198] : NtOpenThread @ 0x82EA0F55 -> HOOKED (Unknown @ 0x898FAAA0)
SSDT[215] : NtProtectVirtualMemory @ 0x82E85541 -> HOOKED (Unknown @ 0x89FF8D30)
SSDT[304] : NtResumeThread @ 0x82EB351B -> HOOKED (Unknown @ 0x89FF7710)
SSDT[316] : NtSetContextThread @ 0x82F1FF2F -> HOOKED (Unknown @ 0x89FF7950)
SSDT[333] : NtSetInformationProcess @ 0x82E7B72D -> HOOKED (Unknown @ 0x89FF7A10)
SSDT[350] : NtSetSystemInformation @ 0x82E9122C -> HOOKED (Unknown @ 0x88D63CC8)
SSDT[366] : NtSuspendProcess @ 0x82F20ACF -> HOOKED (Unknown @ 0x88D63490)
SSDT[367] : NtSuspendThread @ 0x82ED8005 -> HOOKED (Unknown @ 0x89FF77D0)
SSDT[370] : NtTerminateProcess @ 0x82E9DB8D -> HOOKED (Unknown @ 0x85AF4330)
SSDT[371] : NtTerminateThread @ 0x82EBB504 -> HOOKED (Unknown @ 0x89FF7890)
SSDT[385] : NtUnmapViewOfSection @ 0x82EA780A -> HOOKED (Unknown @ 0x89FF7AE0)
SSDT[399] : NtWriteVirtualMemory @ 0x82EA28EA -> HOOKED (Unknown @ 0x89FF7D50)
S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x88D542D0)
S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x8A007008)
S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x8A007378)
S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x88D54100)
S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x88D541E0)
S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x8A0070A8)
S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x8A007288)
S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x8A007198)
S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x88D543B0)
S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x8A0080F8)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 +++++
--- User ---
[MBR] 173d247095243941c0d3f44e2b4258f8
[BSP] 25b706d66a3bcbb64935cfa266e1d6ee : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 290205 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 12:08 PM

OK, please run TDSSKiller as outlined below:

http://forums.malwar...ndpost&p=547009

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 warmmilk

warmmilk

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 April 2012 - 12:47 PM

Here are the results from the TDSSKiller scan:



13:34:57.0974 2472 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
13:34:58.0020 2472 ============================================================
13:34:58.0020 2472 Current date / time: 2012/04/29 13:34:58.0020
13:34:58.0020 2472 SystemInfo:
13:34:58.0020 2472
13:34:58.0020 2472 OS Version: 6.1.7601 ServicePack: 1.0
13:34:58.0020 2472 Product type: Workstation
13:34:58.0020 2472 ComputerName: DOROTHY
13:34:58.0020 2472 UserName: Shao Ping
13:34:58.0020 2472 Windows directory: C:\Windows
13:34:58.0020 2472 System windows directory: C:\Windows
13:34:58.0020 2472 Processor architecture: Intel x86
13:34:58.0020 2472 Number of processors: 2
13:34:58.0020 2472 Page size: 0x1000
13:34:58.0020 2472 Boot type: Normal boot
13:34:58.0020 2472 ============================================================
13:34:59.0986 2472 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:34:59.0986 2472 Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:35:00.0002 2472 ============================================================
13:35:00.0002 2472 \Device\Harddisk0\DR0:
13:35:00.0002 2472 MBR partitions:
13:35:00.0002 2472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
13:35:00.0002 2472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
13:35:00.0002 2472 \Device\Harddisk1\DR1:
13:35:00.0002 2472 MBR partitions:
13:35:00.0002 2472 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BFFE0
13:35:00.0002 2472 ============================================================
13:35:00.0158 2472 C: <-> \Device\Harddisk0\DR0\Partition1
13:35:00.0158 2472 ============================================================
13:35:00.0158 2472 Initialize success
13:35:00.0158 2472 ============================================================
13:35:26.0881 1424 ============================================================
13:35:26.0881 1424 Scan started
13:35:26.0881 1424 Mode: Manual; SigCheck; TDLFS;
13:35:26.0881 1424 ============================================================
13:35:27.0770 1424 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:35:27.0848 1424 !SASCORE - ok
13:35:30.0656 1424 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:35:30.0812 1424 1394ohci - ok
13:35:31.0529 1424 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:35:31.0592 1424 ACPI - ok
13:35:31.0763 1424 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:35:31.0935 1424 AcpiPmi - ok
13:35:32.0138 1424 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:35:32.0481 1424 adp94xx - ok
13:35:32.0871 1424 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:35:32.0965 1424 adpahci - ok
13:35:33.0199 1424 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:35:33.0245 1424 adpu320 - ok
13:35:33.0557 1424 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:35:33.0635 1424 AeLookupSvc - ok
13:35:33.0901 1424 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:35:34.0041 1424 AFD - ok
13:35:34.0135 1424 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:35:34.0150 1424 agp440 - ok
13:35:34.0353 1424 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:35:34.0384 1424 aic78xx - ok
13:35:34.0634 1424 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:35:34.0743 1424 ALG - ok
13:35:34.0883 1424 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:35:34.0899 1424 aliide - ok
13:35:35.0164 1424 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:35:35.0211 1424 amdagp - ok
13:35:35.0351 1424 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:35:35.0367 1424 amdide - ok
13:35:35.0601 1424 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:35:35.0695 1424 AmdK8 - ok
13:35:35.0788 1424 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:35:35.0882 1424 AmdPPM - ok
13:35:35.0960 1424 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:35:35.0975 1424 amdsata - ok
13:35:36.0116 1424 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:35:36.0163 1424 amdsbs - ok
13:35:36.0225 1424 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:35:36.0241 1424 amdxata - ok
13:35:37.0177 1424 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:35:37.0255 1424 ApfiltrService - ok
13:35:37.0364 1424 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:35:37.0879 1424 AppID - ok
13:35:38.0081 1424 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:35:38.0175 1424 AppIDSvc - ok
13:35:38.0409 1424 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:35:38.0503 1424 Appinfo - ok
13:35:39.0220 1424 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:35:39.0251 1424 Apple Mobile Device - ok
13:35:39.0563 1424 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:35:39.0641 1424 AppMgmt - ok
13:35:39.0782 1424 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:35:39.0829 1424 arc - ok
13:35:39.0891 1424 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:35:39.0907 1424 arcsas - ok
13:35:40.0796 1424 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:35:40.0967 1424 aspnet_state - ok
13:35:41.0014 1424 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:35:42.0761 1424 AsyncMac - ok
13:35:42.0933 1424 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:35:42.0980 1424 atapi - ok
13:35:44.0992 1424 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
13:35:45.0507 1424 athr - ok
13:35:45.0881 1424 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:35:45.0944 1424 AudioEndpointBuilder - ok
13:35:45.0959 1424 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:35:45.0975 1424 Audiosrv - ok
13:35:46.0537 1424 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:35:46.0615 1424 AxInstSV - ok
13:35:47.0145 1424 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:35:47.0270 1424 b06bdrv - ok
13:35:47.0441 1424 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:35:47.0519 1424 b57nd60x - ok
13:35:47.0800 1424 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:35:47.0863 1424 BDESVC - ok
13:35:47.0987 1424 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:35:48.0065 1424 Beep - ok
13:35:50.0608 1424 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
13:35:50.0686 1424 BFE - ok
13:35:54.0274 1424 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
13:35:54.0321 1424 BHDrvx86 - ok
13:35:56.0614 1424 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
13:35:56.0723 1424 BITS - ok
13:35:57.0223 1424 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:35:57.0316 1424 blbdrive - ok
13:35:58.0143 1424 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:35:58.0237 1424 Bonjour Service - ok
13:35:58.0642 1424 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:35:58.0720 1424 bowser - ok
13:35:58.0845 1424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:35:58.0892 1424 BrFiltLo - ok
13:35:58.0923 1424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:35:59.0032 1424 BrFiltUp - ok
13:35:59.0563 1424 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:35:59.0625 1424 Browser - ok
13:36:00.0093 1424 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:36:00.0202 1424 Brserid - ok
13:36:00.0608 1424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:36:00.0686 1424 BrSerWdm - ok
13:36:00.0779 1424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:36:00.0842 1424 BrUsbMdm - ok
13:36:00.0920 1424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:36:01.0029 1424 BrUsbSer - ok
13:36:01.0341 1424 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:36:01.0435 1424 BTHMODEM - ok
13:36:01.0559 1424 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:36:01.0637 1424 bthserv - ok
13:36:02.0105 1424 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1306010.008\ccSetx86.sys
13:36:02.0137 1424 ccSet_NIS - ok
13:36:02.0527 1424 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:36:02.0636 1424 cdfs - ok
13:36:03.0385 1424 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:36:03.0463 1424 cdrom - ok
13:36:03.0837 1424 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:36:03.0931 1424 CertPropSvc - ok
13:36:04.0009 1424 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:36:04.0071 1424 circlass - ok
13:36:04.0477 1424 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:36:04.0523 1424 CLFS - ok
13:36:05.0475 1424 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:05.0553 1424 clr_optimization_v2.0.50727_32 - ok
13:36:05.0943 1424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:06.0317 1424 clr_optimization_v4.0.30319_32 - ok
13:36:06.0395 1424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:36:06.0458 1424 CmBatt - ok
13:36:06.0551 1424 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:36:06.0567 1424 cmdide - ok
13:36:07.0347 1424 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:36:07.0597 1424 CNG - ok
13:36:08.0345 1424 CnxtHdAudService (053f7c2624d5b0ff60f1f372c4ac2fe7) C:\Windows\system32\drivers\CHDRT32.sys
13:36:08.0408 1424 CnxtHdAudService - ok
13:36:08.0579 1424 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:36:08.0595 1424 Compbatt - ok
13:36:08.0798 1424 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:36:08.0860 1424 CompositeBus - ok
13:36:08.0907 1424 COMSysApp - ok
13:36:09.0094 1424 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:36:09.0157 1424 crcdisk - ok
13:36:10.0061 1424 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
13:36:10.0139 1424 CryptSvc - ok
13:36:10.0498 1424 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:36:10.0592 1424 CSC - ok
13:36:10.0997 1424 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:36:11.0075 1424 CscService - ok
13:36:11.0855 1424 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
13:36:11.0980 1424 CtAudDrv - ok
13:36:12.0448 1424 CtClsFlt (ceba8413f9b2c73a4e9e16dbd127dc25) C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:36:12.0511 1424 CtClsFlt - ok
13:36:13.0197 1424 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:36:13.0275 1424 DcomLaunch - ok
13:36:13.0415 1424 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:36:13.0556 1424 defragsvc - ok
13:36:14.0039 1424 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:36:14.0102 1424 DfsC - ok
13:36:14.0507 1424 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:36:14.0570 1424 Dhcp - ok
13:36:14.0788 1424 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:36:14.0897 1424 discache - ok
13:36:15.0334 1424 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:36:15.0350 1424 Disk - ok
13:36:15.0911 1424 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:36:15.0958 1424 Dnscache - ok
13:36:17.0471 1424 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:36:17.0565 1424 dot3svc - ok
13:36:18.0595 1424 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:36:18.0766 1424 DPS - ok
13:36:18.0844 1424 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:36:18.0891 1424 drmkaud - ok
13:36:20.0404 1424 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:36:20.0451 1424 dtsoftbus01 - ok
13:36:23.0165 1424 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:36:23.0212 1424 DXGKrnl - ok
13:36:23.0337 1424 EagleNT - ok
13:36:23.0431 1424 EagleXNt - ok
13:36:23.0758 1424 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:36:23.0836 1424 EapHost - ok
13:36:24.0507 1424 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:36:24.0694 1424 ebdrv - ok
13:36:25.0599 1424 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:36:25.0630 1424 eeCtrl - ok
13:36:26.0379 1424 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:36:26.0473 1424 EFS - ok
13:36:27.0020 1424 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:36:27.0113 1424 ehRecvr - ok
13:36:27.0488 1424 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:36:27.0566 1424 ehSched - ok
13:36:28.0751 1424 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:36:28.0845 1424 elxstor - ok
13:36:29.0874 1424 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:36:29.0906 1424 EraserUtilRebootDrv - ok
13:36:29.0984 1424 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:36:30.0030 1424 ErrDev - ok
13:36:31.0606 1424 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:36:31.0715 1424 EventSystem - ok
13:36:32.0526 1424 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:36:32.0604 1424 exfat - ok
13:36:33.0431 1424 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:36:33.0540 1424 fastfat - ok
13:36:33.0821 1424 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:36:33.0946 1424 Fax - ok
13:36:33.0977 1424 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:36:34.0086 1424 fdc - ok
13:36:34.0258 1424 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:36:34.0430 1424 fdPHost - ok
13:36:34.0679 1424 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:36:34.0757 1424 FDResPub - ok
13:36:34.0835 1424 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:36:34.0851 1424 FileInfo - ok
13:36:34.0898 1424 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:36:34.0944 1424 Filetrace - ok
13:36:35.0334 1424 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:36:35.0428 1424 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:36:35.0428 1424 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:36:35.0600 1424 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:35.0678 1424 flpydisk - ok
13:36:36.0192 1424 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:36:36.0224 1424 FltMgr - ok
13:36:36.0707 1424 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:36:36.0801 1424 FontCache - ok
13:36:37.0331 1424 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:36:37.0378 1424 FontCache3.0.0.0 - ok
13:36:37.0643 1424 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:36:37.0706 1424 FsDepends - ok
13:36:37.0815 1424 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:36:37.0830 1424 Fs_Rec - ok
13:36:38.0127 1424 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:36:38.0158 1424 fvevol - ok
13:36:38.0532 1424 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:36:38.0610 1424 gagp30kx - ok
13:36:38.0844 1424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:36:38.0860 1424 GEARAspiWDM - ok
13:36:38.0969 1424 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:36:39.0063 1424 gpsvc - ok
13:36:39.0250 1424 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:36:39.0344 1424 hcw85cir - ok
13:36:39.0749 1424 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:36:39.0843 1424 HdAudAddService - ok
13:36:39.0936 1424 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:36:39.0983 1424 HDAudBus - ok
13:36:40.0046 1424 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:36:40.0077 1424 HidBatt - ok
13:36:40.0248 1424 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:36:40.0326 1424 HidBth - ok
13:36:40.0389 1424 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:36:40.0451 1424 HidIr - ok
13:36:40.0514 1424 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
13:36:40.0592 1424 hidserv - ok
13:36:40.0670 1424 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
13:36:40.0732 1424 HidUsb - ok
13:36:40.0794 1424 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:36:40.0872 1424 hkmsvc - ok
13:36:40.0950 1424 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:36:41.0028 1424 HomeGroupListener - ok
13:36:41.0122 1424 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:36:41.0169 1424 HomeGroupProvider - ok
13:36:41.0231 1424 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:36:41.0262 1424 HpSAMD - ok
13:36:41.0387 1424 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
13:36:41.0465 1424 HsfXAudioService - ok
13:36:41.0637 1424 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:36:41.0715 1424 HSF_DPV - ok
13:36:41.0777 1424 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:36:41.0824 1424 HSXHWAZL - ok
13:36:41.0949 1424 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:36:41.0996 1424 HTTP - ok
13:36:42.0058 1424 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:36:42.0074 1424 hwpolicy - ok
13:36:42.0136 1424 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:36:42.0183 1424 i8042prt - ok
13:36:42.0308 1424 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
13:36:42.0339 1424 iaStor - ok
13:36:42.0526 1424 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:36:42.0557 1424 IAStorDataMgrSvc - ok
13:36:42.0620 1424 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:36:42.0666 1424 iaStorV - ok
13:36:44.0367 1424 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:36:44.0476 1424 idsvc - ok
13:36:45.0677 1424 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120320.002\IDSvix86.sys
13:36:45.0708 1424 IDSVix86 - ok
13:36:47.0268 1424 igfx (37f7e45253000ac41a1f520a62d4ebe2) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:36:47.0627 1424 igfx - ok
13:36:47.0986 1424 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:36:48.0017 1424 iirsp - ok
13:36:48.0282 1424 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:36:48.0407 1424 IKEEXT - ok
13:36:48.0672 1424 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:36:48.0735 1424 intelide - ok
13:36:48.0844 1424 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:36:48.0906 1424 intelppm - ok
13:36:49.0016 1424 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:36:49.0094 1424 IPBusEnum - ok
13:36:49.0250 1424 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:49.0312 1424 IpFilterDriver - ok
13:36:49.0421 1424 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
13:36:49.0499 1424 iphlpsvc - ok
13:36:49.0562 1424 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:36:49.0624 1424 IPMIDRV - ok
13:36:49.0686 1424 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:36:49.0780 1424 IPNAT - ok
13:36:49.0983 1424 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
13:36:50.0076 1424 iPod Service - ok
13:36:50.0123 1424 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:36:50.0186 1424 IRENUM - ok
13:36:50.0264 1424 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:36:50.0279 1424 isapnp - ok
13:36:50.0342 1424 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:36:50.0373 1424 iScsiPrt - ok
13:36:50.0794 1424 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:36:50.0810 1424 kbdclass - ok
13:36:51.0137 1424 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:36:51.0246 1424 kbdhid - ok
13:36:51.0278 1424 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:36:51.0309 1424 KeyIso - ok
13:36:51.0356 1424 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:36:51.0371 1424 KSecDD - ok
13:36:51.0418 1424 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:36:51.0434 1424 KSecPkg - ok
13:36:51.0652 1424 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:36:51.0746 1424 KtmRm - ok
13:36:51.0824 1424 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
13:36:51.0886 1424 LanmanServer - ok
13:36:52.0073 1424 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:36:52.0167 1424 LanmanWorkstation - ok
13:36:52.0260 1424 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:36:52.0307 1424 lltdio - ok
13:36:52.0370 1424 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:36:52.0416 1424 lltdsvc - ok
13:36:52.0448 1424 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:36:52.0479 1424 lmhosts - ok
13:36:52.0557 1424 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:36:52.0572 1424 LSI_FC - ok
13:36:52.0619 1424 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:36:52.0650 1424 LSI_SAS - ok
13:36:52.0666 1424 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:36:52.0682 1424 LSI_SAS2 - ok
13:36:53.0321 1424 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:36:53.0384 1424 LSI_SCSI - ok
13:36:53.0462 1424 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:36:53.0508 1424 luafv - ok
13:36:53.0602 1424 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:36:53.0618 1424 Mcx2Svc - ok
13:36:53.0742 1424 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:36:53.0774 1424 mdmxsdk - ok
13:36:53.0805 1424 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:36:53.0836 1424 megasas - ok
13:36:53.0914 1424 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:36:53.0945 1424 MegaSR - ok
13:36:54.0398 1424 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:36:54.0476 1424 MMCSS - ok
13:36:54.0725 1424 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:36:54.0819 1424 Modem - ok
13:36:54.0866 1424 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:36:54.0912 1424 monitor - ok
13:36:54.0990 1424 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:36:55.0006 1424 mouclass - ok
13:36:55.0084 1424 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:36:55.0131 1424 mouhid - ok
13:36:55.0193 1424 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:36:55.0209 1424 mountmgr - ok
13:36:56.0223 1424 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:36:56.0285 1424 mpio - ok
13:36:56.0472 1424 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:36:56.0566 1424 mpsdrv - ok
13:36:56.0769 1424 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
13:36:56.0847 1424 MpsSvc - ok
13:36:57.0861 1424 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:36:57.0970 1424 MRxDAV - ok
13:36:58.0032 1424 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:58.0126 1424 mrxsmb - ok
13:36:58.0438 1424 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:58.0500 1424 mrxsmb10 - ok
13:36:58.0516 1424 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:58.0563 1424 mrxsmb20 - ok
13:36:58.0610 1424 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:36:58.0625 1424 msahci - ok
13:36:58.0688 1424 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:36:58.0703 1424 msdsm - ok
13:36:58.0750 1424 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:36:58.0797 1424 MSDTC - ok
13:36:58.0844 1424 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:36:58.0890 1424 Msfs - ok
13:36:58.0922 1424 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:36:58.0984 1424 mshidkmdf - ok
13:36:59.0109 1424 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:36:59.0140 1424 msisadrv - ok
13:36:59.0936 1424 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:37:00.0045 1424 MSiSCSI - ok
13:37:00.0045 1424 msiserver - ok
13:37:00.0092 1424 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:37:00.0170 1424 MSKSSRV - ok
13:37:00.0201 1424 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:37:00.0248 1424 MSPCLOCK - ok
13:37:00.0310 1424 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:37:00.0388 1424 MSPQM - ok
13:37:00.0528 1424 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:37:00.0560 1424 MsRPC - ok
13:37:00.0669 1424 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:37:00.0700 1424 mssmbios - ok
13:37:00.0778 1424 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:37:00.0825 1424 MSTEE - ok
13:37:00.0856 1424 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:37:00.0903 1424 MTConfig - ok
13:37:00.0934 1424 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:37:00.0950 1424 Mup - ok
13:37:01.0121 1424 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:37:01.0215 1424 napagent - ok
13:37:01.0558 1424 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:37:01.0605 1424 NativeWifiP - ok
13:37:01.0948 1424 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVENG.SYS
13:37:01.0979 1424 NAVENG - ok
13:37:04.0491 1424 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVEX15.SYS
13:37:04.0616 1424 NAVEX15 - ok
13:37:05.0271 1424 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:37:05.0333 1424 NDIS - ok
13:37:05.0505 1424 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:37:05.0630 1424 NdisCap - ok
13:37:05.0676 1424 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:37:05.0754 1424 NdisTapi - ok
13:37:05.0832 1424 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:37:05.0895 1424 Ndisuio - ok
13:37:05.0957 1424 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:37:06.0020 1424 NdisWan - ok
13:37:06.0066 1424 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:37:06.0113 1424 NDProxy - ok
13:37:06.0176 1424 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:37:06.0238 1424 NetBIOS - ok
13:37:06.0332 1424 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:37:06.0425 1424 NetBT - ok
13:37:06.0503 1424 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:37:06.0534 1424 Netlogon - ok
13:37:06.0644 1424 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:37:06.0706 1424 Netman - ok
13:37:08.0188 1424 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:08.0313 1424 NetMsmqActivator - ok
13:37:08.0360 1424 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:08.0375 1424 NetPipeActivator - ok
13:37:08.0859 1424 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:37:08.0921 1424 netprofm - ok
13:37:08.0968 1424 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:08.0984 1424 NetTcpActivator - ok
13:37:08.0984 1424 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:08.0999 1424 NetTcpPortSharing - ok
13:37:09.0062 1424 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:37:09.0093 1424 nfrd960 - ok
13:37:10.0497 1424 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
13:37:10.0559 1424 NIS - ok
13:37:10.0653 1424 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:37:10.0731 1424 NlaSvc - ok
13:37:10.0762 1424 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:37:10.0809 1424 Npfs - ok
13:37:10.0856 1424 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:37:10.0934 1424 nsi - ok
13:37:10.0949 1424 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:37:11.0012 1424 nsiproxy - ok
13:37:11.0417 1424 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:37:11.0495 1424 Ntfs - ok
13:37:11.0948 1424 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:37:12.0041 1424 Null - ok
13:37:12.0821 1424 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:37:12.0899 1424 nvraid - ok
13:37:12.0977 1424 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:37:12.0993 1424 nvstor - ok
13:37:13.0305 1424 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:37:13.0367 1424 nv_agp - ok
13:37:14.0693 1424 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:37:14.0724 1424 odserv - ok
13:37:14.0771 1424 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:37:14.0834 1424 ohci1394 - ok
13:37:14.0927 1424 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:37:14.0958 1424 ose - ok
13:37:15.0005 1424 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:37:15.0083 1424 p2pimsvc - ok
13:37:15.0302 1424 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:37:15.0380 1424 p2psvc - ok
13:37:15.0536 1424 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:37:15.0567 1424 Parport - ok
13:37:15.0614 1424 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:37:15.0629 1424 partmgr - ok
13:37:15.0754 1424 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:37:15.0816 1424 Parvdm - ok
13:37:15.0879 1424 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:37:15.0910 1424 PcaSvc - ok
13:37:15.0972 1424 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:37:16.0004 1424 pci - ok
13:37:16.0050 1424 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:37:16.0082 1424 pciide - ok
13:37:16.0144 1424 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:37:16.0206 1424 pcmcia - ok
13:37:16.0238 1424 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:37:16.0253 1424 pcw - ok
13:37:16.0487 1424 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:37:16.0550 1424 PEAUTH - ok
13:37:16.0784 1424 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:37:16.0877 1424 PeerDistSvc - ok
13:37:17.0408 1424 Pharos Systems ComTaskMaster (bd24e98e6546adf6a31a41485483eb6c) C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
13:37:17.0470 1424 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - warning
13:37:17.0470 1424 Pharos Systems ComTaskMaster - detected UnsignedFile.Multi.Generic (1)
13:37:18.0281 1424 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:37:18.0422 1424 pla - ok
13:37:19.0108 1424 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:37:19.0171 1424 PlugPlay - ok
13:37:19.0217 1424 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:37:19.0249 1424 PNRPAutoReg - ok
13:37:19.0327 1424 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:37:19.0358 1424 PNRPsvc - ok
13:37:19.0514 1424 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:37:19.0607 1424 PolicyAgent - ok
13:37:19.0732 1424 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:37:19.0795 1424 Power - ok
13:37:19.0904 1424 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:37:19.0982 1424 PptpMiniport - ok
13:37:20.0029 1424 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:37:20.0075 1424 Processor - ok
13:37:20.0138 1424 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
13:37:20.0185 1424 ProfSvc - ok
13:37:20.0231 1424 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:37:20.0247 1424 ProtectedStorage - ok
13:37:20.0309 1424 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:37:20.0387 1424 Psched - ok
13:37:20.0450 1424 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
13:37:20.0465 1424 PxHelp20 - ok
13:37:23.0320 1424 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:37:23.0414 1424 ql2300 - ok
13:37:24.0116 1424 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:37:24.0163 1424 ql40xx - ok
13:37:24.0225 1424 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:37:24.0272 1424 QWAVE - ok
13:37:24.0334 1424 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:37:24.0365 1424 QWAVEdrv - ok
13:37:24.0397 1424 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:37:24.0459 1424 RasAcd - ok
13:37:24.0521 1424 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:37:24.0568 1424 RasAgileVpn - ok
13:37:24.0615 1424 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:37:24.0662 1424 RasAuto - ok
13:37:24.0709 1424 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:37:24.0771 1424 Rasl2tp - ok
13:37:24.0896 1424 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:37:24.0974 1424 RasMan - ok
13:37:25.0052 1424 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:37:25.0099 1424 RasPppoe - ok
13:37:25.0130 1424 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:37:25.0177 1424 RasSstp - ok
13:37:25.0270 1424 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:37:25.0348 1424 rdbss - ok
13:37:25.0426 1424 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:37:25.0457 1424 rdpbus - ok
13:37:25.0489 1424 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:37:25.0567 1424 RDPCDD - ok
13:37:26.0066 1424 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:37:26.0159 1424 RDPDR - ok
13:37:26.0206 1424 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:37:26.0269 1424 RDPENCDD - ok
13:37:26.0284 1424 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:37:26.0362 1424 RDPREFMP - ok
13:37:26.0425 1424 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
13:37:26.0456 1424 RDPWD - ok
13:37:26.0518 1424 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:37:26.0534 1424 rdyboost - ok
13:37:26.0627 1424 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:37:26.0705 1424 RemoteAccess - ok
13:37:26.0861 1424 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:37:26.0924 1424 RemoteRegistry - ok
13:37:27.0033 1424 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:37:27.0049 1424 rimmptsk - ok
13:37:27.0095 1424 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys
13:37:27.0142 1424 rimspci - ok
13:37:27.0189 1424 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:37:27.0236 1424 rimsptsk - ok
13:37:27.0267 1424 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys
13:37:27.0329 1424 risdpcie - ok
13:37:27.0392 1424 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:37:27.0423 1424 rismxdp - ok
13:37:27.0454 1424 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys
13:37:27.0501 1424 rixdpcie - ok
13:37:27.0548 1424 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:37:27.0610 1424 RpcEptMapper - ok
13:37:27.0673 1424 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:37:27.0719 1424 RpcLocator - ok
13:37:27.0829 1424 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:37:27.0875 1424 RpcSs - ok
13:37:27.0938 1424 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:37:27.0969 1424 rspndr - ok
13:37:28.0047 1424 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
13:37:28.0109 1424 RTL8167 - ok
13:37:28.0156 1424 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:37:28.0203 1424 s3cap - ok
13:37:28.0250 1424 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:37:28.0281 1424 SamSs - ok
13:37:28.0453 1424 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:37:28.0468 1424 SASDIFSV - ok
13:37:28.0546 1424 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:37:28.0577 1424 SASKUTIL - ok
13:37:28.0640 1424 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:37:28.0655 1424 sbp2port - ok
13:37:28.0733 1424 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:37:28.0780 1424 SCardSvr - ok
13:37:28.0811 1424 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:37:28.0874 1424 scfilter - ok
13:37:29.0170 1424 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:37:29.0248 1424 Schedule - ok
13:37:29.0311 1424 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:37:29.0357 1424 SCPolicySvc - ok
13:37:29.0404 1424 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:37:29.0467 1424 SDRSVC - ok
13:37:29.0529 1424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:37:29.0607 1424 secdrv - ok
13:37:29.0669 1424 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:37:29.0732 1424 seclogon - ok
13:37:29.0825 1424 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
13:37:29.0919 1424 SENS - ok
13:37:29.0966 1424 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:37:30.0013 1424 SensrSvc - ok
13:37:30.0044 1424 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:37:30.0091 1424 Serenum - ok
13:37:30.0278 1424 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:37:30.0309 1424 Serial - ok
13:37:30.0434 1424 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:37:30.0481 1424 sermouse - ok
13:37:30.0746 1424 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:37:30.0855 1424 SessionEnv - ok
13:37:30.0917 1424 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:37:30.0964 1424 sffdisk - ok
13:37:31.0027 1424 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:37:31.0058 1424 sffp_mmc - ok
13:37:31.0167 1424 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:37:31.0245 1424 sffp_sd - ok
13:37:31.0307 1424 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:37:31.0339 1424 sfloppy - ok
13:37:31.0417 1424 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:37:31.0495 1424 SharedAccess - ok
13:37:31.0729 1424 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:37:31.0791 1424 ShellHWDetection - ok
13:37:32.0197 1424 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:37:32.0259 1424 sisagp - ok
13:37:32.0306 1424 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:37:32.0337 1424 SiSRaid2 - ok
13:37:32.0368 1424 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:37:32.0384 1424 SiSRaid4 - ok
13:37:32.0415 1424 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:37:32.0462 1424 Smb - ok
13:37:32.0524 1424 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:37:32.0540 1424 SNMPTRAP - ok
13:37:32.0555 1424 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:37:32.0555 1424 spldr - ok
13:37:33.0460 1424 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:37:33.0554 1424 Spooler - ok
13:37:34.0069 1424 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:37:34.0225 1424 sppsvc - ok
13:37:34.0552 1424 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:37:34.0599 1424 sppuinotify - ok
13:37:36.0221 1424 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\NIS\1306010.008\SRTSP.SYS
13:37:36.0299 1424 SRTSP - ok
13:37:36.0346 1424 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\NIS\1306010.008\SRTSPX.SYS
13:37:36.0377 1424 SRTSPX - ok
13:37:36.0611 1424 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:37:36.0689 1424 srv - ok
13:37:36.0736 1424 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:37:36.0783 1424 srv2 - ok
13:37:36.0830 1424 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:37:36.0845 1424 srvnet - ok
13:37:36.0923 1424 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:37:36.0970 1424 SSDPSRV - ok
13:37:37.0001 1424 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:37:37.0064 1424 SstpSvc - ok
13:37:37.0126 1424 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:37:37.0142 1424 stexstor - ok
13:37:37.0282 1424 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:37:37.0376 1424 StiSvc - ok
13:37:37.0547 1424 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:37:37.0563 1424 stllssvr - ok
13:37:37.0610 1424 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:37:37.0625 1424 storflt - ok
13:37:37.0688 1424 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
13:37:37.0719 1424 StorSvc - ok
13:37:37.0750 1424 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:37:37.0781 1424 storvsc - ok
13:37:37.0813 1424 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:37:37.0844 1424 swenum - ok
13:37:38.0140 1424 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:37:38.0234 1424 swprv - ok
13:37:39.0045 1424 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1306010.008\SYMDS.SYS
13:37:39.0092 1424 SymDS - ok
13:37:39.0263 1424 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1306010.008\SYMEFA.SYS
13:37:39.0310 1424 SymEFA - ok
13:37:39.0419 1424 SymEvent (555fb450fe6908600310e990738b41d6) C:\Windows\system32\Drivers\SYMEVENT.SYS
13:37:39.0451 1424 SymEvent - ok
13:37:39.0513 1424 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1306010.008\Ironx86.SYS
13:37:39.0544 1424 SymIRON - ok
13:37:39.0622 1424 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\NIS\1306010.008\SYMNETS.SYS
13:37:39.0669 1424 SymNetS - ok
13:37:39.0841 1424 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:37:39.0919 1424 SysMain - ok
13:37:39.0981 1424 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:37:40.0012 1424 TabletInputService - ok
13:37:40.0059 1424 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:37:40.0137 1424 TapiSrv - ok
13:37:40.0199 1424 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:37:40.0262 1424 TBS - ok
13:37:40.0543 1424 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:37:40.0621 1424 Tcpip - ok
13:37:41.0104 1424 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:37:41.0151 1424 TCPIP6 - ok
13:37:41.0681 1424 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:37:41.0759 1424 tcpipreg - ok
13:37:41.0915 1424 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:37:41.0993 1424 TDPIPE - ok
13:37:42.0118 1424 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:37:42.0134 1424 TDTCP - ok
13:37:42.0181 1424 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:37:42.0259 1424 tdx - ok
13:37:42.0305 1424 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:37:42.0321 1424 TermDD - ok
13:37:42.0555 1424 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:37:42.0617 1424 TermService - ok
13:37:42.0820 1424 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:37:42.0867 1424 Themes - ok
13:37:42.0898 1424 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:37:42.0929 1424 THREADORDER - ok
13:37:42.0976 1424 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:37:43.0039 1424 TrkWks - ok
13:37:43.0148 1424 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:37:43.0210 1424 TrustedInstaller - ok
13:37:43.0257 1424 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:37:43.0319 1424 tssecsrv - ok
13:37:43.0397 1424 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:37:43.0429 1424 TsUsbFlt - ok
13:37:43.0491 1424 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:37:43.0569 1424 tunnel - ok
13:37:43.0616 1424 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:37:43.0631 1424 uagp35 - ok
13:37:43.0709 1424 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:37:43.0787 1424 udfs - ok
13:37:43.0834 1424 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:37:43.0881 1424 UI0Detect - ok
13:37:43.0943 1424 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:37:43.0959 1424 uliagpkx - ok
13:37:44.0021 1424 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:37:44.0068 1424 umbus - ok
13:37:44.0115 1424 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:37:44.0162 1424 UmPass - ok
13:37:44.0209 1424 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:37:44.0271 1424 UmRdpService - ok
13:37:44.0333 1424 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:37:44.0396 1424 upnphost - ok
13:37:44.0458 1424 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:37:44.0489 1424 USBAAPL - ok
13:37:44.0599 1424 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
13:37:44.0661 1424 usbaudio - ok
13:37:45.0113 1424 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:37:45.0191 1424 usbccgp - ok
13:37:45.0254 1424 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:37:45.0285 1424 usbcir - ok
13:37:45.0316 1424 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
13:37:45.0332 1424 usbehci - ok
13:37:45.0394 1424 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:37:45.0457 1424 usbhub - ok
13:37:45.0503 1424 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:37:45.0550 1424 usbohci - ok
13:37:45.0597 1424 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:37:45.0628 1424 usbprint - ok
13:37:46.0096 1424 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:37:46.0174 1424 USBSTOR - ok
13:37:46.0221 1424 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
13:37:46.0237 1424 usbuhci - ok
13:37:46.0330 1424 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
13:37:46.0361 1424 usbvideo - ok
13:37:46.0393 1424 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:37:46.0439 1424 UxSms - ok
13:37:46.0471 1424 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:37:46.0486 1424 VaultSvc - ok
13:37:46.0705 1424 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:37:46.0720 1424 vdrvroot - ok
13:37:46.0798 1424 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:37:46.0892 1424 vds - ok
13:37:46.0939 1424 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:37:46.0985 1424 vga - ok
13:37:47.0017 1424 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:37:47.0063 1424 VgaSave - ok
13:37:47.0095 1424 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:37:47.0110 1424 vhdmp - ok
13:37:47.0173 1424 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:37:47.0188 1424 viaagp - ok
13:37:47.0235 1424 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:37:47.0282 1424 ViaC7 - ok
13:37:47.0422 1424 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:37:47.0485 1424 viaide - ok
13:37:47.0609 1424 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:37:47.0641 1424 vmbus - ok
13:37:47.0672 1424 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:37:47.0687 1424 VMBusHID - ok
13:37:47.0781 1424 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:37:47.0797 1424 volmgr - ok
13:37:47.0937 1424 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:37:47.0953 1424 volmgrx - ok
13:37:48.0062 1424 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:37:48.0077 1424 volsnap - ok
13:37:48.0155 1424 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:37:48.0187 1424 vsmraid - ok
13:37:51.0494 1424 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:37:51.0619 1424 VSS - ok
13:37:51.0743 1424 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:37:51.0837 1424 vwifibus - ok
13:37:51.0899 1424 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:37:51.0931 1424 vwififlt - ok
13:37:51.0993 1424 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
13:37:52.0024 1424 vwifimp - ok
13:37:52.0102 1424 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:37:52.0211 1424 W32Time - ok
13:37:52.0352 1424 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:37:52.0430 1424 WacomPen - ok
13:37:52.0492 1424 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:52.0555 1424 WANARP - ok
13:37:52.0555 1424 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:52.0601 1424 Wanarpv6 - ok
13:37:52.0664 1424 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
13:37:52.0679 1424 wanatw - ok
13:37:52.0929 1424 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
13:37:53.0007 1424 WatAdminSvc - ok
13:37:53.0366 1424 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:37:53.0444 1424 wbengine - ok
13:37:53.0522 1424 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:37:53.0569 1424 WbioSrvc - ok
13:37:53.0725 1424 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:37:53.0771 1424 wcncsvc - ok
13:37:53.0834 1424 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:37:53.0881 1424 WcsPlugInService - ok
13:37:54.0115 1424 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:37:54.0146 1424 Wd - ok
13:37:54.0224 1424 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:37:54.0255 1424 Wdf01000 - ok
13:37:54.0333 1424 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:37:54.0364 1424 WdiServiceHost - ok
13:37:54.0364 1424 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:37:54.0395 1424 WdiSystemHost - ok
13:37:54.0473 1424 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:37:54.0536 1424 WebClient - ok
13:37:54.0614 1424 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:37:54.0661 1424 Wecsvc - ok
13:37:54.0707 1424 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:37:54.0785 1424 wercplsupport - ok
13:37:54.0910 1424 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:37:54.0957 1424 WerSvc - ok
13:37:54.0988 1424 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:37:55.0035 1424 WfpLwf - ok
13:37:55.0191 1424 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:37:55.0222 1424 WIMMount - ok
13:37:55.0394 1424 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:37:55.0456 1424 winachsf - ok
13:37:55.0706 1424 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:37:55.0753 1424 WinDefend - ok
13:37:55.0768 1424 WinHttpAutoProxySvc - ok
13:37:56.0330 1424 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:37:56.0377 1424 Winmgmt - ok
13:37:56.0595 1424 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:37:56.0720 1424 WinRM - ok
13:37:56.0891 1424 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:37:56.0985 1424 Wlansvc - ok
13:37:57.0391 1424 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:37:57.0484 1424 wlidsvc - ok
13:37:58.0171 1424 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:37:58.0202 1424 WmiAcpi - ok
13:37:58.0436 1424 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:37:58.0467 1424 wmiApSrv - ok
13:37:58.0748 1424 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:37:58.0841 1424 WMPNetworkSvc - ok
13:37:59.0481 1424 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:37:59.0528 1424 WPCSvc - ok
13:37:59.0746 1424 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:37:59.0809 1424 WPDBusEnum - ok
13:38:00.0136 1424 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:38:00.0214 1424 ws2ifsl - ok
13:38:00.0277 1424 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
13:38:00.0323 1424 wscsvc - ok
13:38:00.0339 1424 WSearch - ok
13:38:00.0729 1424 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
13:38:00.0838 1424 wuauserv - ok
13:38:01.0400 1424 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:38:01.0478 1424 WudfPf - ok
13:38:02.0336 1424 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:38:02.0429 1424 WUDFRd - ok
13:38:02.0851 1424 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:38:02.0929 1424 wudfsvc - ok
13:38:03.0116 1424 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:38:03.0194 1424 WwanSvc - ok
13:38:03.0288 1424 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
13:38:03.0304 1424 XAudio - ok
13:38:03.0351 1424 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:38:12.0524 1424 \Device\Harddisk0\DR0 - ok
13:38:12.0524 1424 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:38:15.0222 1424 \Device\Harddisk1\DR1 - ok
13:38:15.0316 1424 Boot (0x1200) (b1d0de5a64207e1c81346c7cc0ec13ca) \Device\Harddisk0\DR0\Partition0
13:38:15.0316 1424 \Device\Harddisk0\DR0\Partition0 - ok
13:38:15.0332 1424 Boot (0x1200) (8154a281a282b3d2390b782c1e7ec85b) \Device\Harddisk0\DR0\Partition1
13:38:15.0347 1424 \Device\Harddisk0\DR0\Partition1 - ok
13:38:15.0347 1424 Boot (0x1200) (4a11ac5541047f228f419f029fb3a78a) \Device\Harddisk1\DR1\Partition0
13:38:15.0347 1424 \Device\Harddisk1\DR1\Partition0 - ok
13:38:15.0347 1424 ============================================================
13:38:15.0347 1424 Scan finished
13:38:15.0347 1424 ============================================================
13:38:15.0363 0624 Detected object count: 2
13:38:15.0363 0624 Actual detected object count: 2
13:39:42.0683 0624 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:42.0683 0624 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:39:42.0683 0624 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:42.0683 0624 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - User select action: Skip

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 01:01 PM

OK, that scan was clean.

Please run ComboFix as outlined in the link below:

http://forums.malwar...ndpost&p=546430

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 warmmilk

warmmilk

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 April 2012 - 02:15 PM

Here are the results from the ComboFix scan:



ComboFix 12-04-29.02 - Shao Ping 04/29/2012 14:30:53.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3548.2479 [GMT -4:00]
Running from: c:\users\Shao Ping\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 16:44 . 2012-04-29 16:44 -------- d-----w- c:\program files\Common Files\Java
2012-04-29 16:43 . 2012-04-29 16:43 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 16:43 . 2010-12-16 15:40 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-17 16:34 . 2012-03-16 17:35 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-23 13:18 . 2011-01-03 14:56 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-13 20:35 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 20:35 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 20:35 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 03:08 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-08 06:03 . 2012-03-16 17:31 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70E2240A-B207-42CC-984B-334030BFAD41}\mpengine.dll
2012-02-03 03:54 . 2012-03-14 03:08 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-09-07 19:53 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2010-08-20 00:06 487562 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 19:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-04 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1306010.008\SYMDS.SYS [2011-07-26 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1306010.008\SYMEFA.SYS [2012-01-17 905336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-02 820856]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1306010.008\ccSetx86.sys [2011-11-29 132744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120320.002\IDSvix86.sys [2012-03-15 368248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1306010.008\Ironx86.SYS [2012-01-17 149624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1306010.008\SYMNETS.SYS [2012-01-17 318584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe [2012-01-17 138232]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-06-30 49152]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-07 232512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-16 106104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596668224-3071289805-285712935-1000Core.job
- c:\users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 03:29]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596668224-3071289805-285712935-1000UA.job
- c:\users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 03:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Shao Ping\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Akamai NetSession Interface - c:\users\Shao Ping\AppData\Local\Akamai\netsession_win.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.6.1.8\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-29 14:50:07
ComboFix-quarantined-files.txt 2012-04-29 18:50
.
Pre-Run: 113,130,811,392 bytes free
Post-Run: 113,957,761,024 bytes free
.
- - End Of File - - 6FDD721BC5598CAB163896B6B47B07A8

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 02:53 PM

Not much showing....

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 warmmilk

warmmilk

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 April 2012 - 03:29 PM

The results from the OTL scan:




OTL logfile created on: 4/29/2012 4:12:50 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Shao Ping\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 80.06% Memory free
6.93 Gb Paging File | 6.25 Gb Available in Paging File | 90.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 106.24 Gb Free Space | 37.49% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.03 Gb Free Space | 54.92% Space Free | Partition Type: FAT

Computer Name: DOROTHY | User Name: Shao Ping | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/29 16:09:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Shao Ping\Desktop\OTL.exe
PRC - [2012/01/17 02:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/08 12:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/06/04 03:29:14 | 000,292,208 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/05/31 05:57:12 | 000,056,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/31 02:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 02:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 15:46:49 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\87c77503e0f629a8c99765285fa25c76\IAStorUtil.ni.dll
MOD - [2012/02/15 15:33:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 15:32:46 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 15:32:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 15:32:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 15:32:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 15:31:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/12 13:11:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/17 02:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe -- (NIS)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/01/04 10:27:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/03 11:27:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/08 12:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/28 23:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SHAOPI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/17 12:34:34 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/16 13:57:27 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/03/16 13:57:27 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/03/16 13:57:27 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/03/16 13:57:27 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/03/15 03:28:52 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120320.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/03/02 18:59:42 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/01/17 19:46:01 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\symnets.sys -- (SymNetS)
DRV - [2012/01/17 19:45:57 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\symefa.sys -- (SymEFA)
DRV - [2012/01/17 19:35:24 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\ironx86.sys -- (SymIRON)
DRV - [2012/01/17 19:33:51 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1306010.008\srtsp.sys -- (SRTSP)
DRV - [2012/01/17 19:33:51 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/29 19:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011/10/06 21:32:57 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/25 22:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\symds.sys -- (SymDS)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 12:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/06/21 09:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/04 06:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/01 20:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 07:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 04:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 04:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 04:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/28 12:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/05/21 17:21:12 | 000,467,968 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/04/28 23:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {A77D5939-D652-44C1-B74E-638EA6A571EC}
IE - HKLM\..\SearchScopes\{A77D5939-D652-44C1-B74E-638EA6A571EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...045&form=ZGAPHP
IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..\SearchScopes,DefaultScope = {A77D5939-D652-44C1-B74E-638EA6A571EC}
IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..\SearchScopes\{B0F6A9E6-A20E-2078-1826-6C700C6E8C1D}: "URL" = http://www.bing.com/...045&form=ZGAIDF
IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shao Ping\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shao Ping\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/03/17 12:13:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/04/29 16:12:50 | 000,000,000 | ---D | M]

[2012/02/27 23:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shao Ping\AppData\Roaming\mozilla\Extensions
[2011/05/04 21:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shao Ping\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
[2011/10/28 15:30:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/14 15:03:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Norton Identity Protection = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.5_0\
CHR - Extension: Gmail = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/29 14:44:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Shao Ping\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE686D9C-1118-4B6D-AF90-485802F9C4E4}: DhcpNameServer = 128.6.216.19 128.6.224.114
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 16:12:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Shao Ping\Desktop\OTL.exe
[2012/04/29 15:08:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/29 15:03:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/29 14:50:16 | 000,000,000 | ---D | C] -- C:\Users\Shao Ping\AppData\Local\temp
[2012/04/29 14:28:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/29 14:28:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/29 14:28:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/29 14:28:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/29 14:27:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/29 14:24:03 | 004,479,463 | R--- | C] (Swearware) -- C:\Users\Shao Ping\Desktop\ComboFix.exe
[2012/04/29 13:32:35 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shao Ping\Desktop\tdsskiller.exe
[2012/04/29 12:46:02 | 000,000,000 | ---D | C] -- C:\Users\Shao Ping\Desktop\RK_Quarantine
[2012/04/29 12:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/28 18:29:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Shao Ping\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2012/04/29 16:19:22 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 16:19:22 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 16:11:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/29 16:11:33 | 2790,543,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 16:09:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Shao Ping\Desktop\OTL.exe
[2012/04/29 14:44:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/29 14:43:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596668224-3071289805-285712935-1000UA.job
[2012/04/29 14:22:26 | 004,479,463 | R--- | M] (Swearware) -- C:\Users\Shao Ping\Desktop\ComboFix.exe
[2012/04/29 13:28:36 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shao Ping\Desktop\tdsskiller.exe
[2012/04/29 12:41:46 | 001,280,512 | ---- | M] () -- C:\Users\Shao Ping\Desktop\RogueKiller.exe
[2012/04/28 18:32:05 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/28 18:32:05 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/28 18:18:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Shao Ping\Desktop\dds.scr

========== Files Created - No Company Name ==========

[2012/04/29 14:28:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/29 14:28:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/29 14:28:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/29 14:28:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/29 14:28:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/29 12:44:51 | 001,280,512 | ---- | C] () -- C:\Users\Shao Ping\Desktop\RogueKiller.exe
[2011/12/30 23:21:27 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/12/30 02:00:44 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/18 16:20:46 | 000,007,635 | ---- | C] () -- C:\Users\Shao Ping\AppData\Local\Resmon.ResmonCfg
[2011/10/15 00:11:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2011/10/15 00:11:49 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2011/10/15 00:11:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2011/09/22 00:12:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/29 14:30:38 | 000,132,096 | ---- | C] () -- C:\Windows\System32\Exercise 2.29.exe
[2011/06/29 13:46:14 | 000,150,528 | ---- | C] () -- C:\Windows\System32\Exercise 2.28.exe
[2011/06/29 13:04:30 | 000,099,328 | ---- | C] () -- C:\Windows\System32\Exercise 2.26.exe
[2011/06/29 12:39:37 | 000,100,352 | ---- | C] () -- C:\Windows\System32\Exercise 2.21.exe
[2011/06/29 12:18:16 | 000,151,040 | ---- | C] () -- C:\Windows\System32\Exercise 2.20.exe
[2011/06/26 21:47:54 | 000,150,528 | ---- | C] () -- C:\Windows\System32\Exercise 2.19.exe
[2011/06/03 12:44:26 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/05/31 15:41:26 | 000,036,279 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/02/22 00:32:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/16 11:39:14 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/11/24 09:17:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/11/24 09:17:00 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== LOP Check ==========

[2012/03/07 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Audacity
[2012/03/22 00:59:20 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\BitTorrent
[2012/02/25 14:54:08 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\bsnes
[2011/02/04 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/05 18:23:09 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/10/06 21:34:17 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DAEMON Tools Lite
[2012/03/21 13:43:25 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DC++
[2011/10/26 04:04:22 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DVDVideoSoft
[2011/07/20 00:10:26 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/09 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\FreeAudioPack
[2011/07/11 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\IObit
[2011/05/14 19:52:27 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\MakeMusic
[2011/10/15 00:17:53 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Maple
[2011/07/01 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Moyea
[2011/07/16 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Participatory Culture Foundation
[2011/08/10 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\PCF-VLC
[2011/02/04 19:33:29 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/10/26 03:57:27 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\River Past G5
[2011/10/26 04:20:09 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Softplicity
[2011/06/05 19:33:53 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/29 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\SystemRequirementsLab
[2011/05/04 21:23:45 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\TomTom
[2011/09/17 22:13:15 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Unity
[2012/03/23 13:33:49 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 4/29/2012 4:12:50 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Shao Ping\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 80.06% Memory free
6.93 Gb Paging File | 6.25 Gb Available in Paging File | 90.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 106.24 Gb Free Space | 37.49% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.03 Gb Free Space | 54.92% Space Free | Partition Type: FAT

Computer Name: DOROTHY | User Name: Shao Ping | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\River Past\Audio Converter\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter\AudioConverter.exe:*:Enabled:River Past Audio Converter


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081ACDC0-004E-49FE-8FCA-DBAA86CFF08C}" = lport=57714 | protocol=6 | dir=in | name=pando media booster |
"{0BAD974D-8A71-4527-B5B4-FD11677623E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{144B1E39-D172-4E7F-A5C3-48B75C89F618}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C660F13-F712-4932-B3B0-AF62AD592567}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F0A43C5-DC31-4C1C-B85A-84B6C6FBA8DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{29A1B732-6C5A-4B46-A686-F4B0C8C87013}" = rport=137 | protocol=17 | dir=out | app=system |
"{3202AD11-B4C7-465B-A34E-985F944BAE52}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3D64833E-DA9C-46C9-BCC3-046FD47C8E14}" = rport=445 | protocol=6 | dir=out | app=system |
"{696442F6-54A3-4028-B822-0BAC72E7E93D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7E2F7A43-A55E-4835-A13B-C972FE4E200C}" = lport=57714 | protocol=6 | dir=in | name=pando media booster |
"{8982B56B-FAD6-4695-A8DB-7ECB5FEB28D6}" = lport=57714 | protocol=17 | dir=in | name=pando media booster |
"{8B9CCB6B-86A4-4337-90F7-45918F929C57}" = rport=139 | protocol=6 | dir=out | app=system |
"{8DA2B613-FCE9-4A46-8892-BDD2F667365D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{909165CD-05AE-4ADD-91A1-802A4A2E8077}" = lport=139 | protocol=6 | dir=in | app=system |
"{948C9527-0630-4023-A8D3-3A3C66981D95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7174DB1-C1D1-4405-9B16-59D001F14744}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B4F66471-23A6-4BBC-BFAA-4C948A22C980}" = lport=138 | protocol=17 | dir=in | app=system |
"{BDBBA453-242F-4D0C-A129-658498F75823}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE850A68-186B-403C-A7A3-22A8F0D05FA9}" = lport=49741 | protocol=6 | dir=in | name=akamai netsession interface |
"{D7078454-B677-498C-B026-F80092F7BF3F}" = lport=57714 | protocol=17 | dir=in | name=pando media booster |
"{D76D2059-38D9-48BB-8BBA-B5FC8A09574C}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7F84618-8E8E-41C6-9ED7-F70B6B4B68BC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04797AAB-FBF5-4CAF-8237-76EB42459397}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{04BAF535-9212-4740-8D24-31A8EB8BD330}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{052510B2-1914-41CE-B9BB-AA9E4F2FB02C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{117A0988-E022-4F65-AD6B-E496D0E223C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1302DEF5-0A85-4C2C-8C24-ACD2D04397C7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{16B8D7A9-9E2F-4C9D-A0F7-5438B4CA4BFB}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{1910077B-5AA0-488F-90CA-BB3EF7198E91}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1D4DB56B-6FAA-4814-90A4-5AE9517EA053}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{22893038-4E67-4A43-A489-118777667DE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{258076FD-7074-4BFF-A2C9-255BBA7606C7}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{262BB103-19D7-49C2-B37A-53E6EB5CACC7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{292D4274-B34E-40FF-B070-96778DC7A370}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{2C3C9D95-285A-4B13-B36D-0355BF276D42}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{2D519418-D98D-457D-BB42-6CA8135AD8AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F2C6DFB-C177-4D41-A243-6987F5B6D1C9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{31712B0B-08C8-4A5F-BA26-6DF87593971B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{3A057735-4615-47AD-9D38-DC0CD6DB0C48}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{442B8107-D763-4828-8115-893EB540BA4B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{44B5871F-3160-49AA-B712-A108C5602736}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{52D52E5A-0A9A-4008-81FC-795346E79C64}" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"{546BCABD-B374-4449-8DAB-CD1AD94FB245}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{5905EA4D-052F-432D-ABB0-F36A2D97DB8B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5F366C35-EAB4-47B8-9620-E4787BE95B10}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{64DB23A0-6142-4EF9-91FB-8FE0146532B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{67C112F7-6EBE-48D8-8F95-58801606E9CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69076DB5-DF5A-4982-8EFE-7FFF2FCC81B7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{790CA4FE-7E0B-4508-A328-9734C4CE5436}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7F784D05-88EF-4647-8194-95A4A81AF689}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{82366F9C-4403-4426-9B16-041EAE18E77A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{86EB43BD-DBBB-456B-92C1-182C8E8688AF}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{890BDE6D-A3F0-4F28-8657-6081A4912604}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8A945E5A-FCF0-4CBF-A227-F08A4196DA63}" = dir=in | app=c:\program files\pharossystems\core\ctskmstr.exe |
"{9036C6A2-6C55-4D24-9D5C-60DDD57F052F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{95DB5A05-6D1C-44F7-8CDF-6EECE2CA77D0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{98711A2B-2F05-433D-A55C-D847DF23B875}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9F1B7067-5194-4FC2-8A4B-E1AD4A64D8DD}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"{A05A93B6-108E-48B8-8DF6-1AF63053349C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{A3B8897C-6B1A-4CFC-9FB7-CF91153FE850}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{A3D379A2-9976-4F03-92C5-69623D396813}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{B08C5BC8-3EEF-46A5-B62F-3E0AD1C146C2}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{B3E75AC5-F5C5-4824-9862-D99953F1E0E5}" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"{B53A9BBB-87FB-44B7-BA69-E40E28A6D15F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BB525E21-3165-46C9-8EB2-98699AF3A35A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{BC21686F-AD8B-4280-9D7B-CE793346754C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BCBB5FB2-310A-49E7-A247-2D89C959CE84}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{BD448BB1-CE8F-40EF-98B4-7F8AEC2B5017}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C569CC19-CBCB-4872-B5DA-280F670E1FB5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C8D4296D-9243-4B86-9ECE-9CB8A958F5F6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1325227885\ee\aolsoftware.exe |
"{CA5F87B0-C48F-4F2A-86EB-9D5107E7FD8D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{CD95342E-1621-46C6-B95C-99A16B3AF6DB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D596187D-8062-49AF-AE34-1485435253F6}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"{D6BD81EA-3323-44E7-8E37-F8D7713FE4BB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{D9041F08-0862-4439-8D80-FF1EAE6806D5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1325227885\ee\aolsoftware.exe |
"{D9AB74BC-3A1C-4FD3-A67D-E3ECEA4EE88F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4FF8A45-2A55-451F-B338-8E1971F906C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFA319A0-7615-4531-9226-8CAC6B43953A}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{F20DACB5-FDA3-4E76-9583-57757506A1AB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F5994868-480C-4C21-89E0-2D76C5E9D1D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5D01504-70AD-4DF7-BC5F-E35886CF4208}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FCF1E190-FC6A-4F02-9452-05FE7B75EAF6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"TCP Query User{0CF46C49-21EF-4DB7-B617-6693080A5CFB}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{12F64D14-25D9-4FBD-AF9A-F320FD047EC8}C:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe |
"TCP Query User{24761A21-D973-4F2C-A635-913788A9A6AE}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"TCP Query User{5A5828CD-3EEC-4C26-A2AE-B721245855A3}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"TCP Query User{65C8601E-F81B-4004-8C85-DBD321B8F3B1}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{66B674CE-8452-4ABA-A3C6-3964A9D85DC9}C:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe |
"TCP Query User{74CCABA7-2521-4EAA-B297-0DFA07515E3E}C:\users\shao ping\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\starcraft_2_na_en-us.exe |
"TCP Query User{7CE70BD8-9C71-42D9-AE1E-5FBF2A1BEE93}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{7E0ED1B5-CC84-4F56-A845-E15CF8DC9CAE}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{8817A1AA-5F18-47EC-BE65-CD2D024223D0}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{8AB668E3-5048-49A8-8469-5A0F94270217}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{8CA8BA36-7D91-459A-8B6E-2675AA642AE2}C:\program files\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"TCP Query User{91F8CBA2-4637-40E8-B56B-1663AD97E155}C:\users\shao ping\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\shao ping\appdata\local\akamai\netsession_win.exe |
"TCP Query User{955FC22D-45A4-45FD-8523-2C3F91876E6A}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"TCP Query User{A7BA7618-7A95-4B8D-9278-8621FB134BD7}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{AABF5F79-BD99-41BB-9AF8-06049CEA66EF}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{B4DAA53F-68BF-43C7-B966-EC75EFEA1C84}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{B86231C1-38D9-494C-B1F5-A4788DD419FF}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C19C559B-3662-4D30-94BC-DCBC16E0A789}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{C4B3B9EA-2140-461A-8363-70588BED1B25}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{C4C517C3-61BB-4EA6-95DF-4C9CC54320EE}C:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{C5A4744D-EC73-4B7C-AAAF-58042B45BE44}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{CAC45DBA-D23C-451F-9597-53415F0421F3}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{CE851AEC-6A2E-4A9B-A441-9E0173F6926F}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{D258E28F-2B73-49C3-88DE-E1216700E18C}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{EB674394-D856-4570-9434-1109F8DD8E41}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{FECF061B-F97A-400C-A652-B8BA5D9F4EF9}C:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe |
"UDP Query User{06CF1F92-28A4-4FFF-A2E8-308171B753DC}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{0A9B288A-FFEA-47C9-BD67-162C9FFDF7CD}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{1FACAE53-9824-45B4-96F0-636D390204F3}C:\users\shao ping\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\shao ping\appdata\local\akamai\netsession_win.exe |
"UDP Query User{209E718E-01F8-4931-AC72-251CF8A5A2E6}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{264FC356-3E45-4E4E-A23C-B9CE79A74A0F}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{2AB2F215-50C4-43C1-8F54-FAF7FD6A571F}C:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe |
"UDP Query User{352AF09A-480F-48EB-9184-BF6B7B4739B2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{3CB7CE26-9C17-4B29-BD60-43117C05F9DC}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{4E7520E6-501D-4B64-9C03-A0FD61B3A42E}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{689233FC-2903-4F5B-B593-72A1D60493EF}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{6976B469-D7E4-453E-9166-D6C12877BD71}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{72B1A5CC-1657-44B1-A9C1-8FEB6ACFE982}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{79C5DC6D-C3DD-40FF-85B7-9A2DD6AD464D}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{9CB9BE8F-F290-48BB-A2F0-7F552D956E96}C:\users\shao ping\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\starcraft_2_na_en-us.exe |
"UDP Query User{9DEAC053-FC79-4928-83D6-31736B586605}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{A77D1C84-4601-4AB8-83B7-DE71103BFFDB}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{AC5786F0-29AD-4C72-8DDC-F203C11CE5C8}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{BE9498F0-83FF-4F34-982C-65B4CE579869}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{D11154B8-C235-40F9-9158-DD9FE49AE822}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{D6C1CFE4-BD19-4B5A-A419-676F117B0626}C:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe |
"UDP Query User{EAA564E7-4FA7-4893-8C39-E99713FFA4D8}C:\program files\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |
"UDP Query User{EFCFC40D-BBF6-4BD6-B152-55CE65A5A7C6}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{F0698488-9737-4859-BCB6-D11AE37415AF}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{F090E364-CD77-487C-A9E9-966BE8FFF7CB}C:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe |
"UDP Query User{F586B2D2-E107-4818-B273-0A63751D672D}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{FCCD8475-1283-4E2F-B744-524FBA585800}C:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{FDE7F1FF-DA38-4359-9177-13AE0E609495}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.9
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BitTorrent" = BitTorrent
"CDisplay_is1" = CDisplay 1.8
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DAEMON Tools Lite" = DAEMON Tools Lite
"DC++" = DC++ 0.791
"Dell Webcam Central" = Dell Webcam Central
"Diablo II" = Diablo II
"Finale 2011 Demo" = Finale 2011 Demo
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Maple 13" = Maple 13
"MatlabR2011a" = MATLAB R2011a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Monkey's Audio_is1" = Monkey's Audio
"NIS" = Norton Internet Security
"Pharos" = Pharos
"PROPLUS" = Microsoft Office Professional Plus 2007
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.2
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"TVWiz" = Intel® TV Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZSNESw" = ZSNESw 1.51

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-596668224-3071289805-285712935-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2012 7:36:30 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 48579

Error - 3/15/2012 7:36:30 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 48579

Error - 3/15/2012 7:36:45 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/15/2012 7:36:45 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64179

Error - 3/15/2012 7:36:45 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64179

Error - 3/15/2012 7:37:01 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/15/2012 7:37:01 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 79779

Error - 3/15/2012 7:37:01 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 79779

Error - 3/16/2012 4:21:39 PM | Computer Name = Dorothy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/17/2012 12:33:25 AM | Computer Name = Dorothy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 1/25/2011 1:55:41 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0
Description = 12:55:40 PM - Error connecting to the internet. 12:55:40 PM - Unable
to contact server..

Error - 1/27/2011 10:51:23 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0
Description = 9:51:23 AM - Error connecting to the internet. 9:51:23 AM - Unable
to contact server..

Error - 1/27/2011 10:51:32 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0
Description = 9:51:28 AM - Error connecting to the internet. 9:51:28 AM - Unable
to contact server..

Error - 1/27/2011 11:51:36 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0
Description = 10:51:36 AM - Error connecting to the internet. 10:51:36 AM - Unable
to contact server..

Error - 1/27/2011 11:51:42 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0
Description = 10:51:41 AM - Error connecting to the internet. 10:51:41 AM - Unable
to contact server..

Error - 1/31/2011 4:07:01 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0
Description = 3:07:00 PM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 2/13/2011 10:46:32 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0
Description = 9:46:32 AM - Error connecting to the internet. 9:46:32 AM - Unable
to contact server..

Error - 2/13/2011 10:46:39 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0
Description = 9:46:37 AM - Error connecting to the internet. 9:46:37 AM - Unable
to contact server..

Error - 2/26/2011 10:20:59 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0
Description = 9:20:55 PM - Error connecting to the internet. 9:20:55 PM - Unable
to contact server..

Error - 5/18/2011 9:16:20 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0
Description = 9:16:20 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ System Events ]
Error - 4/29/2012 12:45:05 PM | Computer Name = Dorothy | Source = DCOM | ID = 10005
Description =

Error - 4/29/2012 12:45:05 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Backup service to connect.

Error - 4/29/2012 12:45:05 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7000
Description = The Windows Backup service failed to start due to the following error:
%%1053

Error - 4/29/2012 2:29:46 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/29/2012 2:37:39 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/29/2012 2:44:22 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/29/2012 2:55:13 PM | Computer Name = Dorothy | Source = DCOM | ID = 10010
Description =

Error - 4/29/2012 2:55:35 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/29/2012 2:58:31 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/29/2012 3:03:37 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 03:49 PM

Not much showing, lets get rid of that toolbar........

Please do this:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    :Files
    c:\program files\somototoolbar
    :Commands
    [EMPTYJAVA]
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 warmmilk

warmmilk

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 April 2012 - 04:27 PM

Here are the results:



All processes killed
========== OTL ==========
========== FILES ==========
File\Folder c:\program files\somototoolbar not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shao Ping
->Java cache emptied: 9649892 bytes

Total Java Files Cleaned = 9.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shao Ping
->Temp folder emptied: 1017 bytes
->Temporary Internet Files folder emptied: 31025210 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 369183649 bytes
->Flash cache emptied: 13133 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 382.00 mb


OTL by OldTimer - Version 3.2.42.2 log created on 04292012_172334

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 04:33 PM

OK, I'm not seeing much so far as malware, if you want we can run a couple of more scans.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 warmmilk

warmmilk

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 April 2012 - 04:46 PM

Thank you for all of the help so far. Did we get rid of anything at all with all of the scans? Is it necessary to be connected to the internet when running those scans? (I was disconnected from the internet for all of those scans. ) And sure I guess I'll run some more scans while I'm at it.

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 05:00 PM

No real malware found.

Download aswMBR to your desktop.
http://public.avast....erek/aswMBR.exe
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 warmmilk

warmmilk

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 April 2012 - 06:04 PM

Here are the results:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 18:28:34
-----------------------------
18:28:34.259 OS Version: Windows 6.1.7601 Service Pack 1
18:28:34.259 Number of processors: 2 586 0x170A
18:28:34.259 ComputerName: DOROTHY UserName:
18:28:59.721 Initialize success
18:29:58.786 AVAST engine defs: 12042901
18:30:41.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:30:41.046 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
18:30:41.062 Disk 0 MBR read successfully
18:30:41.077 Disk 0 MBR scan
18:30:41.077 Disk 0 Windows VISTA default MBR code
18:30:41.093 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:30:41.124 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
18:30:41.171 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
18:30:41.186 Disk 0 scanning sectors +625140400
18:30:41.358 Disk 0 scanning C:\Windows\system32\drivers
18:31:11.918 Service scanning
18:33:27.810 Modules scanning
18:34:58.353 Disk 0 trace - called modules:
18:34:58.400 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
18:34:58.743 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x882ee030]
18:34:58.758 3 CLASSPNP.SYS[8cd9959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8684d028]
18:35:00.194 AVAST engine scan C:\Windows
18:35:07.261 AVAST engine scan C:\Windows\system32
18:40:49.170 AVAST engine scan C:\Windows\system32\drivers
18:41:06.642 AVAST engine scan C:\Users\Shao Ping
18:49:09.456 AVAST engine scan C:\ProgramData
18:54:06.029 Scan finished successfully
19:01:58.632 Disk 0 MBR has been saved successfully to "C:\Users\Shao Ping\Desktop\MBR.dat"
19:01:58.648 The log file has been saved successfully to "C:\Users\Shao Ping\Desktop\aswMBR.txt"

#16 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 29 April 2012 - 06:35 PM

That scan was clean....

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
http://www.eset.eu/online-scanner
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Advanced settings and select the following:
[*]Scan potentially unwanted applications
[*]Scan for potentially unsafe applications
[*]Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17 warmmilk

warmmilk

    New Member

  • Members
  • Pip
  • 11 posts

Posted 29 April 2012 - 08:53 PM

Here are the results:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 April 2012 - 07:50 AM

Did it find anything??

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 warmmilk

warmmilk

    New Member

  • Members
  • Pip
  • 11 posts

Posted 30 April 2012 - 09:43 AM

Nope this scan was clean too.

#20 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 April 2012 - 11:00 AM

Well the logs are clean and we've used some very powerful tools.....I'm not seeing much.

Let me know your thoughts, there's a special way to uninstall some of the tools we used.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users