warmmilk

Members

View Profile See their activity

Posts
11
Joined
April 28, 2012
Last visited
June 13, 2012

Reputation

0 Neutral

warmmilk

MrCharlie
Patient, helpful, and nice!
- April 30, 2012
1. MrCharlie
  
  Thanks!!
  
  April 30, 2012
Suspicious activity

warmmilk replied to warmmilk's topic in Resolved Malware Removal Logs

Well if nothing came up after all of these scans I guess it means there isn't anything left to do. I appreciate all of the help and time you put in for me.
- April 30, 2012
- 22 replies
Suspicious activity

warmmilk replied to warmmilk's topic in Resolved Malware Removal Logs

Nope this scan was clean too.
- April 30, 2012
- 22 replies
Suspicious activity

warmmilk replied to warmmilk's topic in Resolved Malware Removal Logs

Here are the results: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK
- April 30, 2012
- 22 replies
Suspicious activity

warmmilk replied to warmmilk's topic in Resolved Malware Removal Logs

Here are the results: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-29 18:28:34 ----------------------------- 18:28:34.259 OS Version: Windows 6.1.7601 Service Pack 1 18:28:34.259 Number of processors: 2 586 0x170A 18:28:34.259 ComputerName: DOROTHY UserName: 18:28:59.721 Initialize success 18:29:58.786 AVAST engine defs: 12042901 18:30:41.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:30:41.046 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3 18:30:41.062 Disk 0 MBR read successfully 18:30:41.077 Disk 0 MBR scan 18:30:41.077 Disk 0 Windows VISTA default MBR code 18:30:41.093 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 18:30:41.124 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325 18:30:41.171 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325 18:30:41.186 Disk 0 scanning sectors +625140400 18:30:41.358 Disk 0 scanning C:\Windows\system32\drivers 18:31:11.918 Service scanning 18:33:27.810 Modules scanning 18:34:58.353 Disk 0 trace - called modules: 18:34:58.400 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 18:34:58.743 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x882ee030] 18:34:58.758 3 CLASSPNP.SYS[8cd9959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8684d028] 18:35:00.194 AVAST engine scan C:\Windows 18:35:07.261 AVAST engine scan C:\Windows\system32 18:40:49.170 AVAST engine scan C:\Windows\system32\drivers 18:41:06.642 AVAST engine scan C:\Users\Shao Ping 18:49:09.456 AVAST engine scan C:\ProgramData 18:54:06.029 Scan finished successfully 19:01:58.632 Disk 0 MBR has been saved successfully to "C:\Users\Shao Ping\Desktop\MBR.dat" 19:01:58.648 The log file has been saved successfully to "C:\Users\Shao Ping\Desktop\aswMBR.txt"
- April 29, 2012
- 22 replies
Suspicious activity

warmmilk replied to warmmilk's topic in Resolved Malware Removal Logs

Thank you for all of the help so far. Did we get rid of anything at all with all of the scans? Is it necessary to be connected to the internet when running those scans? (I was disconnected from the internet for all of those scans. ) And sure I guess I'll run some more scans while I'm at it.
- April 29, 2012
- 22 replies
Suspicious activity

warmmilk replied to warmmilk's topic in Resolved Malware Removal Logs

Here are the results: All processes killed ========== OTL ========== ========== FILES ========== File\Folder c:\program files\somototoolbar not found. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Shao Ping ->Java cache emptied: 9649892 bytes Total Java Files Cleaned = 9.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Shao Ping ->Temp folder emptied: 1017 bytes ->Temporary Internet Files folder emptied: 31025210 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 369183649 bytes ->Flash cache emptied: 13133 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 382.00 mb OTL by OldTimer - Version 3.2.42.2 log created on 04292012_172334 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
- April 29, 2012
- 22 replies
Suspicious activity

warmmilk replied to warmmilk's topic in Resolved Malware Removal Logs

The results from the OTL scan: OTL logfile created on: 4/29/2012 4:12:50 PM - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Shao Ping\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.47 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 80.06% Memory free 6.93 Gb Paging File | 6.25 Gb Available in Paging File | 90.27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283.40 Gb Total Space | 106.24 Gb Free Space | 37.49% Space Free | Partition Type: NTFS Drive E: | 1.87 Gb Total Space | 1.03 Gb Free Space | 54.92% Space Free | Partition Type: FAT Computer Name: DOROTHY | User Name: Shao Ping | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/29 16:09:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Shao Ping\Desktop\OTL.exe PRC - [2012/01/17 02:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/06/08 12:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/06/04 03:29:14 | 000,292,208 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2010/05/31 05:57:12 | 000,056,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2010/05/31 02:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2010/02/17 02:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe ========== Modules (No Company Name) ========== MOD - [2012/02/15 15:46:49 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\87c77503e0f629a8c99765285fa25c76\IAStorUtil.ni.dll MOD - [2012/02/15 15:33:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/02/15 15:32:46 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/02/15 15:32:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/02/15 15:32:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/15 15:32:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/15 15:31:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011/10/12 13:11:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012/01/17 02:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe -- (NIS) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011/01/04 10:27:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/01/03 11:27:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/06/08 12:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster) SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/04/28 23:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SHAOPI~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012/03/17 12:34:34 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/03/16 13:57:27 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVEX15.SYS -- (NAVEX15) DRV - [2012/03/16 13:57:27 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/03/16 13:57:27 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/03/16 13:57:27 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVENG.SYS -- (NAVENG) DRV - [2012/03/15 03:28:52 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120320.002\IDSvix86.sys -- (IDSVix86) DRV - [2012/03/02 18:59:42 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/01/17 19:46:01 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\symnets.sys -- (SymNetS) DRV - [2012/01/17 19:45:57 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\symefa.sys -- (SymEFA) DRV - [2012/01/17 19:35:24 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\ironx86.sys -- (SymIRON) DRV - [2012/01/17 19:33:51 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1306010.008\srtsp.sys -- (SRTSP) DRV - [2012/01/17 19:33:51 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011/11/29 19:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\ccsetx86.sys -- (ccSet_NIS) DRV - [2011/10/06 21:32:57 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/07/25 22:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\symds.sys -- (SymDS) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/08/12 12:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2010/06/21 09:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/07/04 06:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009/07/01 20:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci) DRV - [2009/06/30 07:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009/06/25 04:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009/06/25 04:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009/06/25 04:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009/05/28 12:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv) DRV - [2009/05/21 17:21:12 | 000,467,968 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009/04/28 23:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {A77D5939-D652-44C1-B74E-638EA6A571EC} IE - HKLM\..\SearchScopes\{A77D5939-D652-44C1-B74E-638EA6A571EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...045&form=ZGAPHP IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..\SearchScopes,DefaultScope = {A77D5939-D652-44C1-B74E-638EA6A571EC} IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..\SearchScopes\{B0F6A9E6-A20E-2078-1826-6C700C6E8C1D}: "URL" = http://www.bing.com/...045&form=ZGAIDF IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shao Ping\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shao Ping\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/03/17 12:13:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/04/29 16:12:50 | 000,000,000 | ---D | M] [2012/02/27 23:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shao Ping\AppData\Roaming\mozilla\Extensions [2011/05/04 21:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shao Ping\AppData\Roaming\mozilla\Extensions\home2@tomtom.com File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM [2011/10/28 15:30:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/05/14 15:03:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: Norton Identity Protection = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.5_0\ CHR - Extension: Gmail = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/04/29 14:44:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Shao Ping\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}: DhcpNameServer = 192.168.1.1 71.250.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE686D9C-1118-4B6D-AF90-485802F9C4E4}: DhcpNameServer = 128.6.216.19 128.6.224.114 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/04/29 16:12:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Shao Ping\Desktop\OTL.exe [2012/04/29 15:08:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/04/29 15:03:29 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/04/29 14:50:16 | 000,000,000 | ---D | C] -- C:\Users\Shao Ping\AppData\Local\temp [2012/04/29 14:28:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/04/29 14:28:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/04/29 14:28:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/04/29 14:28:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/04/29 14:27:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/29 14:24:03 | 004,479,463 | R--- | C] (Swearware) -- C:\Users\Shao Ping\Desktop\ComboFix.exe [2012/04/29 13:32:35 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shao Ping\Desktop\tdsskiller.exe [2012/04/29 12:46:02 | 000,000,000 | ---D | C] -- C:\Users\Shao Ping\Desktop\RK_Quarantine [2012/04/29 12:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/04/28 18:29:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Shao Ping\Desktop\dds.scr ========== Files - Modified Within 30 Days ========== [2012/04/29 16:19:22 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/29 16:19:22 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/29 16:11:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/29 16:11:33 | 2790,543,360 | -HS- | M] () -- C:\hiberfil.sys [2012/04/29 16:09:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Shao Ping\Desktop\OTL.exe [2012/04/29 14:44:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/04/29 14:43:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596668224-3071289805-285712935-1000UA.job [2012/04/29 14:22:26 | 004,479,463 | R--- | M] (Swearware) -- C:\Users\Shao Ping\Desktop\ComboFix.exe [2012/04/29 13:28:36 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shao Ping\Desktop\tdsskiller.exe [2012/04/29 12:41:46 | 001,280,512 | ---- | M] () -- C:\Users\Shao Ping\Desktop\RogueKiller.exe [2012/04/28 18:32:05 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/28 18:32:05 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/28 18:18:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Shao Ping\Desktop\dds.scr ========== Files Created - No Company Name ========== [2012/04/29 14:28:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/04/29 14:28:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/04/29 14:28:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/04/29 14:28:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/04/29 14:28:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/04/29 12:44:51 | 001,280,512 | ---- | C] () -- C:\Users\Shao Ping\Desktop\RogueKiller.exe [2011/12/30 23:21:27 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2011/12/30 02:00:44 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2011/12/18 16:20:46 | 000,007,635 | ---- | C] () -- C:\Users\Shao Ping\AppData\Local\Resmon.ResmonCfg [2011/10/15 00:11:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll [2011/10/15 00:11:49 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll [2011/10/15 00:11:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll [2011/09/22 00:12:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/06/29 14:30:38 | 000,132,096 | ---- | C] () -- C:\Windows\System32\Exercise 2.29.exe [2011/06/29 13:46:14 | 000,150,528 | ---- | C] () -- C:\Windows\System32\Exercise 2.28.exe [2011/06/29 13:04:30 | 000,099,328 | ---- | C] () -- C:\Windows\System32\Exercise 2.26.exe [2011/06/29 12:39:37 | 000,100,352 | ---- | C] () -- C:\Windows\System32\Exercise 2.21.exe [2011/06/29 12:18:16 | 000,151,040 | ---- | C] () -- C:\Windows\System32\Exercise 2.20.exe [2011/06/26 21:47:54 | 000,150,528 | ---- | C] () -- C:\Windows\System32\Exercise 2.19.exe [2011/06/03 12:44:26 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011/05/31 15:41:26 | 000,036,279 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011/02/22 00:32:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/12/16 11:39:14 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010/11/24 09:17:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010/11/24 09:17:00 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== LOP Check ========== [2012/03/07 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Audacity [2012/03/22 00:59:20 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\BitTorrent [2012/02/25 14:54:08 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\bsnes [2011/02/04 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/06/05 18:23:09 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011/10/06 21:34:17 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DAEMON Tools Lite [2012/03/21 13:43:25 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DC++ [2011/10/26 04:04:22 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DVDVideoSoft [2011/07/20 00:10:26 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DVDVideoSoftIEHelpers [2011/04/09 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\FreeAudioPack [2011/07/11 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\IObit [2011/05/14 19:52:27 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\MakeMusic [2011/10/15 00:17:53 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Maple [2011/07/01 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Moyea [2011/07/16 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Participatory Culture Foundation [2011/08/10 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\PCF-VLC [2011/02/04 19:33:29 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1 [2011/10/26 03:57:27 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\River Past G5 [2011/10/26 04:20:09 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Softplicity [2011/06/05 19:33:53 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/02/29 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\SystemRequirementsLab [2011/05/04 21:23:45 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\TomTom [2011/09/17 22:13:15 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Unity [2012/03/23 13:33:49 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 4/29/2012 4:12:50 PM - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Shao Ping\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.47 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 80.06% Memory free 6.93 Gb Paging File | 6.25 Gb Available in Paging File | 90.27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283.40 Gb Total Space | 106.24 Gb Free Space | 37.49% Space Free | Partition Type: NTFS Drive E: | 1.87 Gb Total Space | 1.03 Gb Free Space | 54.92% Space Free | Partition Type: FAT Computer Name: DOROTHY | User Name: Shao Ping | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\River Past\Audio Converter\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter\AudioConverter.exe:*:Enabled:River Past Audio Converter ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{081ACDC0-004E-49FE-8FCA-DBAA86CFF08C}" = lport=57714 | protocol=6 | dir=in | name=pando media booster | "{0BAD974D-8A71-4527-B5B4-FD11677623E6}" = lport=445 | protocol=6 | dir=in | app=system | "{144B1E39-D172-4E7F-A5C3-48B75C89F618}" = rport=138 | protocol=17 | dir=out | app=system | "{1C660F13-F712-4932-B3B0-AF62AD592567}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1F0A43C5-DC31-4C1C-B85A-84B6C6FBA8DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{29A1B732-6C5A-4B46-A686-F4B0C8C87013}" = rport=137 | protocol=17 | dir=out | app=system | "{3202AD11-B4C7-465B-A34E-985F944BAE52}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3D64833E-DA9C-46C9-BCC3-046FD47C8E14}" = rport=445 | protocol=6 | dir=out | app=system | "{696442F6-54A3-4028-B822-0BAC72E7E93D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{7E2F7A43-A55E-4835-A13B-C972FE4E200C}" = lport=57714 | protocol=6 | dir=in | name=pando media booster | "{8982B56B-FAD6-4695-A8DB-7ECB5FEB28D6}" = lport=57714 | protocol=17 | dir=in | name=pando media booster | "{8B9CCB6B-86A4-4337-90F7-45918F929C57}" = rport=139 | protocol=6 | dir=out | app=system | "{8DA2B613-FCE9-4A46-8892-BDD2F667365D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{909165CD-05AE-4ADD-91A1-802A4A2E8077}" = lport=139 | protocol=6 | dir=in | app=system | "{948C9527-0630-4023-A8D3-3A3C66981D95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A7174DB1-C1D1-4405-9B16-59D001F14744}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B4F66471-23A6-4BBC-BFAA-4C948A22C980}" = lport=138 | protocol=17 | dir=in | app=system | "{BDBBA453-242F-4D0C-A129-658498F75823}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CE850A68-186B-403C-A7A3-22A8F0D05FA9}" = lport=49741 | protocol=6 | dir=in | name=akamai netsession interface | "{D7078454-B677-498C-B026-F80092F7BF3F}" = lport=57714 | protocol=17 | dir=in | name=pando media booster | "{D76D2059-38D9-48BB-8BBA-B5FC8A09574C}" = lport=137 | protocol=17 | dir=in | app=system | "{E7F84618-8E8E-41C6-9ED7-F70B6B4B68BC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04797AAB-FBF5-4CAF-8237-76EB42459397}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{04BAF535-9212-4740-8D24-31A8EB8BD330}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | "{052510B2-1914-41CE-B9BB-AA9E4F2FB02C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{117A0988-E022-4F65-AD6B-E496D0E223C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1302DEF5-0A85-4C2C-8C24-ACD2D04397C7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{16B8D7A9-9E2F-4C9D-A0F7-5438B4CA4BFB}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{1910077B-5AA0-488F-90CA-BB3EF7198E91}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{1D4DB56B-6FAA-4814-90A4-5AE9517EA053}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{22893038-4E67-4A43-A489-118777667DE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | "{258076FD-7074-4BFF-A2C9-255BBA7606C7}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{262BB103-19D7-49C2-B37A-53E6EB5CACC7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{292D4274-B34E-40FF-B070-96778DC7A370}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{2C3C9D95-285A-4B13-B36D-0355BF276D42}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe | "{2D519418-D98D-457D-BB42-6CA8135AD8AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2F2C6DFB-C177-4D41-A243-6987F5B6D1C9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{31712B0B-08C8-4A5F-BA26-6DF87593971B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{3A057735-4615-47AD-9D38-DC0CD6DB0C48}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | "{442B8107-D763-4828-8115-893EB540BA4B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | "{44B5871F-3160-49AA-B712-A108C5602736}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{52D52E5A-0A9A-4008-81FC-795346E79C64}" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe | "{546BCABD-B374-4449-8DAB-CD1AD94FB245}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{5905EA4D-052F-432D-ABB0-F36A2D97DB8B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{5F366C35-EAB4-47B8-9620-E4787BE95B10}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{64DB23A0-6142-4EF9-91FB-8FE0146532B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{67C112F7-6EBE-48D8-8F95-58801606E9CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{69076DB5-DF5A-4982-8EFE-7FFF2FCC81B7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{790CA4FE-7E0B-4508-A328-9734C4CE5436}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{7F784D05-88EF-4647-8194-95A4A81AF689}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{82366F9C-4403-4426-9B16-041EAE18E77A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{86EB43BD-DBBB-456B-92C1-182C8E8688AF}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe | "{890BDE6D-A3F0-4F28-8657-6081A4912604}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8A945E5A-FCF0-4CBF-A227-F08A4196DA63}" = dir=in | app=c:\program files\pharossystems\core\ctskmstr.exe | "{9036C6A2-6C55-4D24-9D5C-60DDD57F052F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe | "{95DB5A05-6D1C-44F7-8CDF-6EECE2CA77D0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{98711A2B-2F05-433D-A55C-D847DF23B875}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{9F1B7067-5194-4FC2-8A4B-E1AD4A64D8DD}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe | "{A05A93B6-108E-48B8-8DF6-1AF63053349C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | "{A3B8897C-6B1A-4CFC-9FB7-CF91153FE850}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{A3D379A2-9976-4F03-92C5-69623D396813}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{B08C5BC8-3EEF-46A5-B62F-3E0AD1C146C2}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "{B3E75AC5-F5C5-4824-9862-D99953F1E0E5}" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe | "{B53A9BBB-87FB-44B7-BA69-E40E28A6D15F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BB525E21-3165-46C9-8EB2-98699AF3A35A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "{BC21686F-AD8B-4280-9D7B-CE793346754C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{BCBB5FB2-310A-49E7-A247-2D89C959CE84}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{BD448BB1-CE8F-40EF-98B4-7F8AEC2B5017}" = dir=in | app=c:\program files\itunes\itunes.exe | "{C569CC19-CBCB-4872-B5DA-280F670E1FB5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C8D4296D-9243-4B86-9ECE-9CB8A958F5F6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1325227885\ee\aolsoftware.exe | "{CA5F87B0-C48F-4F2A-86EB-9D5107E7FD8D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{CD95342E-1621-46C6-B95C-99A16B3AF6DB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D596187D-8062-49AF-AE34-1485435253F6}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe | "{D6BD81EA-3323-44E7-8E37-F8D7713FE4BB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{D9041F08-0862-4439-8D80-FF1EAE6806D5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1325227885\ee\aolsoftware.exe | "{D9AB74BC-3A1C-4FD3-A67D-E3ECEA4EE88F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E4FF8A45-2A55-451F-B338-8E1971F906C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EFA319A0-7615-4531-9226-8CAC6B43953A}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe | "{F20DACB5-FDA3-4E76-9583-57757506A1AB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{F5994868-480C-4C21-89E0-2D76C5E9D1D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F5D01504-70AD-4DF7-BC5F-E35886CF4208}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{FCF1E190-FC6A-4F02-9452-05FE7B75EAF6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | "TCP Query User{0CF46C49-21EF-4DB7-B617-6693080A5CFB}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{12F64D14-25D9-4FBD-AF9A-F320FD047EC8}C:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe | "TCP Query User{24761A21-D973-4F2C-A635-913788A9A6AE}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe | "TCP Query User{5A5828CD-3EEC-4C26-A2AE-B721245855A3}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe | "TCP Query User{65C8601E-F81B-4004-8C85-DBD321B8F3B1}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe | "TCP Query User{66B674CE-8452-4ABA-A3C6-3964A9D85DC9}C:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe | "TCP Query User{74CCABA7-2521-4EAA-B297-0DFA07515E3E}C:\users\shao ping\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\starcraft_2_na_en-us.exe | "TCP Query User{7CE70BD8-9C71-42D9-AE1E-5FBF2A1BEE93}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "TCP Query User{7E0ED1B5-CC84-4F56-A845-E15CF8DC9CAE}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{8817A1AA-5F18-47EC-BE65-CD2D024223D0}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe | "TCP Query User{8AB668E3-5048-49A8-8469-5A0F94270217}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe | "TCP Query User{8CA8BA36-7D91-459A-8B6E-2675AA642AE2}C:\program files\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe | "TCP Query User{91F8CBA2-4637-40E8-B56B-1663AD97E155}C:\users\shao ping\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\shao ping\appdata\local\akamai\netsession_win.exe | "TCP Query User{955FC22D-45A4-45FD-8523-2C3F91876E6A}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "TCP Query User{A7BA7618-7A95-4B8D-9278-8621FB134BD7}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{AABF5F79-BD99-41BB-9AF8-06049CEA66EF}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | "TCP Query User{B4DAA53F-68BF-43C7-B966-EC75EFEA1C84}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe | "TCP Query User{B86231C1-38D9-494C-B1F5-A4788DD419FF}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "TCP Query User{C19C559B-3662-4D30-94BC-DCBC16E0A789}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe | "TCP Query User{C4B3B9EA-2140-461A-8363-70588BED1B25}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{C4C517C3-61BB-4EA6-95DF-4C9CC54320EE}C:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe | "TCP Query User{C5A4744D-EC73-4B7C-AAAF-58042B45BE44}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe | "TCP Query User{CAC45DBA-D23C-451F-9597-53415F0421F3}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | "TCP Query User{CE851AEC-6A2E-4A9B-A441-9E0173F6926F}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe | "TCP Query User{D258E28F-2B73-49C3-88DE-E1216700E18C}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | "TCP Query User{EB674394-D856-4570-9434-1109F8DD8E41}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{FECF061B-F97A-400C-A652-B8BA5D9F4EF9}C:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe | "UDP Query User{06CF1F92-28A4-4FFF-A2E8-308171B753DC}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{0A9B288A-FFEA-47C9-BD67-162C9FFDF7CD}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe | "UDP Query User{1FACAE53-9824-45B4-96F0-636D390204F3}C:\users\shao ping\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\shao ping\appdata\local\akamai\netsession_win.exe | "UDP Query User{209E718E-01F8-4931-AC72-251CF8A5A2E6}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{264FC356-3E45-4E4E-A23C-B9CE79A74A0F}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | "UDP Query User{2AB2F215-50C4-43C1-8F54-FAF7FD6A571F}C:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe | "UDP Query User{352AF09A-480F-48EB-9184-BF6B7B4739B2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "UDP Query User{3CB7CE26-9C17-4B29-BD60-43117C05F9DC}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe | "UDP Query User{4E7520E6-501D-4B64-9C03-A0FD61B3A42E}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe | "UDP Query User{689233FC-2903-4F5B-B593-72A1D60493EF}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{6976B469-D7E4-453E-9166-D6C12877BD71}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe | "UDP Query User{72B1A5CC-1657-44B1-A9C1-8FEB6ACFE982}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | "UDP Query User{79C5DC6D-C3DD-40FF-85B7-9A2DD6AD464D}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{9CB9BE8F-F290-48BB-A2F0-7F552D956E96}C:\users\shao ping\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\starcraft_2_na_en-us.exe | "UDP Query User{9DEAC053-FC79-4928-83D6-31736B586605}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{A77D1C84-4601-4AB8-83B7-DE71103BFFDB}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "UDP Query User{AC5786F0-29AD-4C72-8DDC-F203C11CE5C8}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{BE9498F0-83FF-4F34-982C-65B4CE579869}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe | "UDP Query User{D11154B8-C235-40F9-9158-DD9FE49AE822}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | "UDP Query User{D6C1CFE4-BD19-4B5A-A419-676F117B0626}C:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe | "UDP Query User{EAA564E7-4FA7-4893-8C39-E99713FFA4D8}C:\program files\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe | "UDP Query User{EFCFC40D-BBF6-4BD6-B152-55CE65A5A7C6}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "UDP Query User{F0698488-9737-4859-BCB6-D11AE37415AF}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{F090E364-CD77-487C-A9E9-966BE8FFF7CB}C:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe | "UDP Query User{F586B2D2-E107-4818-B273-0A63751D672D}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe | "UDP Query User{FCCD8475-1283-4E2F-B744-524FBA585800}C:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe | "UDP Query User{FDE7F1FF-DA38-4359-9177-13AE0E609495}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708 "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.9 "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "BitTorrent" = BitTorrent "CDisplay_is1" = CDisplay 1.8 "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "DAEMON Tools Lite" = DAEMON Tools Lite "DC++" = DC++ 0.791 "Dell Webcam Central" = Dell Webcam Central "Diablo II" = Diablo II "Finale 2011 Demo" = Finale 2011 Demo "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Maple 13" = Maple 13 "MatlabR2011a" = MATLAB R2011a "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU "Monkey's Audio_is1" = Monkey's Audio "NIS" = Norton Internet Security "Pharos" = Pharos "PROPLUS" = Microsoft Office Professional Plus 2007 "SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.2 "StarCraft" = StarCraft "StarCraft II" = StarCraft II "TVWiz" = Intel® TV Wizard "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 0.9.2 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "ZSNESw" = ZSNESw 1.51 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-596668224-3071289805-285712935-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/15/2012 7:36:30 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 48579 Error - 3/15/2012 7:36:30 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 48579 Error - 3/15/2012 7:36:45 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 3/15/2012 7:36:45 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 64179 Error - 3/15/2012 7:36:45 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 64179 Error - 3/15/2012 7:37:01 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 3/15/2012 7:37:01 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 79779 Error - 3/15/2012 7:37:01 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 79779 Error - 3/16/2012 4:21:39 PM | Computer Name = Dorothy | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 3/17/2012 12:33:25 AM | Computer Name = Dorothy | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. [ Media Center Events ] Error - 1/25/2011 1:55:41 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0 Description = 12:55:40 PM - Error connecting to the internet. 12:55:40 PM - Unable to contact server.. Error - 1/27/2011 10:51:23 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0 Description = 9:51:23 AM - Error connecting to the internet. 9:51:23 AM - Unable to contact server.. Error - 1/27/2011 10:51:32 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0 Description = 9:51:28 AM - Error connecting to the internet. 9:51:28 AM - Unable to contact server.. Error - 1/27/2011 11:51:36 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0 Description = 10:51:36 AM - Error connecting to the internet. 10:51:36 AM - Unable to contact server.. Error - 1/27/2011 11:51:42 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0 Description = 10:51:41 AM - Error connecting to the internet. 10:51:41 AM - Unable to contact server.. Error - 1/31/2011 4:07:01 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0 Description = 3:07:00 PM - Failed to retrieve SportsSchedule (Error: The operation has timed out) Error - 2/13/2011 10:46:32 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0 Description = 9:46:32 AM - Error connecting to the internet. 9:46:32 AM - Unable to contact server.. Error - 2/13/2011 10:46:39 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0 Description = 9:46:37 AM - Error connecting to the internet. 9:46:37 AM - Unable to contact server.. Error - 2/26/2011 10:20:59 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0 Description = 9:20:55 PM - Error connecting to the internet. 9:20:55 PM - Unable to contact server.. Error - 5/18/2011 9:16:20 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0 Description = 9:16:20 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) [ System Events ] Error - 4/29/2012 12:45:05 PM | Computer Name = Dorothy | Source = DCOM | ID = 10005 Description = Error - 4/29/2012 12:45:05 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Backup service to connect. Error - 4/29/2012 12:45:05 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7000 Description = The Windows Backup service failed to start due to the following error: %%1053 Error - 4/29/2012 2:29:46 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/29/2012 2:37:39 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/29/2012 2:44:22 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/29/2012 2:55:13 PM | Computer Name = Dorothy | Source = DCOM | ID = 10010 Description = Error - 4/29/2012 2:55:35 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/29/2012 2:58:31 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/29/2012 3:03:37 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report >
- April 29, 2012
- 22 replies
Suspicious activity

warmmilk replied to warmmilk's topic in Resolved Malware Removal Logs

Here are the results from the ComboFix scan: ComboFix 12-04-29.02 - Shao Ping 04/29/2012 14:30:53.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3548.2479 [GMT -4:00] Running from: c:\users\Shao Ping\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Mozilla Firefox\searchplugins\search.xml . . ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 ))))))))))))))))))))))))))))))) . . 2012-04-29 16:44 . 2012-04-29 16:44 -------- d-----w- c:\program files\Common Files\Java 2012-04-29 16:43 . 2012-04-29 16:43 476960 ----a-w- c:\windows\system32\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-29 16:43 . 2010-12-16 15:40 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-17 16:34 . 2012-03-16 17:35 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-02-23 13:18 . 2011-01-03 14:56 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 05:34 . 2012-03-13 20:35 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14 . 2012-03-13 20:35 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13 . 2012-03-13 20:35 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:38 . 2012-03-14 03:08 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-08 06:03 . 2012-03-16 17:31 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70E2240A-B207-42CC-984B-334030BFAD41}\mpengine.dll 2012-02-03 03:54 . 2012-03-14 03:08 2343424 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2011-09-07 19:53 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 01:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2010-08-20 00:06 487562 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-01-13 19:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-04 1343400] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1306010.008\SYMDS.SYS [2011-07-26 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1306010.008\SYMEFA.SYS [2012-01-17 905336] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-02 820856] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1306010.008\ccSetx86.sys [2011-11-29 132744] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120320.002\IDSvix86.sys [2012-03-15 368248] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1306010.008\Ironx86.SYS [2012-01-17 149624] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1306010.008\SYMNETS.SYS [2012-01-17 318584] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe [2012-01-17 138232] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-06-30 49152] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-07 232512] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-16 106104] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mchInjDrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService . Contents of the 'Scheduled Tasks' folder . 2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596668224-3071289805-285712935-1000Core.job - c:\users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 03:29] . 2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596668224-3071289805-285712935-1000UA.job - c:\users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 03:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Shao Ping\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.1 71.250.0.12 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) MSConfigStartUp-Akamai NetSession Interface - c:\users\Shao Ping\AppData\Local\Akamai\netsession_win.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.6.1.8\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-29 14:50:07 ComboFix-quarantined-files.txt 2012-04-29 18:50 . Pre-Run: 113,130,811,392 bytes free Post-Run: 113,957,761,024 bytes free . - - End Of File - - 6FDD721BC5598CAB163896B6B47B07A8
- April 29, 2012
- 22 replies
Suspicious activity

warmmilk replied to warmmilk's topic in Resolved Malware Removal Logs

Here are the results from the TDSSKiller scan: 13:34:57.0974 2472 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 13:34:58.0020 2472 ============================================================ 13:34:58.0020 2472 Current date / time: 2012/04/29 13:34:58.0020 13:34:58.0020 2472 SystemInfo: 13:34:58.0020 2472 13:34:58.0020 2472 OS Version: 6.1.7601 ServicePack: 1.0 13:34:58.0020 2472 Product type: Workstation 13:34:58.0020 2472 ComputerName: DOROTHY 13:34:58.0020 2472 UserName: Shao Ping 13:34:58.0020 2472 Windows directory: C:\Windows 13:34:58.0020 2472 System windows directory: C:\Windows 13:34:58.0020 2472 Processor architecture: Intel x86 13:34:58.0020 2472 Number of processors: 2 13:34:58.0020 2472 Page size: 0x1000 13:34:58.0020 2472 Boot type: Normal boot 13:34:58.0020 2472 ============================================================ 13:34:59.0986 2472 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 13:34:59.0986 2472 Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 13:35:00.0002 2472 ============================================================ 13:35:00.0002 2472 \Device\Harddisk0\DR0: 13:35:00.0002 2472 MBR partitions: 13:35:00.0002 2472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000 13:35:00.0002 2472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB 13:35:00.0002 2472 \Device\Harddisk1\DR1: 13:35:00.0002 2472 MBR partitions: 13:35:00.0002 2472 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BFFE0 13:35:00.0002 2472 ============================================================ 13:35:00.0158 2472 C: <-> \Device\Harddisk0\DR0\Partition1 13:35:00.0158 2472 ============================================================ 13:35:00.0158 2472 Initialize success 13:35:00.0158 2472 ============================================================ 13:35:26.0881 1424 ============================================================ 13:35:26.0881 1424 Scan started 13:35:26.0881 1424 Mode: Manual; SigCheck; TDLFS; 13:35:26.0881 1424 ============================================================ 13:35:27.0770 1424 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 13:35:27.0848 1424 !SASCORE - ok 13:35:30.0656 1424 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 13:35:30.0812 1424 1394ohci - ok 13:35:31.0529 1424 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 13:35:31.0592 1424 ACPI - ok 13:35:31.0763 1424 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 13:35:31.0935 1424 AcpiPmi - ok 13:35:32.0138 1424 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 13:35:32.0481 1424 adp94xx - ok 13:35:32.0871 1424 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 13:35:32.0965 1424 adpahci - ok 13:35:33.0199 1424 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 13:35:33.0245 1424 adpu320 - ok 13:35:33.0557 1424 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 13:35:33.0635 1424 AeLookupSvc - ok 13:35:33.0901 1424 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 13:35:34.0041 1424 AFD - ok 13:35:34.0135 1424 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 13:35:34.0150 1424 agp440 - ok 13:35:34.0353 1424 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 13:35:34.0384 1424 aic78xx - ok 13:35:34.0634 1424 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 13:35:34.0743 1424 ALG - ok 13:35:34.0883 1424 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 13:35:34.0899 1424 aliide - ok 13:35:35.0164 1424 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 13:35:35.0211 1424 amdagp - ok 13:35:35.0351 1424 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 13:35:35.0367 1424 amdide - ok 13:35:35.0601 1424 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 13:35:35.0695 1424 AmdK8 - ok 13:35:35.0788 1424 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 13:35:35.0882 1424 AmdPPM - ok 13:35:35.0960 1424 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 13:35:35.0975 1424 amdsata - ok 13:35:36.0116 1424 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 13:35:36.0163 1424 amdsbs - ok 13:35:36.0225 1424 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 13:35:36.0241 1424 amdxata - ok 13:35:37.0177 1424 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys 13:35:37.0255 1424 ApfiltrService - ok 13:35:37.0364 1424 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 13:35:37.0879 1424 AppID - ok 13:35:38.0081 1424 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 13:35:38.0175 1424 AppIDSvc - ok 13:35:38.0409 1424 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 13:35:38.0503 1424 Appinfo - ok 13:35:39.0220 1424 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 13:35:39.0251 1424 Apple Mobile Device - ok 13:35:39.0563 1424 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 13:35:39.0641 1424 AppMgmt - ok 13:35:39.0782 1424 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 13:35:39.0829 1424 arc - ok 13:35:39.0891 1424 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 13:35:39.0907 1424 arcsas - ok 13:35:40.0796 1424 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 13:35:40.0967 1424 aspnet_state - ok 13:35:41.0014 1424 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 13:35:42.0761 1424 AsyncMac - ok 13:35:42.0933 1424 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 13:35:42.0980 1424 atapi - ok 13:35:44.0992 1424 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys 13:35:45.0507 1424 athr - ok 13:35:45.0881 1424 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 13:35:45.0944 1424 AudioEndpointBuilder - ok 13:35:45.0959 1424 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 13:35:45.0975 1424 Audiosrv - ok 13:35:46.0537 1424 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 13:35:46.0615 1424 AxInstSV - ok 13:35:47.0145 1424 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 13:35:47.0270 1424 b06bdrv - ok 13:35:47.0441 1424 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 13:35:47.0519 1424 b57nd60x - ok 13:35:47.0800 1424 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 13:35:47.0863 1424 BDESVC - ok 13:35:47.0987 1424 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 13:35:48.0065 1424 Beep - ok 13:35:50.0608 1424 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 13:35:50.0686 1424 BFE - ok 13:35:54.0274 1424 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys 13:35:54.0321 1424 BHDrvx86 - ok 13:35:56.0614 1424 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 13:35:56.0723 1424 BITS - ok 13:35:57.0223 1424 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 13:35:57.0316 1424 blbdrive - ok 13:35:58.0143 1424 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 13:35:58.0237 1424 Bonjour Service - ok 13:35:58.0642 1424 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 13:35:58.0720 1424 bowser - ok 13:35:58.0845 1424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:35:58.0892 1424 BrFiltLo - ok 13:35:58.0923 1424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:35:59.0032 1424 BrFiltUp - ok 13:35:59.0563 1424 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 13:35:59.0625 1424 Browser - ok 13:36:00.0093 1424 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 13:36:00.0202 1424 Brserid - ok 13:36:00.0608 1424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 13:36:00.0686 1424 BrSerWdm - ok 13:36:00.0779 1424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:36:00.0842 1424 BrUsbMdm - ok 13:36:00.0920 1424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 13:36:01.0029 1424 BrUsbSer - ok 13:36:01.0341 1424 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 13:36:01.0435 1424 BTHMODEM - ok 13:36:01.0559 1424 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 13:36:01.0637 1424 bthserv - ok 13:36:02.0105 1424 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1306010.008\ccSetx86.sys 13:36:02.0137 1424 ccSet_NIS - ok 13:36:02.0527 1424 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 13:36:02.0636 1424 cdfs - ok 13:36:03.0385 1424 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 13:36:03.0463 1424 cdrom - ok 13:36:03.0837 1424 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 13:36:03.0931 1424 CertPropSvc - ok 13:36:04.0009 1424 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 13:36:04.0071 1424 circlass - ok 13:36:04.0477 1424 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 13:36:04.0523 1424 CLFS - ok 13:36:05.0475 1424 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:36:05.0553 1424 clr_optimization_v2.0.50727_32 - ok 13:36:05.0943 1424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:36:06.0317 1424 clr_optimization_v4.0.30319_32 - ok 13:36:06.0395 1424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 13:36:06.0458 1424 CmBatt - ok 13:36:06.0551 1424 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 13:36:06.0567 1424 cmdide - ok 13:36:07.0347 1424 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 13:36:07.0597 1424 CNG - ok 13:36:08.0345 1424 CnxtHdAudService (053f7c2624d5b0ff60f1f372c4ac2fe7) C:\Windows\system32\drivers\CHDRT32.sys 13:36:08.0408 1424 CnxtHdAudService - ok 13:36:08.0579 1424 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 13:36:08.0595 1424 Compbatt - ok 13:36:08.0798 1424 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 13:36:08.0860 1424 CompositeBus - ok 13:36:08.0907 1424 COMSysApp - ok 13:36:09.0094 1424 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 13:36:09.0157 1424 crcdisk - ok 13:36:10.0061 1424 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 13:36:10.0139 1424 CryptSvc - ok 13:36:10.0498 1424 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 13:36:10.0592 1424 CSC - ok 13:36:10.0997 1424 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll 13:36:11.0075 1424 CscService - ok 13:36:11.0855 1424 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys 13:36:11.0980 1424 CtAudDrv - ok 13:36:12.0448 1424 CtClsFlt (ceba8413f9b2c73a4e9e16dbd127dc25) C:\Windows\system32\DRIVERS\CtClsFlt.sys 13:36:12.0511 1424 CtClsFlt - ok 13:36:13.0197 1424 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 13:36:13.0275 1424 DcomLaunch - ok 13:36:13.0415 1424 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 13:36:13.0556 1424 defragsvc - ok 13:36:14.0039 1424 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 13:36:14.0102 1424 DfsC - ok 13:36:14.0507 1424 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 13:36:14.0570 1424 Dhcp - ok 13:36:14.0788 1424 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 13:36:14.0897 1424 discache - ok 13:36:15.0334 1424 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 13:36:15.0350 1424 Disk - ok 13:36:15.0911 1424 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 13:36:15.0958 1424 Dnscache - ok 13:36:17.0471 1424 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 13:36:17.0565 1424 dot3svc - ok 13:36:18.0595 1424 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 13:36:18.0766 1424 DPS - ok 13:36:18.0844 1424 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 13:36:18.0891 1424 drmkaud - ok 13:36:20.0404 1424 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 13:36:20.0451 1424 dtsoftbus01 - ok 13:36:23.0165 1424 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 13:36:23.0212 1424 DXGKrnl - ok 13:36:23.0337 1424 EagleNT - ok 13:36:23.0431 1424 EagleXNt - ok 13:36:23.0758 1424 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 13:36:23.0836 1424 EapHost - ok 13:36:24.0507 1424 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 13:36:24.0694 1424 ebdrv - ok 13:36:25.0599 1424 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 13:36:25.0630 1424 eeCtrl - ok 13:36:26.0379 1424 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 13:36:26.0473 1424 EFS - ok 13:36:27.0020 1424 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 13:36:27.0113 1424 ehRecvr - ok 13:36:27.0488 1424 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 13:36:27.0566 1424 ehSched - ok 13:36:28.0751 1424 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 13:36:28.0845 1424 elxstor - ok 13:36:29.0874 1424 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 13:36:29.0906 1424 EraserUtilRebootDrv - ok 13:36:29.0984 1424 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 13:36:30.0030 1424 ErrDev - ok 13:36:31.0606 1424 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 13:36:31.0715 1424 EventSystem - ok 13:36:32.0526 1424 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 13:36:32.0604 1424 exfat - ok 13:36:33.0431 1424 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 13:36:33.0540 1424 fastfat - ok 13:36:33.0821 1424 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 13:36:33.0946 1424 Fax - ok 13:36:33.0977 1424 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 13:36:34.0086 1424 fdc - ok 13:36:34.0258 1424 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 13:36:34.0430 1424 fdPHost - ok 13:36:34.0679 1424 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 13:36:34.0757 1424 FDResPub - ok 13:36:34.0835 1424 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 13:36:34.0851 1424 FileInfo - ok 13:36:34.0898 1424 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 13:36:34.0944 1424 Filetrace - ok 13:36:35.0334 1424 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 13:36:35.0428 1424 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 13:36:35.0428 1424 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 13:36:35.0600 1424 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 13:36:35.0678 1424 flpydisk - ok 13:36:36.0192 1424 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 13:36:36.0224 1424 FltMgr - ok 13:36:36.0707 1424 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 13:36:36.0801 1424 FontCache - ok 13:36:37.0331 1424 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 13:36:37.0378 1424 FontCache3.0.0.0 - ok 13:36:37.0643 1424 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 13:36:37.0706 1424 FsDepends - ok 13:36:37.0815 1424 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 13:36:37.0830 1424 Fs_Rec - ok 13:36:38.0127 1424 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 13:36:38.0158 1424 fvevol - ok 13:36:38.0532 1424 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:36:38.0610 1424 gagp30kx - ok 13:36:38.0844 1424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 13:36:38.0860 1424 GEARAspiWDM - ok 13:36:38.0969 1424 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 13:36:39.0063 1424 gpsvc - ok 13:36:39.0250 1424 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 13:36:39.0344 1424 hcw85cir - ok 13:36:39.0749 1424 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 13:36:39.0843 1424 HdAudAddService - ok 13:36:39.0936 1424 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 13:36:39.0983 1424 HDAudBus - ok 13:36:40.0046 1424 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 13:36:40.0077 1424 HidBatt - ok 13:36:40.0248 1424 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 13:36:40.0326 1424 HidBth - ok 13:36:40.0389 1424 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 13:36:40.0451 1424 HidIr - ok 13:36:40.0514 1424 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 13:36:40.0592 1424 hidserv - ok 13:36:40.0670 1424 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 13:36:40.0732 1424 HidUsb - ok 13:36:40.0794 1424 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 13:36:40.0872 1424 hkmsvc - ok 13:36:40.0950 1424 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 13:36:41.0028 1424 HomeGroupListener - ok 13:36:41.0122 1424 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 13:36:41.0169 1424 HomeGroupProvider - ok 13:36:41.0231 1424 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 13:36:41.0262 1424 HpSAMD - ok 13:36:41.0387 1424 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll 13:36:41.0465 1424 HsfXAudioService - ok 13:36:41.0637 1424 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys 13:36:41.0715 1424 HSF_DPV - ok 13:36:41.0777 1424 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 13:36:41.0824 1424 HSXHWAZL - ok 13:36:41.0949 1424 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 13:36:41.0996 1424 HTTP - ok 13:36:42.0058 1424 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 13:36:42.0074 1424 hwpolicy - ok 13:36:42.0136 1424 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 13:36:42.0183 1424 i8042prt - ok 13:36:42.0308 1424 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys 13:36:42.0339 1424 iaStor - ok 13:36:42.0526 1424 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 13:36:42.0557 1424 IAStorDataMgrSvc - ok 13:36:42.0620 1424 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 13:36:42.0666 1424 iaStorV - ok 13:36:44.0367 1424 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:36:44.0476 1424 idsvc - ok 13:36:45.0677 1424 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120320.002\IDSvix86.sys 13:36:45.0708 1424 IDSVix86 - ok 13:36:47.0268 1424 igfx (37f7e45253000ac41a1f520a62d4ebe2) C:\Windows\system32\DRIVERS\igdkmd32.sys 13:36:47.0627 1424 igfx - ok 13:36:47.0986 1424 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 13:36:48.0017 1424 iirsp - ok 13:36:48.0282 1424 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 13:36:48.0407 1424 IKEEXT - ok 13:36:48.0672 1424 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 13:36:48.0735 1424 intelide - ok 13:36:48.0844 1424 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 13:36:48.0906 1424 intelppm - ok 13:36:49.0016 1424 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 13:36:49.0094 1424 IPBusEnum - ok 13:36:49.0250 1424 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:36:49.0312 1424 IpFilterDriver - ok 13:36:49.0421 1424 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 13:36:49.0499 1424 iphlpsvc - ok 13:36:49.0562 1424 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 13:36:49.0624 1424 IPMIDRV - ok 13:36:49.0686 1424 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 13:36:49.0780 1424 IPNAT - ok 13:36:49.0983 1424 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe 13:36:50.0076 1424 iPod Service - ok 13:36:50.0123 1424 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 13:36:50.0186 1424 IRENUM - ok 13:36:50.0264 1424 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 13:36:50.0279 1424 isapnp - ok 13:36:50.0342 1424 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 13:36:50.0373 1424 iScsiPrt - ok 13:36:50.0794 1424 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 13:36:50.0810 1424 kbdclass - ok 13:36:51.0137 1424 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 13:36:51.0246 1424 kbdhid - ok 13:36:51.0278 1424 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:36:51.0309 1424 KeyIso - ok 13:36:51.0356 1424 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 13:36:51.0371 1424 KSecDD - ok 13:36:51.0418 1424 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 13:36:51.0434 1424 KSecPkg - ok 13:36:51.0652 1424 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 13:36:51.0746 1424 KtmRm - ok 13:36:51.0824 1424 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 13:36:51.0886 1424 LanmanServer - ok 13:36:52.0073 1424 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 13:36:52.0167 1424 LanmanWorkstation - ok 13:36:52.0260 1424 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 13:36:52.0307 1424 lltdio - ok 13:36:52.0370 1424 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 13:36:52.0416 1424 lltdsvc - ok 13:36:52.0448 1424 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 13:36:52.0479 1424 lmhosts - ok 13:36:52.0557 1424 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:36:52.0572 1424 LSI_FC - ok 13:36:52.0619 1424 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:36:52.0650 1424 LSI_SAS - ok 13:36:52.0666 1424 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:36:52.0682 1424 LSI_SAS2 - ok 13:36:53.0321 1424 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:36:53.0384 1424 LSI_SCSI - ok 13:36:53.0462 1424 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 13:36:53.0508 1424 luafv - ok 13:36:53.0602 1424 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 13:36:53.0618 1424 Mcx2Svc - ok 13:36:53.0742 1424 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 13:36:53.0774 1424 mdmxsdk - ok 13:36:53.0805 1424 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 13:36:53.0836 1424 megasas - ok 13:36:53.0914 1424 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 13:36:53.0945 1424 MegaSR - ok 13:36:54.0398 1424 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 13:36:54.0476 1424 MMCSS - ok 13:36:54.0725 1424 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 13:36:54.0819 1424 Modem - ok 13:36:54.0866 1424 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 13:36:54.0912 1424 monitor - ok 13:36:54.0990 1424 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 13:36:55.0006 1424 mouclass - ok 13:36:55.0084 1424 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 13:36:55.0131 1424 mouhid - ok 13:36:55.0193 1424 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 13:36:55.0209 1424 mountmgr - ok 13:36:56.0223 1424 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 13:36:56.0285 1424 mpio - ok 13:36:56.0472 1424 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 13:36:56.0566 1424 mpsdrv - ok 13:36:56.0769 1424 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 13:36:56.0847 1424 MpsSvc - ok 13:36:57.0861 1424 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 13:36:57.0970 1424 MRxDAV - ok 13:36:58.0032 1424 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:36:58.0126 1424 mrxsmb - ok 13:36:58.0438 1424 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:36:58.0500 1424 mrxsmb10 - ok 13:36:58.0516 1424 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:36:58.0563 1424 mrxsmb20 - ok 13:36:58.0610 1424 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 13:36:58.0625 1424 msahci - ok 13:36:58.0688 1424 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 13:36:58.0703 1424 msdsm - ok 13:36:58.0750 1424 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 13:36:58.0797 1424 MSDTC - ok 13:36:58.0844 1424 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 13:36:58.0890 1424 Msfs - ok 13:36:58.0922 1424 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 13:36:58.0984 1424 mshidkmdf - ok 13:36:59.0109 1424 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 13:36:59.0140 1424 msisadrv - ok 13:36:59.0936 1424 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 13:37:00.0045 1424 MSiSCSI - ok 13:37:00.0045 1424 msiserver - ok 13:37:00.0092 1424 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 13:37:00.0170 1424 MSKSSRV - ok 13:37:00.0201 1424 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 13:37:00.0248 1424 MSPCLOCK - ok 13:37:00.0310 1424 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 13:37:00.0388 1424 MSPQM - ok 13:37:00.0528 1424 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 13:37:00.0560 1424 MsRPC - ok 13:37:00.0669 1424 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 13:37:00.0700 1424 mssmbios - ok 13:37:00.0778 1424 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 13:37:00.0825 1424 MSTEE - ok 13:37:00.0856 1424 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 13:37:00.0903 1424 MTConfig - ok 13:37:00.0934 1424 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 13:37:00.0950 1424 Mup - ok 13:37:01.0121 1424 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 13:37:01.0215 1424 napagent - ok 13:37:01.0558 1424 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 13:37:01.0605 1424 NativeWifiP - ok 13:37:01.0948 1424 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVENG.SYS 13:37:01.0979 1424 NAVENG - ok 13:37:04.0491 1424 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVEX15.SYS 13:37:04.0616 1424 NAVEX15 - ok 13:37:05.0271 1424 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 13:37:05.0333 1424 NDIS - ok 13:37:05.0505 1424 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 13:37:05.0630 1424 NdisCap - ok 13:37:05.0676 1424 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 13:37:05.0754 1424 NdisTapi - ok 13:37:05.0832 1424 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 13:37:05.0895 1424 Ndisuio - ok 13:37:05.0957 1424 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 13:37:06.0020 1424 NdisWan - ok 13:37:06.0066 1424 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 13:37:06.0113 1424 NDProxy - ok 13:37:06.0176 1424 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 13:37:06.0238 1424 NetBIOS - ok 13:37:06.0332 1424 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 13:37:06.0425 1424 NetBT - ok 13:37:06.0503 1424 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:37:06.0534 1424 Netlogon - ok 13:37:06.0644 1424 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 13:37:06.0706 1424 Netman - ok 13:37:08.0188 1424 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:37:08.0313 1424 NetMsmqActivator - ok 13:37:08.0360 1424 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:37:08.0375 1424 NetPipeActivator - ok 13:37:08.0859 1424 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 13:37:08.0921 1424 netprofm - ok 13:37:08.0968 1424 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:37:08.0984 1424 NetTcpActivator - ok 13:37:08.0984 1424 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:37:08.0999 1424 NetTcpPortSharing - ok 13:37:09.0062 1424 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 13:37:09.0093 1424 nfrd960 - ok 13:37:10.0497 1424 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe 13:37:10.0559 1424 NIS - ok 13:37:10.0653 1424 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 13:37:10.0731 1424 NlaSvc - ok 13:37:10.0762 1424 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 13:37:10.0809 1424 Npfs - ok 13:37:10.0856 1424 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 13:37:10.0934 1424 nsi - ok 13:37:10.0949 1424 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 13:37:11.0012 1424 nsiproxy - ok 13:37:11.0417 1424 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 13:37:11.0495 1424 Ntfs - ok 13:37:11.0948 1424 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 13:37:12.0041 1424 Null - ok 13:37:12.0821 1424 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 13:37:12.0899 1424 nvraid - ok 13:37:12.0977 1424 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 13:37:12.0993 1424 nvstor - ok 13:37:13.0305 1424 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 13:37:13.0367 1424 nv_agp - ok 13:37:14.0693 1424 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 13:37:14.0724 1424 odserv - ok 13:37:14.0771 1424 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 13:37:14.0834 1424 ohci1394 - ok 13:37:14.0927 1424 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:37:14.0958 1424 ose - ok 13:37:15.0005 1424 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 13:37:15.0083 1424 p2pimsvc - ok 13:37:15.0302 1424 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 13:37:15.0380 1424 p2psvc - ok 13:37:15.0536 1424 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 13:37:15.0567 1424 Parport - ok 13:37:15.0614 1424 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 13:37:15.0629 1424 partmgr - ok 13:37:15.0754 1424 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 13:37:15.0816 1424 Parvdm - ok 13:37:15.0879 1424 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 13:37:15.0910 1424 PcaSvc - ok 13:37:15.0972 1424 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 13:37:16.0004 1424 pci - ok 13:37:16.0050 1424 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 13:37:16.0082 1424 pciide - ok 13:37:16.0144 1424 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 13:37:16.0206 1424 pcmcia - ok 13:37:16.0238 1424 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 13:37:16.0253 1424 pcw - ok 13:37:16.0487 1424 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 13:37:16.0550 1424 PEAUTH - ok 13:37:16.0784 1424 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 13:37:16.0877 1424 PeerDistSvc - ok 13:37:17.0408 1424 Pharos Systems ComTaskMaster (bd24e98e6546adf6a31a41485483eb6c) C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe 13:37:17.0470 1424 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - warning 13:37:17.0470 1424 Pharos Systems ComTaskMaster - detected UnsignedFile.Multi.Generic (1) 13:37:18.0281 1424 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 13:37:18.0422 1424 pla - ok 13:37:19.0108 1424 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 13:37:19.0171 1424 PlugPlay - ok 13:37:19.0217 1424 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 13:37:19.0249 1424 PNRPAutoReg - ok 13:37:19.0327 1424 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 13:37:19.0358 1424 PNRPsvc - ok 13:37:19.0514 1424 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 13:37:19.0607 1424 PolicyAgent - ok 13:37:19.0732 1424 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 13:37:19.0795 1424 Power - ok 13:37:19.0904 1424 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 13:37:19.0982 1424 PptpMiniport - ok 13:37:20.0029 1424 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 13:37:20.0075 1424 Processor - ok 13:37:20.0138 1424 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 13:37:20.0185 1424 ProfSvc - ok 13:37:20.0231 1424 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:37:20.0247 1424 ProtectedStorage - ok 13:37:20.0309 1424 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 13:37:20.0387 1424 Psched - ok 13:37:20.0450 1424 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys 13:37:20.0465 1424 PxHelp20 - ok 13:37:23.0320 1424 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 13:37:23.0414 1424 ql2300 - ok 13:37:24.0116 1424 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 13:37:24.0163 1424 ql40xx - ok 13:37:24.0225 1424 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 13:37:24.0272 1424 QWAVE - ok 13:37:24.0334 1424 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 13:37:24.0365 1424 QWAVEdrv - ok 13:37:24.0397 1424 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 13:37:24.0459 1424 RasAcd - ok 13:37:24.0521 1424 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:37:24.0568 1424 RasAgileVpn - ok 13:37:24.0615 1424 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 13:37:24.0662 1424 RasAuto - ok 13:37:24.0709 1424 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:37:24.0771 1424 Rasl2tp - ok 13:37:24.0896 1424 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 13:37:24.0974 1424 RasMan - ok 13:37:25.0052 1424 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 13:37:25.0099 1424 RasPppoe - ok 13:37:25.0130 1424 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 13:37:25.0177 1424 RasSstp - ok 13:37:25.0270 1424 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 13:37:25.0348 1424 rdbss - ok 13:37:25.0426 1424 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 13:37:25.0457 1424 rdpbus - ok 13:37:25.0489 1424 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:37:25.0567 1424 RDPCDD - ok 13:37:26.0066 1424 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 13:37:26.0159 1424 RDPDR - ok 13:37:26.0206 1424 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 13:37:26.0269 1424 RDPENCDD - ok 13:37:26.0284 1424 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 13:37:26.0362 1424 RDPREFMP - ok 13:37:26.0425 1424 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 13:37:26.0456 1424 RDPWD - ok 13:37:26.0518 1424 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 13:37:26.0534 1424 rdyboost - ok 13:37:26.0627 1424 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 13:37:26.0705 1424 RemoteAccess - ok 13:37:26.0861 1424 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 13:37:26.0924 1424 RemoteRegistry - ok 13:37:27.0033 1424 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys 13:37:27.0049 1424 rimmptsk - ok 13:37:27.0095 1424 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys 13:37:27.0142 1424 rimspci - ok 13:37:27.0189 1424 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys 13:37:27.0236 1424 rimsptsk - ok 13:37:27.0267 1424 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys 13:37:27.0329 1424 risdpcie - ok 13:37:27.0392 1424 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys 13:37:27.0423 1424 rismxdp - ok 13:37:27.0454 1424 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys 13:37:27.0501 1424 rixdpcie - ok 13:37:27.0548 1424 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 13:37:27.0610 1424 RpcEptMapper - ok 13:37:27.0673 1424 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 13:37:27.0719 1424 RpcLocator - ok 13:37:27.0829 1424 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 13:37:27.0875 1424 RpcSs - ok 13:37:27.0938 1424 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 13:37:27.0969 1424 rspndr - ok 13:37:28.0047 1424 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys 13:37:28.0109 1424 RTL8167 - ok 13:37:28.0156 1424 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 13:37:28.0203 1424 s3cap - ok 13:37:28.0250 1424 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:37:28.0281 1424 SamSs - ok 13:37:28.0453 1424 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 13:37:28.0468 1424 SASDIFSV - ok 13:37:28.0546 1424 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 13:37:28.0577 1424 SASKUTIL - ok 13:37:28.0640 1424 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 13:37:28.0655 1424 sbp2port - ok 13:37:28.0733 1424 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 13:37:28.0780 1424 SCardSvr - ok 13:37:28.0811 1424 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 13:37:28.0874 1424 scfilter - ok 13:37:29.0170 1424 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 13:37:29.0248 1424 Schedule - ok 13:37:29.0311 1424 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 13:37:29.0357 1424 SCPolicySvc - ok 13:37:29.0404 1424 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 13:37:29.0467 1424 SDRSVC - ok 13:37:29.0529 1424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 13:37:29.0607 1424 secdrv - ok 13:37:29.0669 1424 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 13:37:29.0732 1424 seclogon - ok 13:37:29.0825 1424 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 13:37:29.0919 1424 SENS - ok 13:37:29.0966 1424 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 13:37:30.0013 1424 SensrSvc - ok 13:37:30.0044 1424 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 13:37:30.0091 1424 Serenum - ok 13:37:30.0278 1424 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 13:37:30.0309 1424 Serial - ok 13:37:30.0434 1424 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 13:37:30.0481 1424 sermouse - ok 13:37:30.0746 1424 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 13:37:30.0855 1424 SessionEnv - ok 13:37:30.0917 1424 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 13:37:30.0964 1424 sffdisk - ok 13:37:31.0027 1424 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 13:37:31.0058 1424 sffp_mmc - ok 13:37:31.0167 1424 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 13:37:31.0245 1424 sffp_sd - ok 13:37:31.0307 1424 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 13:37:31.0339 1424 sfloppy - ok 13:37:31.0417 1424 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 13:37:31.0495 1424 SharedAccess - ok 13:37:31.0729 1424 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 13:37:31.0791 1424 ShellHWDetection - ok 13:37:32.0197 1424 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 13:37:32.0259 1424 sisagp - ok 13:37:32.0306 1424 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:37:32.0337 1424 SiSRaid2 - ok 13:37:32.0368 1424 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 13:37:32.0384 1424 SiSRaid4 - ok 13:37:32.0415 1424 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 13:37:32.0462 1424 Smb - ok 13:37:32.0524 1424 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 13:37:32.0540 1424 SNMPTRAP - ok 13:37:32.0555 1424 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 13:37:32.0555 1424 spldr - ok 13:37:33.0460 1424 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 13:37:33.0554 1424 Spooler - ok 13:37:34.0069 1424 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 13:37:34.0225 1424 sppsvc - ok 13:37:34.0552 1424 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 13:37:34.0599 1424 sppuinotify - ok 13:37:36.0221 1424 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\NIS\1306010.008\SRTSP.SYS 13:37:36.0299 1424 SRTSP - ok 13:37:36.0346 1424 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\NIS\1306010.008\SRTSPX.SYS 13:37:36.0377 1424 SRTSPX - ok 13:37:36.0611 1424 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 13:37:36.0689 1424 srv - ok 13:37:36.0736 1424 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 13:37:36.0783 1424 srv2 - ok 13:37:36.0830 1424 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 13:37:36.0845 1424 srvnet - ok 13:37:36.0923 1424 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 13:37:36.0970 1424 SSDPSRV - ok 13:37:37.0001 1424 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 13:37:37.0064 1424 SstpSvc - ok 13:37:37.0126 1424 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 13:37:37.0142 1424 stexstor - ok 13:37:37.0282 1424 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 13:37:37.0376 1424 StiSvc - ok 13:37:37.0547 1424 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 13:37:37.0563 1424 stllssvr - ok 13:37:37.0610 1424 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 13:37:37.0625 1424 storflt - ok 13:37:37.0688 1424 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll 13:37:37.0719 1424 StorSvc - ok 13:37:37.0750 1424 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 13:37:37.0781 1424 storvsc - ok 13:37:37.0813 1424 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 13:37:37.0844 1424 swenum - ok 13:37:38.0140 1424 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 13:37:38.0234 1424 swprv - ok 13:37:39.0045 1424 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1306010.008\SYMDS.SYS 13:37:39.0092 1424 SymDS - ok 13:37:39.0263 1424 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1306010.008\SYMEFA.SYS 13:37:39.0310 1424 SymEFA - ok 13:37:39.0419 1424 SymEvent (555fb450fe6908600310e990738b41d6) C:\Windows\system32\Drivers\SYMEVENT.SYS 13:37:39.0451 1424 SymEvent - ok 13:37:39.0513 1424 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1306010.008\Ironx86.SYS 13:37:39.0544 1424 SymIRON - ok 13:37:39.0622 1424 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\NIS\1306010.008\SYMNETS.SYS 13:37:39.0669 1424 SymNetS - ok 13:37:39.0841 1424 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 13:37:39.0919 1424 SysMain - ok 13:37:39.0981 1424 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 13:37:40.0012 1424 TabletInputService - ok 13:37:40.0059 1424 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 13:37:40.0137 1424 TapiSrv - ok 13:37:40.0199 1424 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 13:37:40.0262 1424 TBS - ok 13:37:40.0543 1424 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 13:37:40.0621 1424 Tcpip - ok 13:37:41.0104 1424 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 13:37:41.0151 1424 TCPIP6 - ok 13:37:41.0681 1424 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 13:37:41.0759 1424 tcpipreg - ok 13:37:41.0915 1424 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 13:37:41.0993 1424 TDPIPE - ok 13:37:42.0118 1424 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 13:37:42.0134 1424 TDTCP - ok 13:37:42.0181 1424 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 13:37:42.0259 1424 tdx - ok 13:37:42.0305 1424 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 13:37:42.0321 1424 TermDD - ok 13:37:42.0555 1424 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 13:37:42.0617 1424 TermService - ok 13:37:42.0820 1424 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 13:37:42.0867 1424 Themes - ok 13:37:42.0898 1424 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 13:37:42.0929 1424 THREADORDER - ok 13:37:42.0976 1424 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 13:37:43.0039 1424 TrkWks - ok 13:37:43.0148 1424 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 13:37:43.0210 1424 TrustedInstaller - ok 13:37:43.0257 1424 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:37:43.0319 1424 tssecsrv - ok 13:37:43.0397 1424 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 13:37:43.0429 1424 TsUsbFlt - ok 13:37:43.0491 1424 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 13:37:43.0569 1424 tunnel - ok 13:37:43.0616 1424 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 13:37:43.0631 1424 uagp35 - ok 13:37:43.0709 1424 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 13:37:43.0787 1424 udfs - ok 13:37:43.0834 1424 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 13:37:43.0881 1424 UI0Detect - ok 13:37:43.0943 1424 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 13:37:43.0959 1424 uliagpkx - ok 13:37:44.0021 1424 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 13:37:44.0068 1424 umbus - ok 13:37:44.0115 1424 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 13:37:44.0162 1424 UmPass - ok 13:37:44.0209 1424 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll 13:37:44.0271 1424 UmRdpService - ok 13:37:44.0333 1424 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 13:37:44.0396 1424 upnphost - ok 13:37:44.0458 1424 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 13:37:44.0489 1424 USBAAPL - ok 13:37:44.0599 1424 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 13:37:44.0661 1424 usbaudio - ok 13:37:45.0113 1424 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 13:37:45.0191 1424 usbccgp - ok 13:37:45.0254 1424 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 13:37:45.0285 1424 usbcir - ok 13:37:45.0316 1424 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys 13:37:45.0332 1424 usbehci - ok 13:37:45.0394 1424 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 13:37:45.0457 1424 usbhub - ok 13:37:45.0503 1424 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 13:37:45.0550 1424 usbohci - ok 13:37:45.0597 1424 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 13:37:45.0628 1424 usbprint - ok 13:37:46.0096 1424 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:37:46.0174 1424 USBSTOR - ok 13:37:46.0221 1424 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys 13:37:46.0237 1424 usbuhci - ok 13:37:46.0330 1424 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 13:37:46.0361 1424 usbvideo - ok 13:37:46.0393 1424 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 13:37:46.0439 1424 UxSms - ok 13:37:46.0471 1424 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:37:46.0486 1424 VaultSvc - ok 13:37:46.0705 1424 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 13:37:46.0720 1424 vdrvroot - ok 13:37:46.0798 1424 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 13:37:46.0892 1424 vds - ok 13:37:46.0939 1424 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 13:37:46.0985 1424 vga - ok 13:37:47.0017 1424 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 13:37:47.0063 1424 VgaSave - ok 13:37:47.0095 1424 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 13:37:47.0110 1424 vhdmp - ok 13:37:47.0173 1424 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 13:37:47.0188 1424 viaagp - ok 13:37:47.0235 1424 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 13:37:47.0282 1424 ViaC7 - ok 13:37:47.0422 1424 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 13:37:47.0485 1424 viaide - ok 13:37:47.0609 1424 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 13:37:47.0641 1424 vmbus - ok 13:37:47.0672 1424 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 13:37:47.0687 1424 VMBusHID - ok 13:37:47.0781 1424 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 13:37:47.0797 1424 volmgr - ok 13:37:47.0937 1424 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 13:37:47.0953 1424 volmgrx - ok 13:37:48.0062 1424 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 13:37:48.0077 1424 volsnap - ok 13:37:48.0155 1424 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 13:37:48.0187 1424 vsmraid - ok 13:37:51.0494 1424 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 13:37:51.0619 1424 VSS - ok 13:37:51.0743 1424 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 13:37:51.0837 1424 vwifibus - ok 13:37:51.0899 1424 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 13:37:51.0931 1424 vwififlt - ok 13:37:51.0993 1424 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 13:37:52.0024 1424 vwifimp - ok 13:37:52.0102 1424 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 13:37:52.0211 1424 W32Time - ok 13:37:52.0352 1424 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 13:37:52.0430 1424 WacomPen - ok 13:37:52.0492 1424 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 13:37:52.0555 1424 WANARP - ok 13:37:52.0555 1424 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 13:37:52.0601 1424 Wanarpv6 - ok 13:37:52.0664 1424 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys 13:37:52.0679 1424 wanatw - ok 13:37:52.0929 1424 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 13:37:53.0007 1424 WatAdminSvc - ok 13:37:53.0366 1424 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 13:37:53.0444 1424 wbengine - ok 13:37:53.0522 1424 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 13:37:53.0569 1424 WbioSrvc - ok 13:37:53.0725 1424 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 13:37:53.0771 1424 wcncsvc - ok 13:37:53.0834 1424 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 13:37:53.0881 1424 WcsPlugInService - ok 13:37:54.0115 1424 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 13:37:54.0146 1424 Wd - ok 13:37:54.0224 1424 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 13:37:54.0255 1424 Wdf01000 - ok 13:37:54.0333 1424 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 13:37:54.0364 1424 WdiServiceHost - ok 13:37:54.0364 1424 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 13:37:54.0395 1424 WdiSystemHost - ok 13:37:54.0473 1424 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 13:37:54.0536 1424 WebClient - ok 13:37:54.0614 1424 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 13:37:54.0661 1424 Wecsvc - ok 13:37:54.0707 1424 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 13:37:54.0785 1424 wercplsupport - ok 13:37:54.0910 1424 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 13:37:54.0957 1424 WerSvc - ok 13:37:54.0988 1424 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 13:37:55.0035 1424 WfpLwf - ok 13:37:55.0191 1424 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 13:37:55.0222 1424 WIMMount - ok 13:37:55.0394 1424 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 13:37:55.0456 1424 winachsf - ok 13:37:55.0706 1424 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 13:37:55.0753 1424 WinDefend - ok 13:37:55.0768 1424 WinHttpAutoProxySvc - ok 13:37:56.0330 1424 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 13:37:56.0377 1424 Winmgmt - ok 13:37:56.0595 1424 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 13:37:56.0720 1424 WinRM - ok 13:37:56.0891 1424 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 13:37:56.0985 1424 Wlansvc - ok 13:37:57.0391 1424 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:37:57.0484 1424 wlidsvc - ok 13:37:58.0171 1424 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 13:37:58.0202 1424 WmiAcpi - ok 13:37:58.0436 1424 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 13:37:58.0467 1424 wmiApSrv - ok 13:37:58.0748 1424 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 13:37:58.0841 1424 WMPNetworkSvc - ok 13:37:59.0481 1424 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 13:37:59.0528 1424 WPCSvc - ok 13:37:59.0746 1424 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 13:37:59.0809 1424 WPDBusEnum - ok 13:38:00.0136 1424 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 13:38:00.0214 1424 ws2ifsl - ok 13:38:00.0277 1424 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 13:38:00.0323 1424 wscsvc - ok 13:38:00.0339 1424 WSearch - ok 13:38:00.0729 1424 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 13:38:00.0838 1424 wuauserv - ok 13:38:01.0400 1424 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 13:38:01.0478 1424 WudfPf - ok 13:38:02.0336 1424 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:38:02.0429 1424 WUDFRd - ok 13:38:02.0851 1424 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 13:38:02.0929 1424 wudfsvc - ok 13:38:03.0116 1424 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 13:38:03.0194 1424 WwanSvc - ok 13:38:03.0288 1424 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys 13:38:03.0304 1424 XAudio - ok 13:38:03.0351 1424 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 13:38:12.0524 1424 \Device\Harddisk0\DR0 - ok 13:38:12.0524 1424 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 13:38:15.0222 1424 \Device\Harddisk1\DR1 - ok 13:38:15.0316 1424 Boot (0x1200) (b1d0de5a64207e1c81346c7cc0ec13ca) \Device\Harddisk0\DR0\Partition0 13:38:15.0316 1424 \Device\Harddisk0\DR0\Partition0 - ok 13:38:15.0332 1424 Boot (0x1200) (8154a281a282b3d2390b782c1e7ec85b) \Device\Harddisk0\DR0\Partition1 13:38:15.0347 1424 \Device\Harddisk0\DR0\Partition1 - ok 13:38:15.0347 1424 Boot (0x1200) (4a11ac5541047f228f419f029fb3a78a) \Device\Harddisk1\DR1\Partition0 13:38:15.0347 1424 \Device\Harddisk1\DR1\Partition0 - ok 13:38:15.0347 1424 ============================================================ 13:38:15.0347 1424 Scan finished 13:38:15.0347 1424 ============================================================ 13:38:15.0363 0624 Detected object count: 2 13:38:15.0363 0624 Actual detected object count: 2 13:39:42.0683 0624 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 13:39:42.0683 0624 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:39:42.0683 0624 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - skipped by user 13:39:42.0683 0624 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - User select action: Skip
- April 29, 2012
- 22 replies
Suspicious activity

warmmilk replied to warmmilk's topic in Resolved Malware Removal Logs

Thanks for the help! I followed the instructions for removing the Somoto Toolbar, but I couldn't find it in the list of Programs and Features. I updated Java, however, and ran Rogue Killer. Here are the results: RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Shao Ping [Admin rights] Mode: Scan -- Date: 04/29/2012 12:47:51 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x82F20B93 -> HOOKED (Unknown @ 0x89FF7590) SSDT[14] : NtAlertThread @ 0x82E73B80 -> HOOKED (Unknown @ 0x89FF7650) SSDT[19] : NtAllocateVirtualMemory @ 0x82E6CB8C -> HOOKED (Unknown @ 0x89FF7E20) SSDT[22] : NtAlpcConnectPort @ 0x82EB83CE -> HOOKED (Unknown @ 0x88A72CA8) SSDT[43] : NtAssignProcessToJobObject @ 0x82E41F96 -> HOOKED (Unknown @ 0x898D2F90) SSDT[74] : NtCreateMutant @ 0x82E5325A -> HOOKED (Unknown @ 0x89FF8F00) SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E448B9 -> HOOKED (Unknown @ 0x89911EC0) SSDT[87] : NtCreateThread @ 0x82F1EE36 -> HOOKED (Unknown @ 0x89FF7EF0) SSDT[88] : NtCreateThreadEx @ 0x82EB32F4 -> HOOKED (Unknown @ 0x89911FB0) SSDT[96] : NtDebugActiveProcess @ 0x82EF0D10 -> HOOKED (Unknown @ 0x89D96958) SSDT[111] : NtDuplicateObject @ 0x82E7461A -> HOOKED (Unknown @ 0x89D8E310) SSDT[131] : NtFreeVirtualMemory @ 0x82CFC4DB -> HOOKED (Unknown @ 0x89FF7C80) SSDT[145] : NtImpersonateAnonymousToken @ 0x82E38888 -> HOOKED (Unknown @ 0x89FF8FD0) SSDT[147] : NtImpersonateThread @ 0x82EBC7CC -> HOOKED (Unknown @ 0x89FF74B0) SSDT[155] : NtLoadDriver @ 0x82E08BC8 -> HOOKED (Unknown @ 0x8875A588) SSDT[168] : NtMapViewOfSection @ 0x82E894D2 -> HOOKED (Unknown @ 0x89FF7BA0) SSDT[177] : NtOpenEvent @ 0x82E52C56 -> HOOKED (Unknown @ 0x89D94A90) SSDT[190] : NtOpenProcess @ 0x82E54AA0 -> HOOKED (Unknown @ 0x89A38B10) SSDT[191] : NtOpenProcessToken @ 0x82EA71CF -> HOOKED (Unknown @ 0x8A008430) SSDT[194] : NtOpenSection @ 0x82EAC844 -> HOOKED (Unknown @ 0x88D63B78) SSDT[198] : NtOpenThread @ 0x82EA0F55 -> HOOKED (Unknown @ 0x898FAAA0) SSDT[215] : NtProtectVirtualMemory @ 0x82E85541 -> HOOKED (Unknown @ 0x89FF8D30) SSDT[304] : NtResumeThread @ 0x82EB351B -> HOOKED (Unknown @ 0x89FF7710) SSDT[316] : NtSetContextThread @ 0x82F1FF2F -> HOOKED (Unknown @ 0x89FF7950) SSDT[333] : NtSetInformationProcess @ 0x82E7B72D -> HOOKED (Unknown @ 0x89FF7A10) SSDT[350] : NtSetSystemInformation @ 0x82E9122C -> HOOKED (Unknown @ 0x88D63CC8) SSDT[366] : NtSuspendProcess @ 0x82F20ACF -> HOOKED (Unknown @ 0x88D63490) SSDT[367] : NtSuspendThread @ 0x82ED8005 -> HOOKED (Unknown @ 0x89FF77D0) SSDT[370] : NtTerminateProcess @ 0x82E9DB8D -> HOOKED (Unknown @ 0x85AF4330) SSDT[371] : NtTerminateThread @ 0x82EBB504 -> HOOKED (Unknown @ 0x89FF7890) SSDT[385] : NtUnmapViewOfSection @ 0x82EA780A -> HOOKED (Unknown @ 0x89FF7AE0) SSDT[399] : NtWriteVirtualMemory @ 0x82EA28EA -> HOOKED (Unknown @ 0x89FF7D50) S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x88D542D0) S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x8A007008) S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x8A007378) S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x88D54100) S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x88D541E0) S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x8A0070A8) S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x8A007288) S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x8A007198) S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x88D543B0) S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x8A0080F8) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 +++++ --- User --- [MBR] 173d247095243941c0d3f44e2b4258f8 [bSP] 25b706d66a3bcbb64935cfa266e1d6ee : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 290205 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
- April 29, 2012
- 22 replies
Suspicious activity

warmmilk posted a topic in Resolved Malware Removal Logs

My laptop has slowed down and I have noticed suspicious activity like icons being added to / moved around on my desktop. Here is the DDS.txt file, followed by the Attach.txt file. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29 Run by Shao Ping at 18:29:41 on 2012-04-28 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3548.2662 [GMT -4:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\DellTPad\HidFind.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\WUDFHost.exe C:\Program Files\Norton Internet Security\Engine\19.6.1.8\WSCStub.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.6.1.8\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.6.1.8\ips\IPSBHO.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.6.1.8\coIEPlg.dll uRun: [Google Update] "c:\users\shao ping\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\shao ping\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 71.250.0.12 TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979} : DhcpNameServer = 192.168.1.1 71.250.0.12 TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\059636B6C65637 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\255575962756C6563737 : DhcpNameServer = 128.6.224.114 128.6.216.19 TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\2656C6B696E6E2160356 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\2656C6B696E6E2730383 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\34D43434 : DhcpNameServer = 211.136.112.50 211.136.150.66 TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\35A796A7F627 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\8415 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{FE686D9C-1118-4B6D-AF90-485802F9C4E4} : DhcpNameServer = 128.6.216.19 128.6.224.114 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1306010.008\symds.sys [2012-3-17 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1306010.008\symefa.sys [2012-3-17 905336] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-21 820856] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1306010.008\ccsetx86.sys [2012-3-17 132744] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120320.002\IDSvix86.sys [2012-3-21 368248] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1306010.008\ironx86.sys [2012-3-17 149624] R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1306010.008\symnets.sys [2012-3-17 318584] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.6.1.8\ccsvchst.exe [2012-3-17 138232] R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-24 47104] R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-24 49152] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-16 146528] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-10-6 232512] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-16 106104] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-24 167936] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-16 13336] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-16 134144] S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-24 38400] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-22 52224] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-4 1343400] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-03-17 16:34:34 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 18:31:50.62 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/3/2011 8:25:54 AM System Uptime: 4/28/2012 6:27:36 PM (0 hours ago) . Motherboard: Dell Inc. | | 047MWF Processor: Intel® Core™2 Duo CPU T6570 @ 2.10GHz | Microprocessor | 1197/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 105.894 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1C97BBA9&0&01 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1C97BBA9&0&01 Service: vwifimp . ==== System Restore Points =================== . RP214: 3/15/2012 1:01:48 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.4.7 - CPSID_83708 Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Advanced Audio FX Engine Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.3.12 (Unicode) BitTorrent Bonjour CDisplay 1.8 Conexant HD Audio D3DX10 DAEMON Tools Lite DC++ 0.791 Dell Edoc Viewer Dell Touchpad Dell Webcam Central Diablo II Finale 2011 Demo Free YouTube to MP3 Converter version 3.10.11.923 Google Chrome HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054) Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology Intel® TV Wizard iTunes Java Auto Updater Java™ 6 Update 29 Malwarebytes Anti-Malware version 1.60.1.1000 Maple 13 MATLAB R2011a Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Help Viewer 1.0 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 Express - ENU Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Monkey's Audio Moyea YouTube FLV Downloader version: 3.1.2.9 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton Internet Security Pando Media Booster PDF Settings Pharos Project64 1.6 QuickTime Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE 10.3 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager SecureW2 Enterprise Client 3.5.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489) Skype™ 5.1 StarCraft StarCraft II SUPERAntiSpyware System Requirements Lab CYRI System Requirements Lab for Intel Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Viewpoint Media Player VLC media player 0.9.2 VoiceOver Kit Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR archiver ZSNESw 1.51 . ==== End Of File =========================== I hope that you can help me. In any case, thank you in advance.
- April 28, 2012
- 22 replies

Sign In

warmmilk

Posts

Joined

Last visited

Reputation

warmmilk

MrCharlie

Suspicious activity

Suspicious activity

Suspicious activity

Suspicious activity

Suspicious activity

Suspicious activity

Suspicious activity

Suspicious activity

Suspicious activity

Suspicious activity

Suspicious activity

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information