warmmilk

Suspicious activity

23 posts in this topic

My laptop has slowed down and I have noticed suspicious activity like icons being added to / moved around on my desktop.

Here is the DDS.txt file, followed by the Attach.txt file.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Shao Ping at 18:29:41 on 2012-04-28

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3548.2662 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe

C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Norton Internet Security\Engine\19.6.1.8\WSCStub.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.6.1.8\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.6.1.8\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.6.1.8\coIEPlg.dll

uRun: [Google Update] "c:\users\shao ping\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\shao ping\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 71.250.0.12

TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979} : DhcpNameServer = 192.168.1.1 71.250.0.12

TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\059636B6C65637 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\255575962756C6563737 : DhcpNameServer = 128.6.224.114 128.6.216.19

TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\2656C6B696E6E2160356 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\2656C6B696E6E2730383 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\34D43434 : DhcpNameServer = 211.136.112.50 211.136.150.66

TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\35A796A7F627 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}\8415 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{FE686D9C-1118-4B6D-AF90-485802F9C4E4} : DhcpNameServer = 128.6.216.19 128.6.224.114

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1306010.008\symds.sys [2012-3-17 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1306010.008\symefa.sys [2012-3-17 905336]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-21 820856]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1306010.008\ccsetx86.sys [2012-3-17 132744]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120320.002\IDSvix86.sys [2012-3-21 368248]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1306010.008\ironx86.sys [2012-3-17 149624]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1306010.008\symnets.sys [2012-3-17 318584]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.6.1.8\ccsvchst.exe [2012-3-17 138232]

R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-24 47104]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-24 49152]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-16 146528]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-10-6 232512]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-16 106104]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-24 167936]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-16 13336]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-16 134144]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-24 38400]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-22 52224]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-4 1343400]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-03-17 16:34:34 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 18:31:50.62 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 1/3/2011 8:25:54 AM

System Uptime: 4/28/2012 6:27:36 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 047MWF

Processor: Intel® Core™2 Duo CPU T6570 @ 2.10GHz | Microprocessor | 1197/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 105.894 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Virtual WiFi Miniport Adapter

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1C97BBA9&0&01

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport Adapter

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1C97BBA9&0&01

Service: vwifimp

.

==== System Restore Points ===================

.

RP214: 3/15/2012 1:01:48 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.4.7 - CPSID_83708

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Advanced Audio FX Engine

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.3.12 (Unicode)

BitTorrent

Bonjour

CDisplay 1.8

Conexant HD Audio

D3DX10

DAEMON Tools Lite

DC++ 0.791

Dell Edoc Viewer

Dell Touchpad

Dell Webcam Central

Diablo II

Finale 2011 Demo

Free YouTube to MP3 Converter version 3.10.11.923

Google Chrome

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

Intel® TV Wizard

iTunes

Java Auto Updater

Java™ 6 Update 29

Malwarebytes Anti-Malware version 1.60.1.1000

Maple 13

MATLAB R2011a

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Help Viewer 1.0

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 Express - ENU

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Monkey's Audio

Moyea YouTube FLV Downloader version: 3.1.2.9

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton Internet Security

Pando Media Booster

PDF Settings

Pharos

Project64 1.6

QuickTime

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

SecureW2 Enterprise Client 3.5.2

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)

Skype™ 5.1

StarCraft

StarCraft II

SUPERAntiSpyware

System Requirements Lab CYRI

System Requirements Lab for Intel

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Viewpoint Media Player

VLC media player 0.9.2

VoiceOver Kit

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR archiver

ZSNESw 1.51

.

==== End Of File ===========================

I hope that you can help me. In any case, thank you in advance.

Share this post


Link to post
Share on other sites

Welcome to the forum

Please uninstall the somototoolbar, guide below:

http://toolbar.somot...-removal-guide/

----------------------------------

Go to your control panel > Java > Update Tab > Update Now

Java™ 6 Update 29 <--should be 32

java_update12.jpg

---------------------------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, there not all bad!)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Thanks for the help!

I followed the instructions for removing the Somoto Toolbar, but I couldn't find it in the list of Programs and Features. I updated Java, however, and ran Rogue Killer. Here are the results:

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User: Shao Ping [Admin rights]

Mode: Scan -- Date: 04/29/2012 12:47:51

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x82F20B93 -> HOOKED (Unknown @ 0x89FF7590)

SSDT[14] : NtAlertThread @ 0x82E73B80 -> HOOKED (Unknown @ 0x89FF7650)

SSDT[19] : NtAllocateVirtualMemory @ 0x82E6CB8C -> HOOKED (Unknown @ 0x89FF7E20)

SSDT[22] : NtAlpcConnectPort @ 0x82EB83CE -> HOOKED (Unknown @ 0x88A72CA8)

SSDT[43] : NtAssignProcessToJobObject @ 0x82E41F96 -> HOOKED (Unknown @ 0x898D2F90)

SSDT[74] : NtCreateMutant @ 0x82E5325A -> HOOKED (Unknown @ 0x89FF8F00)

SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E448B9 -> HOOKED (Unknown @ 0x89911EC0)

SSDT[87] : NtCreateThread @ 0x82F1EE36 -> HOOKED (Unknown @ 0x89FF7EF0)

SSDT[88] : NtCreateThreadEx @ 0x82EB32F4 -> HOOKED (Unknown @ 0x89911FB0)

SSDT[96] : NtDebugActiveProcess @ 0x82EF0D10 -> HOOKED (Unknown @ 0x89D96958)

SSDT[111] : NtDuplicateObject @ 0x82E7461A -> HOOKED (Unknown @ 0x89D8E310)

SSDT[131] : NtFreeVirtualMemory @ 0x82CFC4DB -> HOOKED (Unknown @ 0x89FF7C80)

SSDT[145] : NtImpersonateAnonymousToken @ 0x82E38888 -> HOOKED (Unknown @ 0x89FF8FD0)

SSDT[147] : NtImpersonateThread @ 0x82EBC7CC -> HOOKED (Unknown @ 0x89FF74B0)

SSDT[155] : NtLoadDriver @ 0x82E08BC8 -> HOOKED (Unknown @ 0x8875A588)

SSDT[168] : NtMapViewOfSection @ 0x82E894D2 -> HOOKED (Unknown @ 0x89FF7BA0)

SSDT[177] : NtOpenEvent @ 0x82E52C56 -> HOOKED (Unknown @ 0x89D94A90)

SSDT[190] : NtOpenProcess @ 0x82E54AA0 -> HOOKED (Unknown @ 0x89A38B10)

SSDT[191] : NtOpenProcessToken @ 0x82EA71CF -> HOOKED (Unknown @ 0x8A008430)

SSDT[194] : NtOpenSection @ 0x82EAC844 -> HOOKED (Unknown @ 0x88D63B78)

SSDT[198] : NtOpenThread @ 0x82EA0F55 -> HOOKED (Unknown @ 0x898FAAA0)

SSDT[215] : NtProtectVirtualMemory @ 0x82E85541 -> HOOKED (Unknown @ 0x89FF8D30)

SSDT[304] : NtResumeThread @ 0x82EB351B -> HOOKED (Unknown @ 0x89FF7710)

SSDT[316] : NtSetContextThread @ 0x82F1FF2F -> HOOKED (Unknown @ 0x89FF7950)

SSDT[333] : NtSetInformationProcess @ 0x82E7B72D -> HOOKED (Unknown @ 0x89FF7A10)

SSDT[350] : NtSetSystemInformation @ 0x82E9122C -> HOOKED (Unknown @ 0x88D63CC8)

SSDT[366] : NtSuspendProcess @ 0x82F20ACF -> HOOKED (Unknown @ 0x88D63490)

SSDT[367] : NtSuspendThread @ 0x82ED8005 -> HOOKED (Unknown @ 0x89FF77D0)

SSDT[370] : NtTerminateProcess @ 0x82E9DB8D -> HOOKED (Unknown @ 0x85AF4330)

SSDT[371] : NtTerminateThread @ 0x82EBB504 -> HOOKED (Unknown @ 0x89FF7890)

SSDT[385] : NtUnmapViewOfSection @ 0x82EA780A -> HOOKED (Unknown @ 0x89FF7AE0)

SSDT[399] : NtWriteVirtualMemory @ 0x82EA28EA -> HOOKED (Unknown @ 0x89FF7D50)

S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x88D542D0)

S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x8A007008)

S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x8A007378)

S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x88D54100)

S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x88D541E0)

S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x8A0070A8)

S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x8A007288)

S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x8A007198)

S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x88D543B0)

S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x8A0080F8)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 +++++

--- User ---

[MBR] 173d247095243941c0d3f44e2b4258f8

[bSP] 25b706d66a3bcbb64935cfa266e1d6ee : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 290205 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

Here are the results from the TDSSKiller scan:

13:34:57.0974 2472 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

13:34:58.0020 2472 ============================================================

13:34:58.0020 2472 Current date / time: 2012/04/29 13:34:58.0020

13:34:58.0020 2472 SystemInfo:

13:34:58.0020 2472

13:34:58.0020 2472 OS Version: 6.1.7601 ServicePack: 1.0

13:34:58.0020 2472 Product type: Workstation

13:34:58.0020 2472 ComputerName: DOROTHY

13:34:58.0020 2472 UserName: Shao Ping

13:34:58.0020 2472 Windows directory: C:\Windows

13:34:58.0020 2472 System windows directory: C:\Windows

13:34:58.0020 2472 Processor architecture: Intel x86

13:34:58.0020 2472 Number of processors: 2

13:34:58.0020 2472 Page size: 0x1000

13:34:58.0020 2472 Boot type: Normal boot

13:34:58.0020 2472 ============================================================

13:34:59.0986 2472 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:34:59.0986 2472 Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:35:00.0002 2472 ============================================================

13:35:00.0002 2472 \Device\Harddisk0\DR0:

13:35:00.0002 2472 MBR partitions:

13:35:00.0002 2472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000

13:35:00.0002 2472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB

13:35:00.0002 2472 \Device\Harddisk1\DR1:

13:35:00.0002 2472 MBR partitions:

13:35:00.0002 2472 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BFFE0

13:35:00.0002 2472 ============================================================

13:35:00.0158 2472 C: <-> \Device\Harddisk0\DR0\Partition1

13:35:00.0158 2472 ============================================================

13:35:00.0158 2472 Initialize success

13:35:00.0158 2472 ============================================================

13:35:26.0881 1424 ============================================================

13:35:26.0881 1424 Scan started

13:35:26.0881 1424 Mode: Manual; SigCheck; TDLFS;

13:35:26.0881 1424 ============================================================

13:35:27.0770 1424 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

13:35:27.0848 1424 !SASCORE - ok

13:35:30.0656 1424 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

13:35:30.0812 1424 1394ohci - ok

13:35:31.0529 1424 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

13:35:31.0592 1424 ACPI - ok

13:35:31.0763 1424 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

13:35:31.0935 1424 AcpiPmi - ok

13:35:32.0138 1424 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

13:35:32.0481 1424 adp94xx - ok

13:35:32.0871 1424 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

13:35:32.0965 1424 adpahci - ok

13:35:33.0199 1424 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

13:35:33.0245 1424 adpu320 - ok

13:35:33.0557 1424 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

13:35:33.0635 1424 AeLookupSvc - ok

13:35:33.0901 1424 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

13:35:34.0041 1424 AFD - ok

13:35:34.0135 1424 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

13:35:34.0150 1424 agp440 - ok

13:35:34.0353 1424 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

13:35:34.0384 1424 aic78xx - ok

13:35:34.0634 1424 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

13:35:34.0743 1424 ALG - ok

13:35:34.0883 1424 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

13:35:34.0899 1424 aliide - ok

13:35:35.0164 1424 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

13:35:35.0211 1424 amdagp - ok

13:35:35.0351 1424 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

13:35:35.0367 1424 amdide - ok

13:35:35.0601 1424 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

13:35:35.0695 1424 AmdK8 - ok

13:35:35.0788 1424 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

13:35:35.0882 1424 AmdPPM - ok

13:35:35.0960 1424 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

13:35:35.0975 1424 amdsata - ok

13:35:36.0116 1424 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

13:35:36.0163 1424 amdsbs - ok

13:35:36.0225 1424 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

13:35:36.0241 1424 amdxata - ok

13:35:37.0177 1424 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys

13:35:37.0255 1424 ApfiltrService - ok

13:35:37.0364 1424 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

13:35:37.0879 1424 AppID - ok

13:35:38.0081 1424 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

13:35:38.0175 1424 AppIDSvc - ok

13:35:38.0409 1424 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

13:35:38.0503 1424 Appinfo - ok

13:35:39.0220 1424 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:35:39.0251 1424 Apple Mobile Device - ok

13:35:39.0563 1424 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

13:35:39.0641 1424 AppMgmt - ok

13:35:39.0782 1424 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

13:35:39.0829 1424 arc - ok

13:35:39.0891 1424 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

13:35:39.0907 1424 arcsas - ok

13:35:40.0796 1424 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

13:35:40.0967 1424 aspnet_state - ok

13:35:41.0014 1424 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

13:35:42.0761 1424 AsyncMac - ok

13:35:42.0933 1424 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

13:35:42.0980 1424 atapi - ok

13:35:44.0992 1424 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys

13:35:45.0507 1424 athr - ok

13:35:45.0881 1424 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

13:35:45.0944 1424 AudioEndpointBuilder - ok

13:35:45.0959 1424 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

13:35:45.0975 1424 Audiosrv - ok

13:35:46.0537 1424 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

13:35:46.0615 1424 AxInstSV - ok

13:35:47.0145 1424 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

13:35:47.0270 1424 b06bdrv - ok

13:35:47.0441 1424 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

13:35:47.0519 1424 b57nd60x - ok

13:35:47.0800 1424 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

13:35:47.0863 1424 BDESVC - ok

13:35:47.0987 1424 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

13:35:48.0065 1424 Beep - ok

13:35:50.0608 1424 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

13:35:50.0686 1424 BFE - ok

13:35:54.0274 1424 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys

13:35:54.0321 1424 BHDrvx86 - ok

13:35:56.0614 1424 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

13:35:56.0723 1424 BITS - ok

13:35:57.0223 1424 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

13:35:57.0316 1424 blbdrive - ok

13:35:58.0143 1424 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

13:35:58.0237 1424 Bonjour Service - ok

13:35:58.0642 1424 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

13:35:58.0720 1424 bowser - ok

13:35:58.0845 1424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:35:58.0892 1424 BrFiltLo - ok

13:35:58.0923 1424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:35:59.0032 1424 BrFiltUp - ok

13:35:59.0563 1424 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

13:35:59.0625 1424 Browser - ok

13:36:00.0093 1424 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

13:36:00.0202 1424 Brserid - ok

13:36:00.0608 1424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

13:36:00.0686 1424 BrSerWdm - ok

13:36:00.0779 1424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:36:00.0842 1424 BrUsbMdm - ok

13:36:00.0920 1424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

13:36:01.0029 1424 BrUsbSer - ok

13:36:01.0341 1424 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

13:36:01.0435 1424 BTHMODEM - ok

13:36:01.0559 1424 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

13:36:01.0637 1424 bthserv - ok

13:36:02.0105 1424 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1306010.008\ccSetx86.sys

13:36:02.0137 1424 ccSet_NIS - ok

13:36:02.0527 1424 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

13:36:02.0636 1424 cdfs - ok

13:36:03.0385 1424 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

13:36:03.0463 1424 cdrom - ok

13:36:03.0837 1424 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

13:36:03.0931 1424 CertPropSvc - ok

13:36:04.0009 1424 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

13:36:04.0071 1424 circlass - ok

13:36:04.0477 1424 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

13:36:04.0523 1424 CLFS - ok

13:36:05.0475 1424 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:36:05.0553 1424 clr_optimization_v2.0.50727_32 - ok

13:36:05.0943 1424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:36:06.0317 1424 clr_optimization_v4.0.30319_32 - ok

13:36:06.0395 1424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

13:36:06.0458 1424 CmBatt - ok

13:36:06.0551 1424 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

13:36:06.0567 1424 cmdide - ok

13:36:07.0347 1424 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

13:36:07.0597 1424 CNG - ok

13:36:08.0345 1424 CnxtHdAudService (053f7c2624d5b0ff60f1f372c4ac2fe7) C:\Windows\system32\drivers\CHDRT32.sys

13:36:08.0408 1424 CnxtHdAudService - ok

13:36:08.0579 1424 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

13:36:08.0595 1424 Compbatt - ok

13:36:08.0798 1424 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

13:36:08.0860 1424 CompositeBus - ok

13:36:08.0907 1424 COMSysApp - ok

13:36:09.0094 1424 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

13:36:09.0157 1424 crcdisk - ok

13:36:10.0061 1424 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

13:36:10.0139 1424 CryptSvc - ok

13:36:10.0498 1424 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

13:36:10.0592 1424 CSC - ok

13:36:10.0997 1424 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

13:36:11.0075 1424 CscService - ok

13:36:11.0855 1424 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys

13:36:11.0980 1424 CtAudDrv - ok

13:36:12.0448 1424 CtClsFlt (ceba8413f9b2c73a4e9e16dbd127dc25) C:\Windows\system32\DRIVERS\CtClsFlt.sys

13:36:12.0511 1424 CtClsFlt - ok

13:36:13.0197 1424 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

13:36:13.0275 1424 DcomLaunch - ok

13:36:13.0415 1424 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

13:36:13.0556 1424 defragsvc - ok

13:36:14.0039 1424 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

13:36:14.0102 1424 DfsC - ok

13:36:14.0507 1424 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

13:36:14.0570 1424 Dhcp - ok

13:36:14.0788 1424 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

13:36:14.0897 1424 discache - ok

13:36:15.0334 1424 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

13:36:15.0350 1424 Disk - ok

13:36:15.0911 1424 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

13:36:15.0958 1424 Dnscache - ok

13:36:17.0471 1424 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

13:36:17.0565 1424 dot3svc - ok

13:36:18.0595 1424 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

13:36:18.0766 1424 DPS - ok

13:36:18.0844 1424 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

13:36:18.0891 1424 drmkaud - ok

13:36:20.0404 1424 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:36:20.0451 1424 dtsoftbus01 - ok

13:36:23.0165 1424 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

13:36:23.0212 1424 DXGKrnl - ok

13:36:23.0337 1424 EagleNT - ok

13:36:23.0431 1424 EagleXNt - ok

13:36:23.0758 1424 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

13:36:23.0836 1424 EapHost - ok

13:36:24.0507 1424 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

13:36:24.0694 1424 ebdrv - ok

13:36:25.0599 1424 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

13:36:25.0630 1424 eeCtrl - ok

13:36:26.0379 1424 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

13:36:26.0473 1424 EFS - ok

13:36:27.0020 1424 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

13:36:27.0113 1424 ehRecvr - ok

13:36:27.0488 1424 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

13:36:27.0566 1424 ehSched - ok

13:36:28.0751 1424 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

13:36:28.0845 1424 elxstor - ok

13:36:29.0874 1424 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

13:36:29.0906 1424 EraserUtilRebootDrv - ok

13:36:29.0984 1424 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

13:36:30.0030 1424 ErrDev - ok

13:36:31.0606 1424 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

13:36:31.0715 1424 EventSystem - ok

13:36:32.0526 1424 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

13:36:32.0604 1424 exfat - ok

13:36:33.0431 1424 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

13:36:33.0540 1424 fastfat - ok

13:36:33.0821 1424 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

13:36:33.0946 1424 Fax - ok

13:36:33.0977 1424 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

13:36:34.0086 1424 fdc - ok

13:36:34.0258 1424 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

13:36:34.0430 1424 fdPHost - ok

13:36:34.0679 1424 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

13:36:34.0757 1424 FDResPub - ok

13:36:34.0835 1424 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

13:36:34.0851 1424 FileInfo - ok

13:36:34.0898 1424 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

13:36:34.0944 1424 Filetrace - ok

13:36:35.0334 1424 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:36:35.0428 1424 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

13:36:35.0428 1424 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

13:36:35.0600 1424 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

13:36:35.0678 1424 flpydisk - ok

13:36:36.0192 1424 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

13:36:36.0224 1424 FltMgr - ok

13:36:36.0707 1424 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

13:36:36.0801 1424 FontCache - ok

13:36:37.0331 1424 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:36:37.0378 1424 FontCache3.0.0.0 - ok

13:36:37.0643 1424 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

13:36:37.0706 1424 FsDepends - ok

13:36:37.0815 1424 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

13:36:37.0830 1424 Fs_Rec - ok

13:36:38.0127 1424 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

13:36:38.0158 1424 fvevol - ok

13:36:38.0532 1424 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:36:38.0610 1424 gagp30kx - ok

13:36:38.0844 1424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:36:38.0860 1424 GEARAspiWDM - ok

13:36:38.0969 1424 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

13:36:39.0063 1424 gpsvc - ok

13:36:39.0250 1424 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

13:36:39.0344 1424 hcw85cir - ok

13:36:39.0749 1424 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

13:36:39.0843 1424 HdAudAddService - ok

13:36:39.0936 1424 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

13:36:39.0983 1424 HDAudBus - ok

13:36:40.0046 1424 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

13:36:40.0077 1424 HidBatt - ok

13:36:40.0248 1424 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

13:36:40.0326 1424 HidBth - ok

13:36:40.0389 1424 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

13:36:40.0451 1424 HidIr - ok

13:36:40.0514 1424 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

13:36:40.0592 1424 hidserv - ok

13:36:40.0670 1424 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

13:36:40.0732 1424 HidUsb - ok

13:36:40.0794 1424 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

13:36:40.0872 1424 hkmsvc - ok

13:36:40.0950 1424 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

13:36:41.0028 1424 HomeGroupListener - ok

13:36:41.0122 1424 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

13:36:41.0169 1424 HomeGroupProvider - ok

13:36:41.0231 1424 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

13:36:41.0262 1424 HpSAMD - ok

13:36:41.0387 1424 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll

13:36:41.0465 1424 HsfXAudioService - ok

13:36:41.0637 1424 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys

13:36:41.0715 1424 HSF_DPV - ok

13:36:41.0777 1424 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

13:36:41.0824 1424 HSXHWAZL - ok

13:36:41.0949 1424 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

13:36:41.0996 1424 HTTP - ok

13:36:42.0058 1424 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

13:36:42.0074 1424 hwpolicy - ok

13:36:42.0136 1424 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

13:36:42.0183 1424 i8042prt - ok

13:36:42.0308 1424 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys

13:36:42.0339 1424 iaStor - ok

13:36:42.0526 1424 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

13:36:42.0557 1424 IAStorDataMgrSvc - ok

13:36:42.0620 1424 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

13:36:42.0666 1424 iaStorV - ok

13:36:44.0367 1424 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:36:44.0476 1424 idsvc - ok

13:36:45.0677 1424 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120320.002\IDSvix86.sys

13:36:45.0708 1424 IDSVix86 - ok

13:36:47.0268 1424 igfx (37f7e45253000ac41a1f520a62d4ebe2) C:\Windows\system32\DRIVERS\igdkmd32.sys

13:36:47.0627 1424 igfx - ok

13:36:47.0986 1424 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

13:36:48.0017 1424 iirsp - ok

13:36:48.0282 1424 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

13:36:48.0407 1424 IKEEXT - ok

13:36:48.0672 1424 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

13:36:48.0735 1424 intelide - ok

13:36:48.0844 1424 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

13:36:48.0906 1424 intelppm - ok

13:36:49.0016 1424 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

13:36:49.0094 1424 IPBusEnum - ok

13:36:49.0250 1424 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:36:49.0312 1424 IpFilterDriver - ok

13:36:49.0421 1424 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

13:36:49.0499 1424 iphlpsvc - ok

13:36:49.0562 1424 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

13:36:49.0624 1424 IPMIDRV - ok

13:36:49.0686 1424 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

13:36:49.0780 1424 IPNAT - ok

13:36:49.0983 1424 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe

13:36:50.0076 1424 iPod Service - ok

13:36:50.0123 1424 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

13:36:50.0186 1424 IRENUM - ok

13:36:50.0264 1424 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

13:36:50.0279 1424 isapnp - ok

13:36:50.0342 1424 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

13:36:50.0373 1424 iScsiPrt - ok

13:36:50.0794 1424 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

13:36:50.0810 1424 kbdclass - ok

13:36:51.0137 1424 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

13:36:51.0246 1424 kbdhid - ok

13:36:51.0278 1424 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:36:51.0309 1424 KeyIso - ok

13:36:51.0356 1424 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

13:36:51.0371 1424 KSecDD - ok

13:36:51.0418 1424 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

13:36:51.0434 1424 KSecPkg - ok

13:36:51.0652 1424 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

13:36:51.0746 1424 KtmRm - ok

13:36:51.0824 1424 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll

13:36:51.0886 1424 LanmanServer - ok

13:36:52.0073 1424 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

13:36:52.0167 1424 LanmanWorkstation - ok

13:36:52.0260 1424 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

13:36:52.0307 1424 lltdio - ok

13:36:52.0370 1424 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

13:36:52.0416 1424 lltdsvc - ok

13:36:52.0448 1424 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

13:36:52.0479 1424 lmhosts - ok

13:36:52.0557 1424 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:36:52.0572 1424 LSI_FC - ok

13:36:52.0619 1424 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:36:52.0650 1424 LSI_SAS - ok

13:36:52.0666 1424 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:36:52.0682 1424 LSI_SAS2 - ok

13:36:53.0321 1424 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:36:53.0384 1424 LSI_SCSI - ok

13:36:53.0462 1424 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

13:36:53.0508 1424 luafv - ok

13:36:53.0602 1424 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

13:36:53.0618 1424 Mcx2Svc - ok

13:36:53.0742 1424 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

13:36:53.0774 1424 mdmxsdk - ok

13:36:53.0805 1424 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

13:36:53.0836 1424 megasas - ok

13:36:53.0914 1424 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

13:36:53.0945 1424 MegaSR - ok

13:36:54.0398 1424 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:36:54.0476 1424 MMCSS - ok

13:36:54.0725 1424 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

13:36:54.0819 1424 Modem - ok

13:36:54.0866 1424 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

13:36:54.0912 1424 monitor - ok

13:36:54.0990 1424 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

13:36:55.0006 1424 mouclass - ok

13:36:55.0084 1424 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

13:36:55.0131 1424 mouhid - ok

13:36:55.0193 1424 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

13:36:55.0209 1424 mountmgr - ok

13:36:56.0223 1424 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

13:36:56.0285 1424 mpio - ok

13:36:56.0472 1424 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

13:36:56.0566 1424 mpsdrv - ok

13:36:56.0769 1424 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

13:36:56.0847 1424 MpsSvc - ok

13:36:57.0861 1424 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

13:36:57.0970 1424 MRxDAV - ok

13:36:58.0032 1424 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:36:58.0126 1424 mrxsmb - ok

13:36:58.0438 1424 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:36:58.0500 1424 mrxsmb10 - ok

13:36:58.0516 1424 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:36:58.0563 1424 mrxsmb20 - ok

13:36:58.0610 1424 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

13:36:58.0625 1424 msahci - ok

13:36:58.0688 1424 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

13:36:58.0703 1424 msdsm - ok

13:36:58.0750 1424 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

13:36:58.0797 1424 MSDTC - ok

13:36:58.0844 1424 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

13:36:58.0890 1424 Msfs - ok

13:36:58.0922 1424 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

13:36:58.0984 1424 mshidkmdf - ok

13:36:59.0109 1424 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

13:36:59.0140 1424 msisadrv - ok

13:36:59.0936 1424 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

13:37:00.0045 1424 MSiSCSI - ok

13:37:00.0045 1424 msiserver - ok

13:37:00.0092 1424 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

13:37:00.0170 1424 MSKSSRV - ok

13:37:00.0201 1424 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

13:37:00.0248 1424 MSPCLOCK - ok

13:37:00.0310 1424 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

13:37:00.0388 1424 MSPQM - ok

13:37:00.0528 1424 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

13:37:00.0560 1424 MsRPC - ok

13:37:00.0669 1424 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

13:37:00.0700 1424 mssmbios - ok

13:37:00.0778 1424 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

13:37:00.0825 1424 MSTEE - ok

13:37:00.0856 1424 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

13:37:00.0903 1424 MTConfig - ok

13:37:00.0934 1424 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

13:37:00.0950 1424 Mup - ok

13:37:01.0121 1424 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

13:37:01.0215 1424 napagent - ok

13:37:01.0558 1424 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

13:37:01.0605 1424 NativeWifiP - ok

13:37:01.0948 1424 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVENG.SYS

13:37:01.0979 1424 NAVENG - ok

13:37:04.0491 1424 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVEX15.SYS

13:37:04.0616 1424 NAVEX15 - ok

13:37:05.0271 1424 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

13:37:05.0333 1424 NDIS - ok

13:37:05.0505 1424 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

13:37:05.0630 1424 NdisCap - ok

13:37:05.0676 1424 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

13:37:05.0754 1424 NdisTapi - ok

13:37:05.0832 1424 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

13:37:05.0895 1424 Ndisuio - ok

13:37:05.0957 1424 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

13:37:06.0020 1424 NdisWan - ok

13:37:06.0066 1424 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

13:37:06.0113 1424 NDProxy - ok

13:37:06.0176 1424 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

13:37:06.0238 1424 NetBIOS - ok

13:37:06.0332 1424 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

13:37:06.0425 1424 NetBT - ok

13:37:06.0503 1424 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:37:06.0534 1424 Netlogon - ok

13:37:06.0644 1424 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

13:37:06.0706 1424 Netman - ok

13:37:08.0188 1424 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:37:08.0313 1424 NetMsmqActivator - ok

13:37:08.0360 1424 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:37:08.0375 1424 NetPipeActivator - ok

13:37:08.0859 1424 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

13:37:08.0921 1424 netprofm - ok

13:37:08.0968 1424 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:37:08.0984 1424 NetTcpActivator - ok

13:37:08.0984 1424 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:37:08.0999 1424 NetTcpPortSharing - ok

13:37:09.0062 1424 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

13:37:09.0093 1424 nfrd960 - ok

13:37:10.0497 1424 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe

13:37:10.0559 1424 NIS - ok

13:37:10.0653 1424 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

13:37:10.0731 1424 NlaSvc - ok

13:37:10.0762 1424 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

13:37:10.0809 1424 Npfs - ok

13:37:10.0856 1424 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

13:37:10.0934 1424 nsi - ok

13:37:10.0949 1424 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

13:37:11.0012 1424 nsiproxy - ok

13:37:11.0417 1424 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

13:37:11.0495 1424 Ntfs - ok

13:37:11.0948 1424 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

13:37:12.0041 1424 Null - ok

13:37:12.0821 1424 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

13:37:12.0899 1424 nvraid - ok

13:37:12.0977 1424 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

13:37:12.0993 1424 nvstor - ok

13:37:13.0305 1424 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

13:37:13.0367 1424 nv_agp - ok

13:37:14.0693 1424 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:37:14.0724 1424 odserv - ok

13:37:14.0771 1424 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

13:37:14.0834 1424 ohci1394 - ok

13:37:14.0927 1424 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:37:14.0958 1424 ose - ok

13:37:15.0005 1424 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:37:15.0083 1424 p2pimsvc - ok

13:37:15.0302 1424 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

13:37:15.0380 1424 p2psvc - ok

13:37:15.0536 1424 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

13:37:15.0567 1424 Parport - ok

13:37:15.0614 1424 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

13:37:15.0629 1424 partmgr - ok

13:37:15.0754 1424 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

13:37:15.0816 1424 Parvdm - ok

13:37:15.0879 1424 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

13:37:15.0910 1424 PcaSvc - ok

13:37:15.0972 1424 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

13:37:16.0004 1424 pci - ok

13:37:16.0050 1424 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

13:37:16.0082 1424 pciide - ok

13:37:16.0144 1424 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

13:37:16.0206 1424 pcmcia - ok

13:37:16.0238 1424 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

13:37:16.0253 1424 pcw - ok

13:37:16.0487 1424 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

13:37:16.0550 1424 PEAUTH - ok

13:37:16.0784 1424 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

13:37:16.0877 1424 PeerDistSvc - ok

13:37:17.0408 1424 Pharos Systems ComTaskMaster (bd24e98e6546adf6a31a41485483eb6c) C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe

13:37:17.0470 1424 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - warning

13:37:17.0470 1424 Pharos Systems ComTaskMaster - detected UnsignedFile.Multi.Generic (1)

13:37:18.0281 1424 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

13:37:18.0422 1424 pla - ok

13:37:19.0108 1424 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

13:37:19.0171 1424 PlugPlay - ok

13:37:19.0217 1424 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

13:37:19.0249 1424 PNRPAutoReg - ok

13:37:19.0327 1424 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:37:19.0358 1424 PNRPsvc - ok

13:37:19.0514 1424 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

13:37:19.0607 1424 PolicyAgent - ok

13:37:19.0732 1424 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

13:37:19.0795 1424 Power - ok

13:37:19.0904 1424 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

13:37:19.0982 1424 PptpMiniport - ok

13:37:20.0029 1424 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

13:37:20.0075 1424 Processor - ok

13:37:20.0138 1424 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

13:37:20.0185 1424 ProfSvc - ok

13:37:20.0231 1424 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:37:20.0247 1424 ProtectedStorage - ok

13:37:20.0309 1424 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

13:37:20.0387 1424 Psched - ok

13:37:20.0450 1424 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys

13:37:20.0465 1424 PxHelp20 - ok

13:37:23.0320 1424 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

13:37:23.0414 1424 ql2300 - ok

13:37:24.0116 1424 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

13:37:24.0163 1424 ql40xx - ok

13:37:24.0225 1424 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

13:37:24.0272 1424 QWAVE - ok

13:37:24.0334 1424 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

13:37:24.0365 1424 QWAVEdrv - ok

13:37:24.0397 1424 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

13:37:24.0459 1424 RasAcd - ok

13:37:24.0521 1424 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:37:24.0568 1424 RasAgileVpn - ok

13:37:24.0615 1424 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

13:37:24.0662 1424 RasAuto - ok

13:37:24.0709 1424 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:37:24.0771 1424 Rasl2tp - ok

13:37:24.0896 1424 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

13:37:24.0974 1424 RasMan - ok

13:37:25.0052 1424 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

13:37:25.0099 1424 RasPppoe - ok

13:37:25.0130 1424 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

13:37:25.0177 1424 RasSstp - ok

13:37:25.0270 1424 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

13:37:25.0348 1424 rdbss - ok

13:37:25.0426 1424 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

13:37:25.0457 1424 rdpbus - ok

13:37:25.0489 1424 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:37:25.0567 1424 RDPCDD - ok

13:37:26.0066 1424 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

13:37:26.0159 1424 RDPDR - ok

13:37:26.0206 1424 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

13:37:26.0269 1424 RDPENCDD - ok

13:37:26.0284 1424 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

13:37:26.0362 1424 RDPREFMP - ok

13:37:26.0425 1424 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys

13:37:26.0456 1424 RDPWD - ok

13:37:26.0518 1424 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

13:37:26.0534 1424 rdyboost - ok

13:37:26.0627 1424 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

13:37:26.0705 1424 RemoteAccess - ok

13:37:26.0861 1424 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

13:37:26.0924 1424 RemoteRegistry - ok

13:37:27.0033 1424 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys

13:37:27.0049 1424 rimmptsk - ok

13:37:27.0095 1424 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys

13:37:27.0142 1424 rimspci - ok

13:37:27.0189 1424 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys

13:37:27.0236 1424 rimsptsk - ok

13:37:27.0267 1424 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys

13:37:27.0329 1424 risdpcie - ok

13:37:27.0392 1424 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys

13:37:27.0423 1424 rismxdp - ok

13:37:27.0454 1424 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys

13:37:27.0501 1424 rixdpcie - ok

13:37:27.0548 1424 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

13:37:27.0610 1424 RpcEptMapper - ok

13:37:27.0673 1424 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

13:37:27.0719 1424 RpcLocator - ok

13:37:27.0829 1424 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

13:37:27.0875 1424 RpcSs - ok

13:37:27.0938 1424 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

13:37:27.0969 1424 rspndr - ok

13:37:28.0047 1424 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys

13:37:28.0109 1424 RTL8167 - ok

13:37:28.0156 1424 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

13:37:28.0203 1424 s3cap - ok

13:37:28.0250 1424 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:37:28.0281 1424 SamSs - ok

13:37:28.0453 1424 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

13:37:28.0468 1424 SASDIFSV - ok

13:37:28.0546 1424 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

13:37:28.0577 1424 SASKUTIL - ok

13:37:28.0640 1424 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

13:37:28.0655 1424 sbp2port - ok

13:37:28.0733 1424 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

13:37:28.0780 1424 SCardSvr - ok

13:37:28.0811 1424 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

13:37:28.0874 1424 scfilter - ok

13:37:29.0170 1424 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

13:37:29.0248 1424 Schedule - ok

13:37:29.0311 1424 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

13:37:29.0357 1424 SCPolicySvc - ok

13:37:29.0404 1424 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

13:37:29.0467 1424 SDRSVC - ok

13:37:29.0529 1424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:37:29.0607 1424 secdrv - ok

13:37:29.0669 1424 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

13:37:29.0732 1424 seclogon - ok

13:37:29.0825 1424 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

13:37:29.0919 1424 SENS - ok

13:37:29.0966 1424 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

13:37:30.0013 1424 SensrSvc - ok

13:37:30.0044 1424 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

13:37:30.0091 1424 Serenum - ok

13:37:30.0278 1424 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

13:37:30.0309 1424 Serial - ok

13:37:30.0434 1424 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

13:37:30.0481 1424 sermouse - ok

13:37:30.0746 1424 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

13:37:30.0855 1424 SessionEnv - ok

13:37:30.0917 1424 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

13:37:30.0964 1424 sffdisk - ok

13:37:31.0027 1424 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

13:37:31.0058 1424 sffp_mmc - ok

13:37:31.0167 1424 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

13:37:31.0245 1424 sffp_sd - ok

13:37:31.0307 1424 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

13:37:31.0339 1424 sfloppy - ok

13:37:31.0417 1424 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

13:37:31.0495 1424 SharedAccess - ok

13:37:31.0729 1424 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

13:37:31.0791 1424 ShellHWDetection - ok

13:37:32.0197 1424 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

13:37:32.0259 1424 sisagp - ok

13:37:32.0306 1424 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:37:32.0337 1424 SiSRaid2 - ok

13:37:32.0368 1424 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

13:37:32.0384 1424 SiSRaid4 - ok

13:37:32.0415 1424 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

13:37:32.0462 1424 Smb - ok

13:37:32.0524 1424 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

13:37:32.0540 1424 SNMPTRAP - ok

13:37:32.0555 1424 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

13:37:32.0555 1424 spldr - ok

13:37:33.0460 1424 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

13:37:33.0554 1424 Spooler - ok

13:37:34.0069 1424 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

13:37:34.0225 1424 sppsvc - ok

13:37:34.0552 1424 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

13:37:34.0599 1424 sppuinotify - ok

13:37:36.0221 1424 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\NIS\1306010.008\SRTSP.SYS

13:37:36.0299 1424 SRTSP - ok

13:37:36.0346 1424 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\NIS\1306010.008\SRTSPX.SYS

13:37:36.0377 1424 SRTSPX - ok

13:37:36.0611 1424 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

13:37:36.0689 1424 srv - ok

13:37:36.0736 1424 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

13:37:36.0783 1424 srv2 - ok

13:37:36.0830 1424 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

13:37:36.0845 1424 srvnet - ok

13:37:36.0923 1424 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

13:37:36.0970 1424 SSDPSRV - ok

13:37:37.0001 1424 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

13:37:37.0064 1424 SstpSvc - ok

13:37:37.0126 1424 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

13:37:37.0142 1424 stexstor - ok

13:37:37.0282 1424 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

13:37:37.0376 1424 StiSvc - ok

13:37:37.0547 1424 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

13:37:37.0563 1424 stllssvr - ok

13:37:37.0610 1424 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

13:37:37.0625 1424 storflt - ok

13:37:37.0688 1424 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll

13:37:37.0719 1424 StorSvc - ok

13:37:37.0750 1424 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

13:37:37.0781 1424 storvsc - ok

13:37:37.0813 1424 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

13:37:37.0844 1424 swenum - ok

13:37:38.0140 1424 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

13:37:38.0234 1424 swprv - ok

13:37:39.0045 1424 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1306010.008\SYMDS.SYS

13:37:39.0092 1424 SymDS - ok

13:37:39.0263 1424 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1306010.008\SYMEFA.SYS

13:37:39.0310 1424 SymEFA - ok

13:37:39.0419 1424 SymEvent (555fb450fe6908600310e990738b41d6) C:\Windows\system32\Drivers\SYMEVENT.SYS

13:37:39.0451 1424 SymEvent - ok

13:37:39.0513 1424 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1306010.008\Ironx86.SYS

13:37:39.0544 1424 SymIRON - ok

13:37:39.0622 1424 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\NIS\1306010.008\SYMNETS.SYS

13:37:39.0669 1424 SymNetS - ok

13:37:39.0841 1424 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

13:37:39.0919 1424 SysMain - ok

13:37:39.0981 1424 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

13:37:40.0012 1424 TabletInputService - ok

13:37:40.0059 1424 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

13:37:40.0137 1424 TapiSrv - ok

13:37:40.0199 1424 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

13:37:40.0262 1424 TBS - ok

13:37:40.0543 1424 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

13:37:40.0621 1424 Tcpip - ok

13:37:41.0104 1424 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

13:37:41.0151 1424 TCPIP6 - ok

13:37:41.0681 1424 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

13:37:41.0759 1424 tcpipreg - ok

13:37:41.0915 1424 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

13:37:41.0993 1424 TDPIPE - ok

13:37:42.0118 1424 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

13:37:42.0134 1424 TDTCP - ok

13:37:42.0181 1424 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

13:37:42.0259 1424 tdx - ok

13:37:42.0305 1424 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

13:37:42.0321 1424 TermDD - ok

13:37:42.0555 1424 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

13:37:42.0617 1424 TermService - ok

13:37:42.0820 1424 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

13:37:42.0867 1424 Themes - ok

13:37:42.0898 1424 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:37:42.0929 1424 THREADORDER - ok

13:37:42.0976 1424 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

13:37:43.0039 1424 TrkWks - ok

13:37:43.0148 1424 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

13:37:43.0210 1424 TrustedInstaller - ok

13:37:43.0257 1424 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:37:43.0319 1424 tssecsrv - ok

13:37:43.0397 1424 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

13:37:43.0429 1424 TsUsbFlt - ok

13:37:43.0491 1424 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

13:37:43.0569 1424 tunnel - ok

13:37:43.0616 1424 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

13:37:43.0631 1424 uagp35 - ok

13:37:43.0709 1424 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

13:37:43.0787 1424 udfs - ok

13:37:43.0834 1424 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

13:37:43.0881 1424 UI0Detect - ok

13:37:43.0943 1424 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

13:37:43.0959 1424 uliagpkx - ok

13:37:44.0021 1424 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

13:37:44.0068 1424 umbus - ok

13:37:44.0115 1424 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

13:37:44.0162 1424 UmPass - ok

13:37:44.0209 1424 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

13:37:44.0271 1424 UmRdpService - ok

13:37:44.0333 1424 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

13:37:44.0396 1424 upnphost - ok

13:37:44.0458 1424 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

13:37:44.0489 1424 USBAAPL - ok

13:37:44.0599 1424 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

13:37:44.0661 1424 usbaudio - ok

13:37:45.0113 1424 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

13:37:45.0191 1424 usbccgp - ok

13:37:45.0254 1424 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

13:37:45.0285 1424 usbcir - ok

13:37:45.0316 1424 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys

13:37:45.0332 1424 usbehci - ok

13:37:45.0394 1424 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

13:37:45.0457 1424 usbhub - ok

13:37:45.0503 1424 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

13:37:45.0550 1424 usbohci - ok

13:37:45.0597 1424 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

13:37:45.0628 1424 usbprint - ok

13:37:46.0096 1424 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:37:46.0174 1424 USBSTOR - ok

13:37:46.0221 1424 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys

13:37:46.0237 1424 usbuhci - ok

13:37:46.0330 1424 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

13:37:46.0361 1424 usbvideo - ok

13:37:46.0393 1424 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

13:37:46.0439 1424 UxSms - ok

13:37:46.0471 1424 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:37:46.0486 1424 VaultSvc - ok

13:37:46.0705 1424 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

13:37:46.0720 1424 vdrvroot - ok

13:37:46.0798 1424 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

13:37:46.0892 1424 vds - ok

13:37:46.0939 1424 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

13:37:46.0985 1424 vga - ok

13:37:47.0017 1424 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

13:37:47.0063 1424 VgaSave - ok

13:37:47.0095 1424 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

13:37:47.0110 1424 vhdmp - ok

13:37:47.0173 1424 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

13:37:47.0188 1424 viaagp - ok

13:37:47.0235 1424 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

13:37:47.0282 1424 ViaC7 - ok

13:37:47.0422 1424 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

13:37:47.0485 1424 viaide - ok

13:37:47.0609 1424 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

13:37:47.0641 1424 vmbus - ok

13:37:47.0672 1424 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

13:37:47.0687 1424 VMBusHID - ok

13:37:47.0781 1424 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

13:37:47.0797 1424 volmgr - ok

13:37:47.0937 1424 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

13:37:47.0953 1424 volmgrx - ok

13:37:48.0062 1424 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

13:37:48.0077 1424 volsnap - ok

13:37:48.0155 1424 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

13:37:48.0187 1424 vsmraid - ok

13:37:51.0494 1424 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

13:37:51.0619 1424 VSS - ok

13:37:51.0743 1424 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

13:37:51.0837 1424 vwifibus - ok

13:37:51.0899 1424 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

13:37:51.0931 1424 vwififlt - ok

13:37:51.0993 1424 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

13:37:52.0024 1424 vwifimp - ok

13:37:52.0102 1424 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

13:37:52.0211 1424 W32Time - ok

13:37:52.0352 1424 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

13:37:52.0430 1424 WacomPen - ok

13:37:52.0492 1424 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

13:37:52.0555 1424 WANARP - ok

13:37:52.0555 1424 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

13:37:52.0601 1424 Wanarpv6 - ok

13:37:52.0664 1424 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys

13:37:52.0679 1424 wanatw - ok

13:37:52.0929 1424 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

13:37:53.0007 1424 WatAdminSvc - ok

13:37:53.0366 1424 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

13:37:53.0444 1424 wbengine - ok

13:37:53.0522 1424 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

13:37:53.0569 1424 WbioSrvc - ok

13:37:53.0725 1424 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

13:37:53.0771 1424 wcncsvc - ok

13:37:53.0834 1424 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

13:37:53.0881 1424 WcsPlugInService - ok

13:37:54.0115 1424 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

13:37:54.0146 1424 Wd - ok

13:37:54.0224 1424 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

13:37:54.0255 1424 Wdf01000 - ok

13:37:54.0333 1424 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:37:54.0364 1424 WdiServiceHost - ok

13:37:54.0364 1424 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:37:54.0395 1424 WdiSystemHost - ok

13:37:54.0473 1424 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

13:37:54.0536 1424 WebClient - ok

13:37:54.0614 1424 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

13:37:54.0661 1424 Wecsvc - ok

13:37:54.0707 1424 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

13:37:54.0785 1424 wercplsupport - ok

13:37:54.0910 1424 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

13:37:54.0957 1424 WerSvc - ok

13:37:54.0988 1424 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

13:37:55.0035 1424 WfpLwf - ok

13:37:55.0191 1424 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

13:37:55.0222 1424 WIMMount - ok

13:37:55.0394 1424 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

13:37:55.0456 1424 winachsf - ok

13:37:55.0706 1424 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

13:37:55.0753 1424 WinDefend - ok

13:37:55.0768 1424 WinHttpAutoProxySvc - ok

13:37:56.0330 1424 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

13:37:56.0377 1424 Winmgmt - ok

13:37:56.0595 1424 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

13:37:56.0720 1424 WinRM - ok

13:37:56.0891 1424 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

13:37:56.0985 1424 Wlansvc - ok

13:37:57.0391 1424 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:37:57.0484 1424 wlidsvc - ok

13:37:58.0171 1424 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

13:37:58.0202 1424 WmiAcpi - ok

13:37:58.0436 1424 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

13:37:58.0467 1424 wmiApSrv - ok

13:37:58.0748 1424 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:37:58.0841 1424 WMPNetworkSvc - ok

13:37:59.0481 1424 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

13:37:59.0528 1424 WPCSvc - ok

13:37:59.0746 1424 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

13:37:59.0809 1424 WPDBusEnum - ok

13:38:00.0136 1424 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

13:38:00.0214 1424 ws2ifsl - ok

13:38:00.0277 1424 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll

13:38:00.0323 1424 wscsvc - ok

13:38:00.0339 1424 WSearch - ok

13:38:00.0729 1424 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

13:38:00.0838 1424 wuauserv - ok

13:38:01.0400 1424 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

13:38:01.0478 1424 WudfPf - ok

13:38:02.0336 1424 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:38:02.0429 1424 WUDFRd - ok

13:38:02.0851 1424 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

13:38:02.0929 1424 wudfsvc - ok

13:38:03.0116 1424 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

13:38:03.0194 1424 WwanSvc - ok

13:38:03.0288 1424 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys

13:38:03.0304 1424 XAudio - ok

13:38:03.0351 1424 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

13:38:12.0524 1424 \Device\Harddisk0\DR0 - ok

13:38:12.0524 1424 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

13:38:15.0222 1424 \Device\Harddisk1\DR1 - ok

13:38:15.0316 1424 Boot (0x1200) (b1d0de5a64207e1c81346c7cc0ec13ca) \Device\Harddisk0\DR0\Partition0

13:38:15.0316 1424 \Device\Harddisk0\DR0\Partition0 - ok

13:38:15.0332 1424 Boot (0x1200) (8154a281a282b3d2390b782c1e7ec85b) \Device\Harddisk0\DR0\Partition1

13:38:15.0347 1424 \Device\Harddisk0\DR0\Partition1 - ok

13:38:15.0347 1424 Boot (0x1200) (4a11ac5541047f228f419f029fb3a78a) \Device\Harddisk1\DR1\Partition0

13:38:15.0347 1424 \Device\Harddisk1\DR1\Partition0 - ok

13:38:15.0347 1424 ============================================================

13:38:15.0347 1424 Scan finished

13:38:15.0347 1424 ============================================================

13:38:15.0363 0624 Detected object count: 2

13:38:15.0363 0624 Actual detected object count: 2

13:39:42.0683 0624 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

13:39:42.0683 0624 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:39:42.0683 0624 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - skipped by user

13:39:42.0683 0624 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - User select action: Skip

Share this post


Link to post
Share on other sites

Here are the results from the ComboFix scan:

ComboFix 12-04-29.02 - Shao Ping 04/29/2012 14:30:53.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3548.2479 [GMT -4:00]

Running from: c:\users\Shao Ping\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Mozilla Firefox\searchplugins\search.xml

.

.

((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))

.

.

2012-04-29 16:44 . 2012-04-29 16:44 -------- d-----w- c:\program files\Common Files\Java

2012-04-29 16:43 . 2012-04-29 16:43 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-29 16:43 . 2010-12-16 15:40 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-17 16:34 . 2012-03-16 17:35 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-02-23 13:18 . 2011-01-03 14:56 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 05:34 . 2012-03-13 20:35 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 04:14 . 2012-03-13 20:35 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:13 . 2012-03-13 20:35 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:38 . 2012-03-14 03:08 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-02-08 06:03 . 2012-03-16 17:31 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70E2240A-B207-42CC-984B-334030BFAD41}\mpengine.dll

2012-02-03 03:54 . 2012-03-14 03:08 2343424 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2011-09-07 19:53 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 01:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2010-08-20 00:06 487562 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2012-01-13 19:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-04 1343400]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1306010.008\SYMDS.SYS [2011-07-26 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1306010.008\SYMEFA.SYS [2012-01-17 905336]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-02 820856]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1306010.008\ccSetx86.sys [2011-11-29 132744]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120320.002\IDSvix86.sys [2012-03-15 368248]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1306010.008\Ironx86.SYS [2012-01-17 149624]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1306010.008\SYMNETS.SYS [2012-01-17 318584]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe [2012-01-17 138232]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-06-30 49152]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-07 232512]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-16 106104]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mchInjDrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596668224-3071289805-285712935-1000Core.job

- c:\users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 03:29]

.

2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596668224-3071289805-285712935-1000UA.job

- c:\users\Shao Ping\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 03:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Shao Ping\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.1 71.250.0.12

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-Akamai NetSession Interface - c:\users\Shao Ping\AppData\Local\Akamai\netsession_win.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.6.1.8\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-29 14:50:07

ComboFix-quarantined-files.txt 2012-04-29 18:50

.

Pre-Run: 113,130,811,392 bytes free

Post-Run: 113,957,761,024 bytes free

.

- - End Of File - - 6FDD721BC5598CAB163896B6B47B07A8

Share this post


Link to post
Share on other sites

Not much showing....

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Share this post


Link to post
Share on other sites

The results from the OTL scan:

OTL logfile created on: 4/29/2012 4:12:50 PM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Shao Ping\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 80.06% Memory free

6.93 Gb Paging File | 6.25 Gb Available in Paging File | 90.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 283.40 Gb Total Space | 106.24 Gb Free Space | 37.49% Space Free | Partition Type: NTFS

Drive E: | 1.87 Gb Total Space | 1.03 Gb Free Space | 54.92% Space Free | Partition Type: FAT

Computer Name: DOROTHY | User Name: Shao Ping | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/29 16:09:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Shao Ping\Desktop\OTL.exe

PRC - [2012/01/17 02:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe

PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/06/08 12:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/06/04 03:29:14 | 000,292,208 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2010/05/31 05:57:12 | 000,056,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2010/05/31 02:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2010/02/17 02:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/15 15:46:49 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\87c77503e0f629a8c99765285fa25c76\IAStorUtil.ni.dll

MOD - [2012/02/15 15:33:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012/02/15 15:32:46 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012/02/15 15:32:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012/02/15 15:32:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/02/15 15:32:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/02/15 15:31:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2011/10/12 13:11:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/17 02:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe -- (NIS)

SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/01/04 10:27:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/01/03 11:27:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/06/08 12:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)

SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/04/28 23:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SHAOPI~1\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012/03/17 12:34:34 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012/03/16 13:57:27 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/03/16 13:57:27 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/03/16 13:57:27 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/03/16 13:57:27 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120320.034\NAVENG.SYS -- (NAVENG)

DRV - [2012/03/15 03:28:52 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120320.002\IDSvix86.sys -- (IDSVix86)

DRV - [2012/03/02 18:59:42 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012/01/17 19:46:01 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\symnets.sys -- (SymNetS)

DRV - [2012/01/17 19:45:57 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\symefa.sys -- (SymEFA)

DRV - [2012/01/17 19:35:24 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\ironx86.sys -- (SymIRON)

DRV - [2012/01/17 19:33:51 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1306010.008\srtsp.sys -- (SRTSP)

DRV - [2012/01/17 19:33:51 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2011/11/29 19:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\ccsetx86.sys -- (ccSet_NIS)

DRV - [2011/10/06 21:32:57 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011/07/25 22:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1306010.008\symds.sys -- (SymDS)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/08/12 12:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV - [2010/06/21 09:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/07/04 06:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)

DRV - [2009/07/01 20:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)

DRV - [2009/06/30 07:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)

DRV - [2009/06/25 04:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2009/06/25 04:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2009/06/25 04:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2009/05/28 12:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)

DRV - [2009/05/21 17:21:12 | 000,467,968 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2009/04/28 23:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)

DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {A77D5939-D652-44C1-B74E-638EA6A571EC}

IE - HKLM\..\SearchScopes\{A77D5939-D652-44C1-B74E-638EA6A571EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...045&form=ZGAPHP

IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..\SearchScopes,DefaultScope = {A77D5939-D652-44C1-B74E-638EA6A571EC}

IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..\SearchScopes\{B0F6A9E6-A20E-2078-1826-6C700C6E8C1D}: "URL" = http://www.bing.com/...045&form=ZGAIDF

IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-596668224-3071289805-285712935-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1

FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shao Ping\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shao Ping\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/03/17 12:13:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/04/29 16:12:50 | 000,000,000 | ---D | M]

[2012/02/27 23:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shao Ping\AppData\Roaming\mozilla\Extensions

[2011/05/04 21:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shao Ping\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

[2011/10/28 15:30:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/05/14 15:03:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Shao Ping\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\

CHR - Extension: Norton Identity Protection = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.5_0\

CHR - Extension: Gmail = C:\Users\Shao Ping\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/29 14:44:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Shao Ping\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-596668224-3071289805-285712935-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5395DD03-5B75-4BF5-A0B0-2F2A13A16979}: DhcpNameServer = 192.168.1.1 71.250.0.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE686D9C-1118-4B6D-AF90-485802F9C4E4}: DhcpNameServer = 128.6.216.19 128.6.224.114

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 16:12:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Shao Ping\Desktop\OTL.exe

[2012/04/29 15:08:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/04/29 15:03:29 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/04/29 14:50:16 | 000,000,000 | ---D | C] -- C:\Users\Shao Ping\AppData\Local\temp

[2012/04/29 14:28:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/04/29 14:28:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/04/29 14:28:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/04/29 14:28:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/29 14:27:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/29 14:24:03 | 004,479,463 | R--- | C] (Swearware) -- C:\Users\Shao Ping\Desktop\ComboFix.exe

[2012/04/29 13:32:35 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shao Ping\Desktop\tdsskiller.exe

[2012/04/29 12:46:02 | 000,000,000 | ---D | C] -- C:\Users\Shao Ping\Desktop\RK_Quarantine

[2012/04/29 12:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/04/28 18:29:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Shao Ping\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2012/04/29 16:19:22 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/29 16:19:22 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/29 16:11:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/29 16:11:33 | 2790,543,360 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/29 16:09:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Shao Ping\Desktop\OTL.exe

[2012/04/29 14:44:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/04/29 14:43:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596668224-3071289805-285712935-1000UA.job

[2012/04/29 14:22:26 | 004,479,463 | R--- | M] (Swearware) -- C:\Users\Shao Ping\Desktop\ComboFix.exe

[2012/04/29 13:28:36 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shao Ping\Desktop\tdsskiller.exe

[2012/04/29 12:41:46 | 001,280,512 | ---- | M] () -- C:\Users\Shao Ping\Desktop\RogueKiller.exe

[2012/04/28 18:32:05 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/28 18:32:05 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/04/28 18:18:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Shao Ping\Desktop\dds.scr

========== Files Created - No Company Name ==========

[2012/04/29 14:28:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/29 14:28:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/29 14:28:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/29 14:28:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/29 14:28:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/29 12:44:51 | 001,280,512 | ---- | C] () -- C:\Users\Shao Ping\Desktop\RogueKiller.exe

[2011/12/30 23:21:27 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini

[2011/12/30 02:00:44 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/12/18 16:20:46 | 000,007,635 | ---- | C] () -- C:\Users\Shao Ping\AppData\Local\Resmon.ResmonCfg

[2011/10/15 00:11:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll

[2011/10/15 00:11:49 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll

[2011/10/15 00:11:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll

[2011/09/22 00:12:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/06/29 14:30:38 | 000,132,096 | ---- | C] () -- C:\Windows\System32\Exercise 2.29.exe

[2011/06/29 13:46:14 | 000,150,528 | ---- | C] () -- C:\Windows\System32\Exercise 2.28.exe

[2011/06/29 13:04:30 | 000,099,328 | ---- | C] () -- C:\Windows\System32\Exercise 2.26.exe

[2011/06/29 12:39:37 | 000,100,352 | ---- | C] () -- C:\Windows\System32\Exercise 2.21.exe

[2011/06/29 12:18:16 | 000,151,040 | ---- | C] () -- C:\Windows\System32\Exercise 2.20.exe

[2011/06/26 21:47:54 | 000,150,528 | ---- | C] () -- C:\Windows\System32\Exercise 2.19.exe

[2011/06/03 12:44:26 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2011/05/31 15:41:26 | 000,036,279 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2011/02/22 00:32:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/12/16 11:39:14 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2010/11/24 09:17:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2010/11/24 09:17:00 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin

[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== LOP Check ==========

[2012/03/07 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Audacity

[2012/03/22 00:59:20 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\BitTorrent

[2012/02/25 14:54:08 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\bsnes

[2011/02/04 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/06/05 18:23:09 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/10/06 21:34:17 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DAEMON Tools Lite

[2012/03/21 13:43:25 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DC++

[2011/10/26 04:04:22 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DVDVideoSoft

[2011/07/20 00:10:26 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\DVDVideoSoftIEHelpers

[2011/04/09 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\FreeAudioPack

[2011/07/11 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\IObit

[2011/05/14 19:52:27 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\MakeMusic

[2011/10/15 00:17:53 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Maple

[2011/07/01 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Moyea

[2011/07/16 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Participatory Culture Foundation

[2011/08/10 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\PCF-VLC

[2011/02/04 19:33:29 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1

[2011/10/26 03:57:27 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\River Past G5

[2011/10/26 04:20:09 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Softplicity

[2011/06/05 19:33:53 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/02/29 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\SystemRequirementsLab

[2011/05/04 21:23:45 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\TomTom

[2011/09/17 22:13:15 | 000,000,000 | ---D | M] -- C:\Users\Shao Ping\AppData\Roaming\Unity

[2012/03/23 13:33:49 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 4/29/2012 4:12:50 PM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Shao Ping\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 80.06% Memory free

6.93 Gb Paging File | 6.25 Gb Available in Paging File | 90.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 283.40 Gb Total Space | 106.24 Gb Free Space | 37.49% Space Free | Partition Type: NTFS

Drive E: | 1.87 Gb Total Space | 1.03 Gb Free Space | 54.92% Space Free | Partition Type: FAT

Computer Name: DOROTHY | User Name: Shao Ping | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\River Past\Audio Converter\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter\AudioConverter.exe:*:Enabled:River Past Audio Converter

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{081ACDC0-004E-49FE-8FCA-DBAA86CFF08C}" = lport=57714 | protocol=6 | dir=in | name=pando media booster |

"{0BAD974D-8A71-4527-B5B4-FD11677623E6}" = lport=445 | protocol=6 | dir=in | app=system |

"{144B1E39-D172-4E7F-A5C3-48B75C89F618}" = rport=138 | protocol=17 | dir=out | app=system |

"{1C660F13-F712-4932-B3B0-AF62AD592567}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{1F0A43C5-DC31-4C1C-B85A-84B6C6FBA8DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{29A1B732-6C5A-4B46-A686-F4B0C8C87013}" = rport=137 | protocol=17 | dir=out | app=system |

"{3202AD11-B4C7-465B-A34E-985F944BAE52}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{3D64833E-DA9C-46C9-BCC3-046FD47C8E14}" = rport=445 | protocol=6 | dir=out | app=system |

"{696442F6-54A3-4028-B822-0BAC72E7E93D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{7E2F7A43-A55E-4835-A13B-C972FE4E200C}" = lport=57714 | protocol=6 | dir=in | name=pando media booster |

"{8982B56B-FAD6-4695-A8DB-7ECB5FEB28D6}" = lport=57714 | protocol=17 | dir=in | name=pando media booster |

"{8B9CCB6B-86A4-4337-90F7-45918F929C57}" = rport=139 | protocol=6 | dir=out | app=system |

"{8DA2B613-FCE9-4A46-8892-BDD2F667365D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{909165CD-05AE-4ADD-91A1-802A4A2E8077}" = lport=139 | protocol=6 | dir=in | app=system |

"{948C9527-0630-4023-A8D3-3A3C66981D95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{A7174DB1-C1D1-4405-9B16-59D001F14744}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{B4F66471-23A6-4BBC-BFAA-4C948A22C980}" = lport=138 | protocol=17 | dir=in | app=system |

"{BDBBA453-242F-4D0C-A129-658498F75823}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CE850A68-186B-403C-A7A3-22A8F0D05FA9}" = lport=49741 | protocol=6 | dir=in | name=akamai netsession interface |

"{D7078454-B677-498C-B026-F80092F7BF3F}" = lport=57714 | protocol=17 | dir=in | name=pando media booster |

"{D76D2059-38D9-48BB-8BBA-B5FC8A09574C}" = lport=137 | protocol=17 | dir=in | app=system |

"{E7F84618-8E8E-41C6-9ED7-F70B6B4B68BC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04797AAB-FBF5-4CAF-8237-76EB42459397}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{04BAF535-9212-4740-8D24-31A8EB8BD330}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |

"{052510B2-1914-41CE-B9BB-AA9E4F2FB02C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"{117A0988-E022-4F65-AD6B-E496D0E223C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{1302DEF5-0A85-4C2C-8C24-ACD2D04397C7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |

"{16B8D7A9-9E2F-4C9D-A0F7-5438B4CA4BFB}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |

"{1910077B-5AA0-488F-90CA-BB3EF7198E91}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{1D4DB56B-6FAA-4814-90A4-5AE9517EA053}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{22893038-4E67-4A43-A489-118777667DE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |

"{258076FD-7074-4BFF-A2C9-255BBA7606C7}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{262BB103-19D7-49C2-B37A-53E6EB5CACC7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{292D4274-B34E-40FF-B070-96778DC7A370}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{2C3C9D95-285A-4B13-B36D-0355BF276D42}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |

"{2D519418-D98D-457D-BB42-6CA8135AD8AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{2F2C6DFB-C177-4D41-A243-6987F5B6D1C9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{31712B0B-08C8-4A5F-BA26-6DF87593971B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{3A057735-4615-47AD-9D38-DC0CD6DB0C48}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |

"{442B8107-D763-4828-8115-893EB540BA4B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |

"{44B5871F-3160-49AA-B712-A108C5602736}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{52D52E5A-0A9A-4008-81FC-795346E79C64}" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |

"{546BCABD-B374-4449-8DAB-CD1AD94FB245}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |

"{5905EA4D-052F-432D-ABB0-F36A2D97DB8B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{5F366C35-EAB4-47B8-9620-E4787BE95B10}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{64DB23A0-6142-4EF9-91FB-8FE0146532B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{67C112F7-6EBE-48D8-8F95-58801606E9CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{69076DB5-DF5A-4982-8EFE-7FFF2FCC81B7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{790CA4FE-7E0B-4508-A328-9734C4CE5436}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{7F784D05-88EF-4647-8194-95A4A81AF689}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{82366F9C-4403-4426-9B16-041EAE18E77A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{86EB43BD-DBBB-456B-92C1-182C8E8688AF}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |

"{890BDE6D-A3F0-4F28-8657-6081A4912604}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{8A945E5A-FCF0-4CBF-A227-F08A4196DA63}" = dir=in | app=c:\program files\pharossystems\core\ctskmstr.exe |

"{9036C6A2-6C55-4D24-9D5C-60DDD57F052F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |

"{95DB5A05-6D1C-44F7-8CDF-6EECE2CA77D0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{98711A2B-2F05-433D-A55C-D847DF23B875}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{9F1B7067-5194-4FC2-8A4B-E1AD4A64D8DD}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |

"{A05A93B6-108E-48B8-8DF6-1AF63053349C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |

"{A3B8897C-6B1A-4CFC-9FB7-CF91153FE850}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{A3D379A2-9976-4F03-92C5-69623D396813}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{B08C5BC8-3EEF-46A5-B62F-3E0AD1C146C2}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"{B3E75AC5-F5C5-4824-9862-D99953F1E0E5}" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |

"{B53A9BBB-87FB-44B7-BA69-E40E28A6D15F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{BB525E21-3165-46C9-8EB2-98699AF3A35A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"{BC21686F-AD8B-4280-9D7B-CE793346754C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{BCBB5FB2-310A-49E7-A247-2D89C959CE84}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{BD448BB1-CE8F-40EF-98B4-7F8AEC2B5017}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{C569CC19-CBCB-4872-B5DA-280F670E1FB5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{C8D4296D-9243-4B86-9ECE-9CB8A958F5F6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1325227885\ee\aolsoftware.exe |

"{CA5F87B0-C48F-4F2A-86EB-9D5107E7FD8D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{CD95342E-1621-46C6-B95C-99A16B3AF6DB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D596187D-8062-49AF-AE34-1485435253F6}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |

"{D6BD81EA-3323-44E7-8E37-F8D7713FE4BB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{D9041F08-0862-4439-8D80-FF1EAE6806D5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1325227885\ee\aolsoftware.exe |

"{D9AB74BC-3A1C-4FD3-A67D-E3ECEA4EE88F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E4FF8A45-2A55-451F-B338-8E1971F906C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EFA319A0-7615-4531-9226-8CAC6B43953A}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |

"{F20DACB5-FDA3-4E76-9583-57757506A1AB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{F5994868-480C-4C21-89E0-2D76C5E9D1D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F5D01504-70AD-4DF7-BC5F-E35886CF4208}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{FCF1E190-FC6A-4F02-9452-05FE7B75EAF6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |

"TCP Query User{0CF46C49-21EF-4DB7-B617-6693080A5CFB}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |

"TCP Query User{12F64D14-25D9-4FBD-AF9A-F320FD047EC8}C:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe |

"TCP Query User{24761A21-D973-4F2C-A635-913788A9A6AE}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

"TCP Query User{5A5828CD-3EEC-4C26-A2AE-B721245855A3}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

"TCP Query User{65C8601E-F81B-4004-8C85-DBD321B8F3B1}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |

"TCP Query User{66B674CE-8452-4ABA-A3C6-3964A9D85DC9}C:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe |

"TCP Query User{74CCABA7-2521-4EAA-B297-0DFA07515E3E}C:\users\shao ping\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\starcraft_2_na_en-us.exe |

"TCP Query User{7CE70BD8-9C71-42D9-AE1E-5FBF2A1BEE93}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |

"TCP Query User{7E0ED1B5-CC84-4F56-A845-E15CF8DC9CAE}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |

"TCP Query User{8817A1AA-5F18-47EC-BE65-CD2D024223D0}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |

"TCP Query User{8AB668E3-5048-49A8-8469-5A0F94270217}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |

"TCP Query User{8CA8BA36-7D91-459A-8B6E-2675AA642AE2}C:\program files\maple 13\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |

"TCP Query User{91F8CBA2-4637-40E8-B56B-1663AD97E155}C:\users\shao ping\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\shao ping\appdata\local\akamai\netsession_win.exe |

"TCP Query User{955FC22D-45A4-45FD-8523-2C3F91876E6A}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |

"TCP Query User{A7BA7618-7A95-4B8D-9278-8621FB134BD7}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{AABF5F79-BD99-41BB-9AF8-06049CEA66EF}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |

"TCP Query User{B4DAA53F-68BF-43C7-B966-EC75EFEA1C84}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |

"TCP Query User{B86231C1-38D9-494C-B1F5-A4788DD419FF}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"TCP Query User{C19C559B-3662-4D30-94BC-DCBC16E0A789}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |

"TCP Query User{C4B3B9EA-2140-461A-8363-70588BED1B25}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{C4C517C3-61BB-4EA6-95DF-4C9CC54320EE}C:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe |

"TCP Query User{C5A4744D-EC73-4B7C-AAAF-58042B45BE44}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe |

"TCP Query User{CAC45DBA-D23C-451F-9597-53415F0421F3}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |

"TCP Query User{CE851AEC-6A2E-4A9B-A441-9E0173F6926F}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |

"TCP Query User{D258E28F-2B73-49C3-88DE-E1216700E18C}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |

"TCP Query User{EB674394-D856-4570-9434-1109F8DD8E41}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"TCP Query User{FECF061B-F97A-400C-A652-B8BA5D9F4EF9}C:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe" = protocol=6 | dir=in | app=c:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe |

"UDP Query User{06CF1F92-28A4-4FFF-A2E8-308171B753DC}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |

"UDP Query User{0A9B288A-FFEA-47C9-BD67-162C9FFDF7CD}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |

"UDP Query User{1FACAE53-9824-45B4-96F0-636D390204F3}C:\users\shao ping\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\shao ping\appdata\local\akamai\netsession_win.exe |

"UDP Query User{209E718E-01F8-4931-AC72-251CF8A5A2E6}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"UDP Query User{264FC356-3E45-4E4E-A23C-B9CE79A74A0F}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |

"UDP Query User{2AB2F215-50C4-43C1-8F54-FAF7FD6A571F}C:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\halo_custom\halo custom edition\halo.exe |

"UDP Query User{352AF09A-480F-48EB-9184-BF6B7B4739B2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"UDP Query User{3CB7CE26-9C17-4B29-BD60-43117C05F9DC}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |

"UDP Query User{4E7520E6-501D-4B64-9C03-A0FD61B3A42E}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

"UDP Query User{689233FC-2903-4F5B-B593-72A1D60493EF}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe |

"UDP Query User{6976B469-D7E4-453E-9166-D6C12877BD71}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |

"UDP Query User{72B1A5CC-1657-44B1-A9C1-8FEB6ACFE982}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |

"UDP Query User{79C5DC6D-C3DD-40FF-85B7-9A2DD6AD464D}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |

"UDP Query User{9CB9BE8F-F290-48BB-A2F0-7F552D956E96}C:\users\shao ping\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\starcraft_2_na_en-us.exe |

"UDP Query User{9DEAC053-FC79-4928-83D6-31736B586605}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |

"UDP Query User{A77D1C84-4601-4AB8-83B7-DE71103BFFDB}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |

"UDP Query User{AC5786F0-29AD-4C72-8DDC-F203C11CE5C8}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{BE9498F0-83FF-4F34-982C-65B4CE579869}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

"UDP Query User{D11154B8-C235-40F9-9158-DD9FE49AE822}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |

"UDP Query User{D6C1CFE4-BD19-4B5A-A419-676F117B0626}C:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_reign_of_chaos_enus.exe |

"UDP Query User{EAA564E7-4FA7-4893-8C39-E99713FFA4D8}C:\program files\maple 13\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 13\jre\bin\maple.exe |

"UDP Query User{EFCFC40D-BBF6-4BD6-B152-55CE65A5A7C6}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |

"UDP Query User{F0698488-9737-4859-BCB6-D11AE37415AF}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{F090E364-CD77-487C-A9E9-966BE8FFF7CB}C:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\downloader_warcraft3_the_frozen_throne_enus.exe |

"UDP Query User{F586B2D2-E107-4818-B273-0A63751D672D}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |

"UDP Query User{FCCD8475-1283-4E2F-B744-524FBA585800}C:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\shao ping\downloads\downloader_starcraft_combo_enus.exe |

"UDP Query User{FDE7F1FF-DA38-4359-9177-13AE0E609495}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708

"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.9

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)

"BitTorrent" = BitTorrent

"CDisplay_is1" = CDisplay 1.8

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"DAEMON Tools Lite" = DAEMON Tools Lite

"DC++" = DC++ 0.791

"Dell Webcam Central" = Dell Webcam Central

"Diablo II" = Diablo II

"Finale 2011 Demo" = Finale 2011 Demo

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Maple 13" = Maple 13

"MatlabR2011a" = MATLAB R2011a

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU

"Monkey's Audio_is1" = Monkey's Audio

"NIS" = Norton Internet Security

"Pharos" = Pharos

"PROPLUS" = Microsoft Office Professional Plus 2007

"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.2

"StarCraft" = StarCraft

"StarCraft II" = StarCraft II

"TVWiz" = Intel® TV Wizard

"ViewpointMediaPlayer" = Viewpoint Media Player

"VLC media player" = VLC media player 0.9.2

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"ZSNESw" = ZSNESw 1.51

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-596668224-3071289805-285712935-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/15/2012 7:36:30 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 48579

Error - 3/15/2012 7:36:30 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 48579

Error - 3/15/2012 7:36:45 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/15/2012 7:36:45 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 64179

Error - 3/15/2012 7:36:45 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 64179

Error - 3/15/2012 7:37:01 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/15/2012 7:37:01 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 79779

Error - 3/15/2012 7:37:01 PM | Computer Name = Dorothy | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 79779

Error - 3/16/2012 4:21:39 PM | Computer Name = Dorothy | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Program Files\Microsoft

Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly

Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/17/2012 12:33:25 AM | Computer Name = Dorothy | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Program Files\Microsoft

Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly

Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]

Error - 1/25/2011 1:55:41 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0

Description = 12:55:40 PM - Error connecting to the internet. 12:55:40 PM - Unable

to contact server..

Error - 1/27/2011 10:51:23 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0

Description = 9:51:23 AM - Error connecting to the internet. 9:51:23 AM - Unable

to contact server..

Error - 1/27/2011 10:51:32 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0

Description = 9:51:28 AM - Error connecting to the internet. 9:51:28 AM - Unable

to contact server..

Error - 1/27/2011 11:51:36 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0

Description = 10:51:36 AM - Error connecting to the internet. 10:51:36 AM - Unable

to contact server..

Error - 1/27/2011 11:51:42 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0

Description = 10:51:41 AM - Error connecting to the internet. 10:51:41 AM - Unable

to contact server..

Error - 1/31/2011 4:07:01 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0

Description = 3:07:00 PM - Failed to retrieve SportsSchedule (Error: The operation

has timed out)

Error - 2/13/2011 10:46:32 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0

Description = 9:46:32 AM - Error connecting to the internet. 9:46:32 AM - Unable

to contact server..

Error - 2/13/2011 10:46:39 AM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0

Description = 9:46:37 AM - Error connecting to the internet. 9:46:37 AM - Unable

to contact server..

Error - 2/26/2011 10:20:59 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0

Description = 9:20:55 PM - Error connecting to the internet. 9:20:55 PM - Unable

to contact server..

Error - 5/18/2011 9:16:20 PM | Computer Name = ShaoPing-PC | Source = MCUpdate | ID = 0

Description = 9:16:20 PM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

[ System Events ]

Error - 4/29/2012 12:45:05 PM | Computer Name = Dorothy | Source = DCOM | ID = 10005

Description =

Error - 4/29/2012 12:45:05 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Backup service to connect.

Error - 4/29/2012 12:45:05 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7000

Description = The Windows Backup service failed to start due to the following error:

%%1053

Error - 4/29/2012 2:29:46 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 4/29/2012 2:37:39 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 4/29/2012 2:44:22 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 4/29/2012 2:55:13 PM | Computer Name = Dorothy | Source = DCOM | ID = 10010

Description =

Error - 4/29/2012 2:55:35 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 4/29/2012 2:58:31 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 4/29/2012 3:03:37 PM | Computer Name = Dorothy | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

< End of report >

Share this post


Link to post
Share on other sites

Not much showing, lets get rid of that toolbar........

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    :Files
    c:\program files\somototoolbar
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Share this post


Link to post
Share on other sites

Here are the results:

All processes killed

========== OTL ==========

========== FILES ==========

File\Folder c:\program files\somototoolbar not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shao Ping

->Java cache emptied: 9649892 bytes

Total Java Files Cleaned = 9.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Shao Ping

->Temp folder emptied: 1017 bytes

->Temporary Internet Files folder emptied: 31025210 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 369183649 bytes

->Flash cache emptied: 13133 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 382.00 mb

OTL by OldTimer - Version 3.2.42.2 log created on 04292012_172334

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

OK, I'm not seeing much so far as malware, if you want we can run a couple of more scans.

MrC

Share this post


Link to post
Share on other sites

Thank you for all of the help so far. Did we get rid of anything at all with all of the scans? Is it necessary to be connected to the internet when running those scans? (I was disconnected from the internet for all of those scans. ) And sure I guess I'll run some more scans while I'm at it.

Share this post


Link to post
Share on other sites

No real malware found.

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Share this post


Link to post
Share on other sites

Here are the results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-29 18:28:34

-----------------------------

18:28:34.259 OS Version: Windows 6.1.7601 Service Pack 1

18:28:34.259 Number of processors: 2 586 0x170A

18:28:34.259 ComputerName: DOROTHY UserName:

18:28:59.721 Initialize success

18:29:58.786 AVAST engine defs: 12042901

18:30:41.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:30:41.046 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3

18:30:41.062 Disk 0 MBR read successfully

18:30:41.077 Disk 0 MBR scan

18:30:41.077 Disk 0 Windows VISTA default MBR code

18:30:41.093 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

18:30:41.124 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325

18:30:41.171 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325

18:30:41.186 Disk 0 scanning sectors +625140400

18:30:41.358 Disk 0 scanning C:\Windows\system32\drivers

18:31:11.918 Service scanning

18:33:27.810 Modules scanning

18:34:58.353 Disk 0 trace - called modules:

18:34:58.400 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll

18:34:58.743 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x882ee030]

18:34:58.758 3 CLASSPNP.SYS[8cd9959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8684d028]

18:35:00.194 AVAST engine scan C:\Windows

18:35:07.261 AVAST engine scan C:\Windows\system32

18:40:49.170 AVAST engine scan C:\Windows\system32\drivers

18:41:06.642 AVAST engine scan C:\Users\Shao Ping

18:49:09.456 AVAST engine scan C:\ProgramData

18:54:06.029 Scan finished successfully

19:01:58.632 Disk 0 MBR has been saved successfully to "C:\Users\Shao Ping\Desktop\MBR.dat"

19:01:58.648 The log file has been saved successfully to "C:\Users\Shao Ping\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

That scan was clean....

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

[*]Scan potentially unwanted applications

[*]Scan for potentially unsafe applications

[*]Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Share this post


Link to post
Share on other sites

Here are the results:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Share this post


Link to post
Share on other sites

Well the logs are clean and we've used some very powerful tools.....I'm not seeing much.

Let me know your thoughts, there's a special way to uninstall some of the tools we used.

MrC

Share this post


Link to post
Share on other sites

Well if nothing came up after all of these scans I guess it means there isn't anything left to do. I appreciate all of the help and time you put in for me.

Share this post


Link to post
Share on other sites

That's what we're here.....:)

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.