TechSpot

Unable to update virus/spyware definition

By John16v
Jul 26, 2012
  1. Hi, Can't believe I'm here again but this time with my own laptop. :(

    Anyway, long story short, something is preventing me from update any of my virus and spyware definition. I'm running symantec av, malwarebyte and superAS. None of them would update the definition and the weirdest thing on MB is the "check for update" is ghosted and you are not able to highlight it.

    Well I ran symantec, MB and sas all using definition from July 21th. Only MB picked up a Trojan p2p and it was able to remove it (did a full scan afterward) Than I use Eset online and it found win32/pinit virus and it also was removed.

    After all that still unable to update my the definition.

    Appreciate for any help and assistant.

    John
     
  2. John16v

    John16v TS Rookie Topic Starter Posts: 52

    Should I try to run Farbar Recovery? I know there is something in my computer that is preventing me from the download...

    And did I post this on the wrong forums? If so, please direct me in where to post this?
     
  3. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. John16v

    John16v TS Rookie Topic Starter Posts: 52

    Alright Symantec AV came back with nothing.
     
  5. John16v

    John16v TS Rookie Topic Starter Posts: 52

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.26.11

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.11
    Wai Yau :: PC785018295244 [limited]

    7/26/2012 1:09:59 PM
    mbam-log-2012-07-26 (13-09-59).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 345320
    Time elapsed: 2 hour(s), 15 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  6. John16v

    John16v TS Rookie Topic Starter Posts: 52

    Try to run DDS and nothing happens? I went to RUN "CMD" and Wscript and check the Stop Script After Specified....and nothing... Please help
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Will GMER run?
     
  8. John16v

    John16v TS Rookie Topic Starter Posts: 52

    Gmer ran...just fine. Do you want me to post the log?
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yes.
     
  10. John16v

    John16v TS Rookie Topic Starter Posts: 52

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-26 17:36:47
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 rev.
    Running: tix9tbjr.exe; Driver: C:\DOCUME~1\WAIYAU~1\LOCALS~1\Temp\kgtoykow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 89D0B488 ZwConnectPort
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA84C8640]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[3288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0113FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3288] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 013E07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3288] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 013E079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3288] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 013E0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----
     
  11. John16v

    John16v TS Rookie Topic Starter Posts: 52

    Should I turn on my own laptop wifi and download the DDS straight onto the desktop instead of via. USB drive?
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    No.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  13. John16v

    John16v TS Rookie Topic Starter Posts: 52

    No treat found but the log:

    18:37:08.0437 2276TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    18:37:08.0453 2276============================================================
    18:37:08.0453 2276Current date / time: 2012/07/26 18:37:08.0453
    18:37:08.0453 2276SystemInfo:
    18:37:08.0453 2276
    18:37:08.0453 2276OS Version: 5.1.2600 ServicePack: 3.0
    18:37:08.0453 2276Product type: Workstation
    18:37:08.0453 2276ComputerName: PC785018295244
    18:37:08.0453 2276UserName: Wai Yau
    18:37:08.0453 2276Windows directory: C:\WINDOWS
    18:37:08.0453 2276System windows directory: C:\WINDOWS
    18:37:08.0453 2276Processor architecture: Intel x86
    18:37:08.0453 2276Number of processors: 1
    18:37:08.0453 2276Page size: 0x1000
    18:37:08.0453 2276Boot type: Normal boot
    18:37:08.0453 2276============================================================
    18:37:09.0093 2276Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:37:09.0109 2276Drive \Device\Harddisk1\DR14 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:37:09.0109 2276============================================================
    18:37:09.0109 2276\Device\Harddisk0\DR0:
    18:37:09.0109 2276MBR partitions:
    18:37:09.0109 2276\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7BA7688
    18:37:09.0109 2276\Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x7BAB588, BlocksNum 0x1761276
    18:37:09.0109 2276\Device\Harddisk1\DR14:
    18:37:09.0109 2276MBR partitions:
    18:37:09.0109 2276\Device\Harddisk1\DR14\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
    18:37:09.0109 2276============================================================
    18:37:09.0125 2276C: <-> \Device\Harddisk0\DR0\Partition0
    18:37:09.0140 2276D: <-> \Device\Harddisk0\DR0\Partition1
    18:37:09.0140 2276============================================================
    18:37:09.0140 2276Initialize success
    18:37:09.0140 2276============================================================
    18:37:13.0812 0856============================================================
    18:37:13.0812 0856Scan started
    18:37:13.0812 0856Mode: Manual;
    18:37:13.0812 0856============================================================
    18:37:14.0453 0856!SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    18:37:14.0484 0856!SASCORE - ok
    18:37:14.0718 08565U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
    18:37:14.0718 08565U870CAP_VID_1262&PID_25FD - ok
    18:37:14.0734 0856Abiosdsk - ok
    18:37:14.0796 0856abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    18:37:14.0796 0856abp480n5 - ok
    18:37:14.0890 0856ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:37:14.0906 0856ACPI - ok
    18:37:14.0937 0856ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    18:37:14.0953 0856ACPIEC - ok
    18:37:15.0078 0856AddFiltr (746742588c07db53731143229e2ee450) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    18:37:15.0125 0856AddFiltr - ok
    18:37:15.0156 0856adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    18:37:15.0171 0856adpu160m - ok
    18:37:15.0218 0856aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:37:15.0234 0856aec - ok
    18:37:15.0296 0856AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    18:37:15.0328 0856AFD - ok
    18:37:15.0359 0856agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    18:37:15.0375 0856agp440 - ok
    18:37:15.0390 0856agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    18:37:15.0406 0856agpCPQ - ok
    18:37:15.0437 0856Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    18:37:15.0453 0856Aha154x - ok
    18:37:15.0484 0856aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    18:37:15.0500 0856aic78u2 - ok
    18:37:15.0531 0856aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    18:37:15.0546 0856aic78xx - ok
    18:37:15.0625 0856Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    18:37:15.0625 0856Alerter - ok
    18:37:15.0687 0856ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    18:37:15.0703 0856ALG - ok
    18:37:15.0765 0856AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    18:37:15.0796 0856AliIde - ok
    18:37:15.0812 0856alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    18:37:15.0828 0856alim1541 - ok
    18:37:15.0875 0856amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    18:37:15.0890 0856amdagp - ok
    18:37:15.0921 0856amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    18:37:15.0937 0856amsint - ok
    18:37:16.0062 0856Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:37:16.0125 0856Apple Mobile Device - ok
    18:37:16.0203 0856AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    18:37:16.0218 0856AppMgmt - ok
    18:37:16.0296 0856Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:37:16.0312 0856Arp1394 - ok
    18:37:16.0343 0856asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    18:37:16.0359 0856asc - ok
    18:37:16.0390 0856asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    18:37:16.0406 0856asc3350p - ok
    18:37:16.0437 0856asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    18:37:16.0453 0856asc3550 - ok
    18:37:16.0625 0856aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    18:37:16.0718 0856aspnet_state - ok
    18:37:16.0750 0856AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:37:16.0765 0856AsyncMac - ok
    18:37:16.0796 0856atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:37:16.0843 0856atapi - ok
    18:37:16.0859 0856Atdisk - ok
    18:37:16.0875 0856Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:37:16.0890 0856Atmarpc - ok
    18:37:16.0953 0856AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    18:37:16.0968 0856AudioSrv - ok
    18:37:17.0015 0856audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:37:17.0031 0856audstub - ok
    18:37:17.0046 0856Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:37:17.0062 0856Beep - ok
    18:37:17.0140 0856BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    18:37:17.0187 0856BITS - ok
    18:37:17.0265 0856Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
    18:37:17.0359 0856Bonjour Service - ok
    18:37:17.0375 0856Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    18:37:17.0390 0856Browser - ok
    18:37:17.0468 0856BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
    18:37:17.0484 0856BTWUSB - ok
    18:37:17.0515 0856cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    18:37:17.0531 0856cbidf - ok
    18:37:17.0546 0856cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:37:17.0546 0856cbidf2k - ok
    18:37:17.0609 0856CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    18:37:17.0625 0856CCDECODE - ok
    18:37:17.0750 0856ccEvtMgr (c8d7452eb1dfc5e1ff044be28c4b07e1) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    18:37:17.0796 0856ccEvtMgr - ok
    18:37:17.0828 0856ccPwdSvc (ef8116f41b92ab7a577cfda867cfa542) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    18:37:17.0875 0856ccPwdSvc - ok
    18:37:17.0937 0856ccSetMgr (13248340757445ef3e158d99d6181fcc) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    18:37:17.0968 0856ccSetMgr - ok
    18:37:18.0000 0856cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    18:37:18.0015 0856cd20xrnt - ok
    18:37:18.0046 0856Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:37:18.0062 0856Cdaudio - ok
    18:37:18.0109 0856Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:37:18.0109 0856Cdfs - ok
    18:37:18.0140 0856Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:37:18.0140 0856Cdrom - ok
    18:37:18.0156 0856Changer - ok
    18:37:18.0218 0856CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    18:37:18.0218 0856CiSvc - ok
    18:37:18.0250 0856ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    18:37:18.0250 0856ClipSrv - ok
    18:37:18.0406 0856clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:37:18.0437 0856clr_optimization_v2.0.50727_32 - ok
    18:37:18.0500 0856clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:37:18.0531 0856clr_optimization_v4.0.30319_32 - ok
    18:37:18.0578 0856CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    18:37:18.0593 0856CmBatt - ok
    18:37:18.0640 0856CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    18:37:18.0656 0856CmdIde - ok
    18:37:18.0671 0856Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    18:37:18.0687 0856Compbatt - ok
    18:37:18.0687 0856COMSysApp - ok
    18:37:18.0718 0856Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    18:37:18.0734 0856Cpqarray - ok
    18:37:18.0796 0856CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    18:37:18.0812 0856CryptSvc - ok
    18:37:18.0859 0856dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    18:37:18.0875 0856dac2w2k - ok
    18:37:18.0890 0856dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    18:37:18.0906 0856dac960nt - ok
    18:37:18.0984 0856DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    18:37:19.0000 0856DcomLaunch - ok
    18:37:19.0140 0856DefWatch (cc564a31a2e9f7ddb6de55848c3c0a0b) C:\Program Files\Symantec AntiVirus\DefWatch.exe
    18:37:19.0156 0856DefWatch - ok
    18:37:19.0187 0856Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    18:37:19.0187 0856Dhcp - ok
    18:37:19.0250 0856Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:37:19.0265 0856Disk - ok
    18:37:19.0281 0856dmadmin - ok
    18:37:19.0359 0856dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:37:19.0421 0856dmboot - ok
    18:37:19.0468 0856dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:37:19.0484 0856dmio - ok
    18:37:19.0531 0856dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:37:19.0546 0856dmload - ok
    18:37:19.0593 0856dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    18:37:19.0625 0856dmserver - ok
    18:37:19.0656 0856DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:37:19.0671 0856DMusic - ok
    18:37:19.0734 0856Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    18:37:19.0750 0856Dnscache - ok
    18:37:19.0828 0856Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    18:37:19.0843 0856Dot3svc - ok
    18:37:19.0875 0856dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    18:37:19.0890 0856dpti2o - ok
    18:37:19.0921 0856drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:37:19.0937 0856drmkaud - ok
    18:37:20.0015 0856E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    18:37:20.0031 0856E100B - ok
    18:37:20.0093 0856eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
    18:37:20.0109 0856eabfiltr - ok
    18:37:20.0140 0856eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
    18:37:20.0140 0856eabusb - ok
    18:37:20.0171 0856EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    18:37:20.0187 0856EapHost - ok
    18:37:20.0390 0856eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    18:37:20.0421 0856eeCtrl - ok
    18:37:20.0546 0856ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
    18:37:20.0578 0856ehRecvr - ok
    18:37:20.0656 0856ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
    18:37:20.0687 0856ehSched - ok
    18:37:20.0750 0856EraserUtilDrv11210 (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
    18:37:20.0750 0856EraserUtilDrv11210 - ok
    18:37:20.0812 0856ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    18:37:20.0828 0856ERSvc - ok
    18:37:20.0890 0856Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    18:37:20.0921 0856Eventlog - ok
    18:37:21.0015 0856EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    18:37:21.0062 0856EventSystem - ok
    18:37:21.0171 0856Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:37:21.0203 0856Fastfat - ok
    18:37:21.0281 0856FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    18:37:21.0296 0856FastUserSwitchingCompatibility - ok
    18:37:21.0328 0856Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    18:37:21.0359 0856Fdc - ok
    18:37:21.0375 0856Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:37:21.0390 0856Fips - ok
    18:37:21.0406 0856Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:37:21.0421 0856Flpydisk - ok
    18:37:21.0453 0856FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:37:21.0484 0856FltMgr - ok
    18:37:21.0640 0856FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    18:37:21.0640 0856FontCache3.0.0.0 - ok
    18:37:21.0703 0856Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:37:21.0703 0856Fs_Rec - ok
    18:37:21.0765 0856Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:37:21.0765 0856Ftdisk - ok
    18:37:21.0812 0856GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    18:37:21.0812 0856GEARAspiWDM - ok
    18:37:21.0859 0856ggflt (e43455d5445848a309e62c9a5763b68e) C:\WINDOWS\system32\DRIVERS\ggflt.sys
    18:37:21.0875 0856ggflt - ok
    18:37:21.0921 0856ggsemc (04b0167f64b21ba39b5ca1ecddf383bc) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
    18:37:21.0921 0856ggsemc - ok
    18:37:21.0968 0856Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:37:21.0984 0856Gpc - ok
    18:37:22.0156 0856gupdate1c9a39916b61c5f (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    18:37:22.0156 0856gupdate1c9a39916b61c5f - ok
    18:37:22.0171 0856gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    18:37:22.0171 0856gupdatem - ok
    18:37:22.0250 0856gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:37:22.0281 0856gusvc - ok
    18:37:22.0343 0856HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
    18:37:22.0359 0856HBtnKey - ok
    18:37:22.0468 0856HdAudAddService (4905d28aa09f63e6a2f4e93ed6dd7d19) C:\WINDOWS\system32\drivers\CHDAud.sys
    18:37:22.0484 0856HdAudAddService - ok
    18:37:22.0515 0856HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:37:22.0531 0856HDAudBus - ok
    18:37:22.0687 0856helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    18:37:22.0687 0856helpsvc - ok
    18:37:22.0750 0856HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    18:37:22.0781 0856HidServ - ok
    18:37:22.0843 0856HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:37:22.0859 0856HidUsb - ok
    18:37:22.0921 0856hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    18:37:22.0953 0856hkmsvc - ok
    18:37:23.0000 0856hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    18:37:23.0015 0856hpn - ok
    18:37:23.0125 0856hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    18:37:23.0250 0856hpqwmiex - ok
    18:37:23.0328 0856HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    18:37:23.0343 0856HSFHWAZL - ok
    18:37:23.0500 0856HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    18:37:23.0531 0856HSF_DPV - ok
    18:37:23.0640 0856HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:37:23.0656 0856HTTP - ok
    18:37:23.0671 0856HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    18:37:23.0687 0856HTTPFilter - ok
    18:37:23.0734 0856i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    18:37:23.0750 0856i2omgmt - ok
    18:37:23.0812 0856i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    18:37:23.0828 0856i2omp - ok
    18:37:23.0921 0856i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:37:23.0937 0856i8042prt - ok
    18:37:24.0125 0856ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    18:37:24.0156 0856ialm - ok
    18:37:24.0281 0856iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    18:37:24.0296 0856iaStor - ok
    18:37:24.0468 0856IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    18:37:24.0500 0856IDriverT - ok
    18:37:24.0781 0856idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:37:24.0890 0856idsvc - ok
    18:37:25.0093 0856Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:37:25.0125 0856Imapi - ok
    18:37:25.0203 0856ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    18:37:25.0234 0856ImapiService - ok
    18:37:25.0312 0856ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    18:37:25.0312 0856ini910u - ok
    18:37:25.0359 0856IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    18:37:25.0375 0856IntelIde - ok
    18:37:25.0406 0856intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:37:25.0421 0856intelppm - ok
    18:37:25.0453 0856Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:37:25.0468 0856Ip6Fw - ok
    18:37:25.0515 0856IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:37:25.0531 0856IpFilterDriver - ok
    18:37:25.0578 0856IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:37:25.0593 0856IpInIp - ok
    18:37:25.0656 0856IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:37:25.0687 0856IpNat - ok
    18:37:25.0890 0856iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe
    18:37:26.0015 0856iPod Service - ok
    18:37:26.0046 0856IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:37:26.0062 0856IPSec - ok
    18:37:26.0109 0856IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:37:26.0125 0856IRENUM - ok
    18:37:26.0156 0856isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:37:26.0171 0856isapnp - ok
    18:37:26.0281 0856JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
    18:37:26.0312 0856JavaQuickStarterService - ok
    18:37:26.0359 0856Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:37:26.0375 0856Kbdclass - ok
    18:37:26.0406 0856kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:37:26.0421 0856kbdhid - ok
    18:37:26.0500 0856kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:37:26.0515 0856kmixer - ok
    18:37:26.0593 0856KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:37:26.0609 0856KSecDD - ok
    18:37:26.0687 0856lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    18:37:26.0703 0856lanmanserver - ok
    18:37:26.0781 0856lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    18:37:26.0812 0856lanmanworkstation - ok
    18:37:26.0828 0856Lbd - ok
    18:37:26.0843 0856lbrtfdc - ok
    18:37:26.0921 0856LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
    18:37:26.0937 0856LHidFlt2 - ok
    18:37:27.0000 0856LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
    18:37:27.0031 0856LHidUsb - ok
    18:37:27.0125 0856LightScribeService (86e8bcaa91fc2acfacd99cf2bf9f1f47) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    18:37:27.0156 0856LightScribeService - ok
    18:37:27.0218 0856LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    18:37:27.0234 0856LmHosts - ok
    18:37:27.0281 0856LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
    18:37:27.0296 0856LMouFlt2 - ok
    18:37:27.0406 0856McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
    18:37:27.0437 0856McrdSvc - ok
    18:37:27.0562 0856MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    18:37:27.0609 0856MDM - ok
    18:37:27.0671 0856mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    18:37:27.0687 0856mdmxsdk - ok
    18:37:27.0750 0856Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    18:37:27.0765 0856Messenger - ok
    18:37:27.0843 0856MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
    18:37:27.0859 0856MHN - ok
    18:37:27.0937 0856MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    18:37:27.0953 0856MHNDRV - ok
    18:37:27.0984 0856mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:37:28.0000 0856mnmdd - ok
    18:37:28.0062 0856mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    18:37:28.0078 0856mnmsrvc - ok
    18:37:28.0125 0856Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:37:28.0140 0856Modem - ok
    18:37:28.0203 0856Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:37:28.0218 0856Mouclass - ok
    18:37:28.0265 0856mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:37:28.0281 0856mouhid - ok
    18:37:28.0312 0856MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:37:28.0328 0856MountMgr - ok
    18:37:28.0406 0856MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance
     
  14. John16v

    John16v TS Rookie Topic Starter Posts: 52

    Service\maintenanceservice.exe
    18:37:28.0500 0856MozillaMaintenance - ok
    18:37:28.0515 0856mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    18:37:28.0531 0856mraid35x - ok
    18:37:28.0609 0856MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:37:28.0625 0856MRxDAV - ok
    18:37:28.0718 0856MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:37:28.0765 0856MRxSmb - ok
    18:37:28.0812 0856MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    18:37:28.0828 0856MSDTC - ok
    18:37:28.0906 0856Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:37:28.0921 0856Msfs - ok
    18:37:28.0937 0856MSIServer - ok
    18:37:28.0968 0856MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:37:28.0984 0856MSKSSRV - ok
    18:37:29.0031 0856MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:37:29.0046 0856MSPCLOCK - ok
    18:37:29.0078 0856MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:37:29.0093 0856MSPQM - ok
    18:37:29.0140 0856mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:37:29.0156 0856mssmbios - ok
    18:37:29.0187 0856MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    18:37:29.0203 0856MSTEE - ok
    18:37:29.0250 0856Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:37:29.0265 0856Mup - ok
    18:37:29.0312 0856NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    18:37:29.0343 0856NABTSFEC - ok
    18:37:29.0406 0856napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    18:37:29.0500 0856napagent - ok
    18:37:29.0734 0856NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120717.004\naveng.sys
    18:37:29.0734 0856NAVENG - ok
    18:37:29.0937 0856NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120717.004\navex15.sys
    18:37:29.0968 0856NAVEX15 - ok
    18:37:30.0250 0856NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:37:30.0281 0856NDIS - ok
    18:37:30.0328 0856NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    18:37:30.0328 0856NdisIP - ok
    18:37:30.0390 0856NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:37:30.0390 0856NdisTapi - ok
    18:37:30.0453 0856Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:37:30.0468 0856Ndisuio - ok
    18:37:30.0500 0856NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:37:30.0531 0856NdisWan - ok
    18:37:30.0640 0856NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:37:30.0656 0856NDProxy - ok
    18:37:30.0671 0856NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:37:30.0687 0856NetBIOS - ok
    18:37:30.0734 0856NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:37:30.0765 0856NetBT - ok
    18:37:30.0843 0856NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    18:37:30.0890 0856NetDDE - ok
    18:37:30.0906 0856NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    18:37:30.0906 0856NetDDEdsdm - ok
    18:37:30.0968 0856Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:37:30.0984 0856Netlogon - ok
    18:37:31.0031 0856Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    18:37:31.0031 0856Netman - ok
    18:37:31.0187 0856NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:37:31.0218 0856NetTcpPortSharing - ok
    18:37:31.0468 0856NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
    18:37:31.0531 0856NETw3x32 - ok
    18:37:31.0812 0856NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:37:31.0828 0856NIC1394 - ok
    18:37:31.0906 0856Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    18:37:31.0921 0856Nla - ok
    18:37:31.0937 0856Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:37:31.0953 0856Npfs - ok
    18:37:32.0031 0856Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:37:32.0062 0856Ntfs - ok
    18:37:32.0125 0856NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:37:32.0125 0856NtLmSsp - ok
    18:37:32.0218 0856NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    18:37:32.0312 0856NtmsSvc - ok
    18:37:32.0359 0856Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:37:32.0375 0856Null - ok
    18:37:32.0406 0856NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:37:32.0421 0856NwlnkFlt - ok
    18:37:32.0453 0856NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:37:32.0468 0856NwlnkFwd - ok
    18:37:32.0500 0856ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:37:32.0531 0856ohci1394 - ok
    18:37:32.0656 0856ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:37:32.0687 0856ose - ok
    18:37:32.0734 0856Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    18:37:32.0750 0856Parport - ok
    18:37:32.0812 0856PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:37:32.0828 0856PartMgr - ok
    18:37:32.0859 0856ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:37:32.0875 0856ParVdm - ok
    18:37:32.0906 0856PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:37:32.0921 0856PCI - ok
    18:37:32.0937 0856PCIDump - ok
    18:37:32.0984 0856PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:37:33.0000 0856PCIIde - ok
    18:37:33.0062 0856Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    18:37:33.0078 0856Pcmcia - ok
    18:37:33.0093 0856PDCOMP - ok
    18:37:33.0109 0856PDFRAME - ok
    18:37:33.0125 0856PDRELI - ok
    18:37:33.0140 0856PDRFRAME - ok
    18:37:33.0187 0856perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    18:37:33.0218 0856perc2 - ok
    18:37:33.0250 0856perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    18:37:33.0250 0856perc2hib - ok
    18:37:33.0343 0856PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    18:37:33.0343 0856PlugPlay - ok
    18:37:33.0359 0856PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:37:33.0375 0856PolicyAgent - ok
    18:37:33.0406 0856PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:37:33.0421 0856PptpMiniport - ok
    18:37:33.0437 0856ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:37:33.0453 0856ProtectedStorage - ok
    18:37:33.0468 0856PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:37:33.0484 0856PSched - ok
    18:37:33.0515 0856Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:37:33.0531 0856Ptilink - ok
    18:37:33.0593 0856PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:37:33.0609 0856PxHelp20 - ok
    18:37:33.0656 0856ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    18:37:33.0687 0856ql1080 - ok
    18:37:33.0718 0856Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    18:37:33.0734 0856Ql10wnt - ok
    18:37:33.0765 0856ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    18:37:33.0796 0856ql12160 - ok
    18:37:33.0828 0856ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    18:37:33.0843 0856ql1240 - ok
    18:37:33.0890 0856ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    18:37:33.0906 0856ql1280 - ok
    18:37:33.0953 0856RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:37:33.0968 0856RasAcd - ok
    18:37:34.0031 0856RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    18:37:34.0046 0856RasAuto - ok
    18:37:34.0078 0856Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:37:34.0093 0856Rasl2tp - ok
    18:37:34.0171 0856RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    18:37:34.0218 0856RasMan - ok
    18:37:34.0250 0856RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:37:34.0265 0856RasPppoe - ok
    18:37:34.0281 0856Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:37:34.0296 0856Raspti - ok
    18:37:34.0343 0856Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:37:34.0359 0856Rdbss - ok
    18:37:34.0375 0856RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:37:34.0390 0856RDPCDD - ok
    18:37:34.0453 0856rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:37:34.0468 0856rdpdr - ok
    18:37:34.0531 0856RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:37:34.0562 0856RDPWD - ok
    18:37:34.0625 0856RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    18:37:34.0671 0856RDSessMgr - ok
    18:37:34.0703 0856redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:37:34.0718 0856redbook - ok
    18:37:34.0750 0856RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    18:37:34.0765 0856RemoteAccess - ok
    18:37:34.0812 0856RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    18:37:34.0828 0856RemoteRegistry - ok
    18:37:34.0921 0856rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    18:37:34.0921 0856rimmptsk - ok
    18:37:34.0968 0856rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    18:37:34.0984 0856rimsptsk - ok
    18:37:35.0031 0856rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    18:37:35.0046 0856rismxdp - ok
    18:37:35.0109 0856RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    18:37:35.0140 0856RpcLocator - ok
    18:37:35.0234 0856RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    18:37:35.0250 0856RpcSs - ok
    18:37:35.0312 0856RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    18:37:35.0375 0856RSVP - ok
    18:37:35.0437 0856rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    18:37:35.0453 0856rtl8139 - ok
    18:37:35.0500 0856s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
    18:37:35.0515 0856s0016bus - ok
    18:37:35.0578 0856s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
    18:37:35.0609 0856s0016mdfl - ok
    18:37:35.0671 0856s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
    18:37:35.0687 0856s0016mdm - ok
    18:37:35.0765 0856s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
    18:37:35.0781 0856s0016mgmt - ok
    18:37:35.0812 0856s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
    18:37:35.0828 0856s0016nd5 - ok
    18:37:35.0875 0856s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
    18:37:35.0906 0856s0016obex - ok
    18:37:35.0953 0856s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
    18:37:35.0984 0856s0016unic - ok
    18:37:36.0031 0856s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
    18:37:36.0062 0856s116obex - ok
    18:37:36.0125 0856SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:37:36.0125 0856SamSs - ok
    18:37:36.0265 0856SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    18:37:36.0281 0856SASDIFSV - ok
    18:37:36.0296 0856SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    18:37:36.0312 0856SASKUTIL - ok
    18:37:36.0468 0856SavRoam (e20aed7668511d2848d64f2f3fa7c8e0) C:\Program Files\Symantec AntiVirus\SavRoam.exe
    18:37:36.0500 0856SavRoam - ok
    18:37:36.0609 0856SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
    18:37:36.0625 0856SAVRT - ok
    18:37:36.0687 0856SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
    18:37:36.0703 0856SAVRTPEL - ok
    18:37:36.0781 0856SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    18:37:36.0812 0856SCardSvr - ok
    18:37:36.0906 0856Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    18:37:36.0937 0856Schedule - ok
    18:37:36.0968 0856sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    18:37:36.0984 0856sdbus - ok
    18:37:37.0031 0856SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
    18:37:37.0062 0856SE27bus - ok
    18:37:37.0109 0856SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
    18:37:37.0125 0856SE27mdfl - ok
    18:37:37.0187 0856SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
    18:37:37.0203 0856SE27mdm - ok
    18:37:37.0296 0856Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:37:37.0312 0856Secdrv - ok
    18:37:37.0359 0856seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    18:37:37.0375 0856seclogon - ok
    18:37:37.0406 0856SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    18:37:37.0421 0856SENS - ok
    18:37:37.0453 0856Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    18:37:37.0468 0856Serenum - ok
    18:37:37.0500 0856Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    18:37:37.0515 0856Serial - ok
    18:37:37.0593 0856sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    18:37:37.0609 0856sffdisk - ok
    18:37:37.0656 0856sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    18:37:37.0671 0856sffp_sd - ok
    18:37:37.0718 0856Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:37:37.0734 0856Sfloppy - ok
    18:37:37.0843 0856SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    18:37:37.0906 0856SharedAccess - ok
    18:37:37.0984 0856ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    18:37:37.0984 0856ShellHWDetection - ok
    18:37:38.0000 0856Simbad - ok
    18:37:38.0046 0856sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    18:37:38.0062 0856sisagp - ok
    18:37:38.0125 0856SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    18:37:38.0140 0856SLIP - ok
    18:37:38.0312 0856SNDSrvc (074001698482de1f6ddc7be92da67721) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    18:37:38.0375 0856SNDSrvc - ok
    18:37:38.0421 0856Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    18:37:38.0437 0856Sparrow - ok
    18:37:38.0546 0856SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    18:37:38.0625 0856SPBBCDrv - ok
    18:37:38.0781 0856SPBBCSvc (ea07435c72a8534c3a8e02d87246e546) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    18:37:38.0921 0856SPBBCSvc - ok
    18:37:39.0187 0856splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:37:39.0187 0856splitter - ok
    18:37:39.0265 0856Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    18:37:39.0281 0856Spooler - ok
    18:37:39.0343 0856sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:37:39.0375 0856sr - ok
    18:37:39.0453 0856srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    18:37:39.0484 0856srservice - ok
    18:37:39.0578 0856Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:37:39.0609 0856Srv - ok
    18:37:39.0656 0856SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    18:37:39.0671 0856SSDPSRV - ok
    18:37:39.0781 0856stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    18:37:39.0828 0856stisvc - ok
    18:37:39.0875 0856streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    18:37:39.0890 0856streamip - ok
    18:37:39.0921 0856swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:37:39.0937 0856swenum - ok
    18:37:40.0000 0856swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:37:40.0015 0856swmidi - ok
    18:37:40.0031 0856SwPrv - ok
    18:37:40.0343 0856Symantec AntiVirus (07c8477743aa4a7db19ccd23598817b1) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    18:37:40.0531 0856Symantec AntiVirus - ok
    18:37:40.0812 0856symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    18:37:40.0828 0856symc810 - ok
    18:37:40.0875 0856symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    18:37:40.0890 0856symc8xx - ok
    18:37:41.0031 0856SymEvent (3feeb051c94f5005f56423619315273b) C:\Program Files\Symantec\SYMEVENT.SYS
    18:37:41.0046 0856SymEvent - ok
    18:37:41.0109 0856SYMREDRV (8d668fe83a439e2166b7defff995cddc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    18:37:41.0125 0856SYMREDRV - ok
    18:37:41.0171 0856SYMTDI (b825e10cd61046672fef234820842c42) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    18:37:41.0203 0856SYMTDI - ok
    18:37:41.0234 0856sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    18:37:41.0250 0856sym_hi - ok
    18:37:41.0281 0856sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    18:37:41.0281 0856sym_u3 - ok
    18:37:41.0375 0856SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    18:37:41.0390 0856SynTP - ok
    18:37:41.0468 0856sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:37:41.0484 0856sysaudio - ok
    18:37:41.0562 0856SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    18:37:41.0593 0856SysmonLog - ok
    18:37:41.0687 0856TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    18:37:41.0718 0856TapiSrv - ok
    18:37:41.0796 0856Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:37:41.0828 0856Tcpip - ok
    18:37:41.0859 0856TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:37:41.0875 0856TDPIPE - ok
    18:37:41.0921 0856TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:37:41.0937 0856TDTCP - ok
    18:37:41.0953 0856TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:37:41.0968 0856TermDD - ok
    18:37:42.0031 0856TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    18:37:42.0093 0856TermService - ok
    18:37:42.0156 0856tffsport (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys
    18:37:42.0171 0856tffsport - ok
    18:37:42.0218 0856Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    18:37:42.0234 0856Themes - ok
    18:37:42.0281 0856TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    18:37:42.0312 0856TlntSvr - ok
    18:37:42.0359 0856TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    18:37:42.0375 0856TosIde - ok
    18:37:42.0421 0856TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    18:37:42.0437 0856TrkWks - ok
    18:37:42.0484 0856Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:37:42.0500 0856Udfs - ok
    18:37:42.0515 0856UIUSys - ok
    18:37:42.0562 0856ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    18:37:42.0578 0856ultra - ok
    18:37:42.0656 0856Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:37:42.0687 0856Update - ok
    18:37:42.0734 0856upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    18:37:42.0765 0856upnphost - ok
    18:37:42.0796 0856UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    18:37:42.0828 0856UPS - ok
    18:37:42.0875 0856USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
    18:37:42.0890 0856USBAAPL - ok
    18:37:42.0968 0856usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    18:37:42.0984 0856usbaudio - ok
    18:37:43.0046 0856usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:37:43.0062 0856usbccgp - ok
    18:37:43.0109 0856usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:37:43.0125 0856usbehci - ok
    18:37:43.0203 0856usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:37:43.0218 0856usbhub - ok
    18:37:43.0281 0856usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:37:43.0296 0856usbprint - ok
    18:37:43.0359 0856usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:37:43.0375 0856usbscan - ok
    18:37:43.0421 0856usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
    18:37:43.0437 0856usbser - ok
    18:37:43.0484 0856USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:37:43.0484 0856USBSTOR - ok
    18:37:43.0500 0856usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:37:43.0515 0856usbuhci - ok
    18:37:43.0546 0856VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:37:43.0562 0856VgaSave - ok
    18:37:43.0593 0856viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    18:37:43.0625 0856viaagp - ok
    18:37:43.0656 0856ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    18:37:43.0656 0856ViaIde - ok
    18:37:43.0734 0856VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:37:43.0750 0856VolSnap - ok
    18:37:43.0843 0856VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    18:37:43.0906 0856VSS - ok
    18:37:43.0953 0856W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    18:37:43.0984 0856W32Time - ok
    18:37:44.0203 0856w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    18:37:44.0312 0856w39n51 - ok
    18:37:44.0640 0856Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:37:44.0656 0856Wanarp - ok
    18:37:44.0734 0856wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    18:37:44.0750 0856wceusbsh - ok
    18:37:44.0859 0856Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    18:37:44.0921 0856Wdf01000 - ok
    18:37:44.0937 0856WDICA - ok
    18:37:44.0984 0856wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:37:45.0000 0856wdmaud - ok
    18:37:45.0046 0856WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    18:37:45.0078 0856WebClient - ok
    18:37:45.0218 0856winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    18:37:45.0250 0856winachsf - ok
    18:37:45.0390 0856winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    18:37:45.0421 0856winmgmt - ok
    18:37:45.0531 0856WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    18:37:45.0546 0856WmdmPmSN - ok
    18:37:45.0671 0856Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    18:37:45.0718 0856Wmi - ok
    18:37:45.0812 0856WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    18:37:45.0828 0856WmiAcpi - ok
    18:37:45.0890 0856WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    18:37:45.0906 0856WmiApSrv - ok
    18:37:46.0125 0856WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    18:37:46.0281 0856WMPNetworkSvc - ok
    18:37:46.0312 0856WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    18:37:46.0328 0856WpdUsb - ok
    18:37:46.0562 0856WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    18:37:46.0687 0856WPFFontCache_v0400 - ok
    18:37:46.0765 0856wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    18:37:46.0781 0856wscsvc - ok
    18:37:46.0828 0856WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    18:37:46.0843 0856WSTCODEC - ok
    18:37:46.0890 0856wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    18:37:46.0906 0856wuauserv - ok
    18:37:47.0000 0856WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    18:37:47.0031 0856WZCSVC - ok
    18:37:47.0078 0856xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    18:37:47.0093 0856xmlprov - ok
    18:37:47.0171 0856MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
    18:37:47.0218 0856\Device\Harddisk0\DR0 - ok
    18:37:47.0234 0856MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR14
    18:37:47.0250 0856\Device\Harddisk1\DR14 - ok
    18:37:47.0265 0856Boot (0x1200) (320f34f5c2b0affc7a3826645bbeb530) \Device\Harddisk0\DR0\Partition0
    18:37:47.0265 0856\Device\Harddisk0\DR0\Partition0 - ok
    18:37:47.0265 0856Boot (0x1200) (8092664a72caf09ab14f22881be64791) \Device\Harddisk0\DR0\Partition1
    18:37:47.0281 0856\Device\Harddisk0\DR0\Partition1 - ok
    18:37:47.0281 0856Boot (0x1200) (2643fa23ff8b06de6dc390bbacd46b19) \Device\Harddisk1\DR14\Partition0
    18:37:47.0296 0856\Device\Harddisk1\DR14\Partition0 - ok
    18:37:47.0296 0856============================================================
    18:37:47.0296 0856Scan finished
    18:37:47.0296 0856============================================================
    18:37:47.0312 1608Detected object count: 0
    18:37:47.0312 1608Actual detected object count: 0
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  16. John16v

    John16v TS Rookie Topic Starter Posts: 52

    Rogue Killer found two thing (a log has been created) do I go ahead and close it to run ASWmbr

    When I try to close RK "None emement have been deleted" do you really want to quit?

    I guess to run ASWmbr, I will need to turn my internet connection back on to run, right?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I need RK log.

    As for aswMBR yes reconnect.
     
  18. John16v

    John16v TS Rookie Topic Starter Posts: 52

    RK Log:
    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: Wai Yau [Admin rights]
    Mode: Scan -- Date: 07/26/2012 18:53:50

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 2 ¤¤¤
    [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤
    SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x89D0B488)

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MHV2080BH PL +++++
    --- User ---
    [MBR] 86a6482f4bcc5b6d3898c30c760e1a4c
    [BSP] 3ca06dfd8ecf47907b7dafdc5a0494d5 : Toshiba tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 63310 Mo
    1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 129676680 | Size: 11970 Mo
    2 - [XXXXXX] UNKNOWN (0xd7) [VISIBLE] Offset (sectors): 154191870 | Size: 1027 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  19. John16v

    John16v TS Rookie Topic Starter Posts: 52

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-26 19:26:03
    -----------------------------
    19:26:03.812 OS Version: Windows 5.1.2600 Service Pack 3
    19:26:03.812 Number of processors: 1 586 0xE08
    19:26:03.812 ComputerName: PC785018295244 UserName: Wai Yau
    19:26:04.421 Initialize success
    19:35:23.328 AVAST engine defs: 12072602
    19:36:06.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    19:36:06.500 Disk 0 Vendor: Size: 0MB BusType: 0
    19:36:06.625 Disk 0 MBR read successfully
    19:36:06.640 Disk 0 MBR scan
    19:36:06.687 Disk 0 unknown MBR code
    19:36:06.687 Disk 0 MBR hidden
    19:36:06.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 63310 MB offset 63
    19:36:06.796 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 11970 MB offset 129676680
    19:36:06.843 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 154191870
    19:36:07.015 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:37:15.218 Service scanning
    19:38:01.968 Modules scanning
    19:38:58.453 Disk 0 trace - called modules:
    19:38:59.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
    19:38:59.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a77eab8]
    19:38:59.062 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8a7d7900]
    19:38:59.078 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a783030]
    19:38:59.890 AVAST engine scan C:\WINDOWS
    19:39:41.687 AVAST engine scan C:\WINDOWS\system32
    19:52:37.328 AVAST engine scan C:\WINDOWS\system32\drivers
    19:54:05.312 AVAST engine scan C:\Documents and Settings\Wai Yau
    20:21:50.078 AVAST engine scan C:\Documents and Settings\All Users
    20:24:26.671 Scan finished successfully
    20:30:30.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Wai Yau\Desktop\MBR.dat"
    20:30:30.390 The log file has been saved successfully to "C:\Documents and Settings\Wai Yau\Desktop\aswMBR.txt"
     
  20. John16v

    John16v TS Rookie Topic Starter Posts: 52

    What to do with RogueKiller? Can I close it and ignore the error message?

    "None element have been deleted, do you want to quit? Yes or No"
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yes you quit RK.
     
  23. John16v

    John16v TS Rookie Topic Starter Posts: 52

    ComboFix 12-07-27.02 - Wai Yau 07/26/2012 20:44:50.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.966 [GMT -5:00]
    Running from: c:\documents and settings\Wai Yau\Desktop\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Wai Yau\Desktop\Security Center.lnk
    c:\windows\system32\ff4h.gy
    D:\Autorun.inf
    .
    Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
    Restored copy from - c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-26 13:24 . 2012-07-26 13:24--------d-----w-c:\documents and settings\Administrator\Application Data\Malwarebytes
    2012-07-26 07:49 . 2012-07-26 07:49--------d-----w-c:\windows\system32\wbem\Repository
    2012-07-26 07:48 . 2012-07-26 07:58--------d-----w-c:\program files\SUPERAntiSpyware
    2012-07-26 07:44 . 2012-07-26 07:44--------d-----w-c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2012-07-26 03:50 . 2012-07-26 03:50--------d-----w-c:\documents and settings\All Users\Application Data\SUPERSetup
    2012-07-11 01:45 . 2012-07-11 01:45--------d-----w-c:\documents and settings\Wai Yau\Application Data\SUPERAntiSpyware.com
    2012-07-11 01:44 . 2012-07-11 01:44--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-07-11 01:33 . 2012-07-11 01:33--------d-----w-c:\documents and settings\Wai Yau\Application Data\Malwarebytes
    2012-07-11 01:33 . 2012-07-11 01:33--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-07-11 01:33 . 2012-07-26 14:12--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-07-11 01:33 . 2012-07-03 18:4622344----a-w-c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-26 12:01 . 2006-03-16 04:00578560----a-w-c:\windows\system32\user32.DLL
    2012-06-22 02:45 . 2012-06-22 02:45426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-06-22 02:45 . 2011-07-18 17:5870344-c--a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-13 13:19 . 2006-03-16 04:001866112----a-w-c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-06-20 07:211372672------w-c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2006-03-16 04:001172480----a-w-c:\windows\system32\msxml3.dll
    2012-06-04 22:35 . 2005-05-26 11:19222448----a-w-c:\windows\system32\muweb.dll
    2012-06-04 04:32 . 2006-03-16 04:00152576----a-w-c:\windows\system32\schannel.dll
    2012-06-02 20:19 . 2007-05-24 01:4222040----a-w-c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2007-05-24 01:4215384----a-w-c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2006-03-16 04:00329240----a-w-c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2006-03-16 04:00219160----a-w-c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2006-03-16 04:00210968----a-w-c:\windows\system32\wuweb.dll
    2012-06-02 20:19 . 2007-05-24 01:4215384----a-w-c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2006-03-16 04:0097304----a-w-c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2006-03-16 04:0053784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2006-03-16 04:0035864----a-w-c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2005-05-26 11:1645080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 20:19 . 2007-05-24 01:4217944----a-w-c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2006-03-16 04:00577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2006-03-16 04:001933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2007-05-25 03:4417136----a-w-c:\windows\system32\mucltui.dll.mui
    2012-06-02 20:18 . 2006-12-02 05:13275696----a-w-c:\windows\system32\mucltui.dll
    2012-05-31 13:22 . 2006-03-16 04:00599040----a-w-c:\windows\system32\crypt32.dll
    2012-05-15 15:39 . 2006-03-16 04:00832512----a-w-c:\windows\system32\wininet.dll
    2012-05-04 13:16 . 2006-03-16 04:002148352----a-w-c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2006-03-16 04:002026496----a-w-c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2006-03-16 04:00139656----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-06-16 04:06 . 2012-06-06 23:0285472----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
    "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
    .
    c:\documents and settings\Guest\Start Menu\Programs\Startup\
    Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-10 113664]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54551296----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:4236272-c--a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
    2011-10-03 15:141409384-c--a-w-c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 21:33421160----a-w-c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 23:38421888----a-w-c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2012-07-26 07:584777856----a-w-c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-01-20 00:45198160----a-w-c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=2 (0x2)
    "iPod Service"=3 (0x3)
    "TomTomHOMEService"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "Lavasoft Ad-Aware Service"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate1c9a39916b61c5f"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Wai Yau\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    .
    R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [9/25/2007 6:35 PM 149376]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
    R3 EraserUtilDrv11210;EraserUtilDrv11210;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [7/17/2012 8:39 PM 106656]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1c9a39916b61c5f;Google Update Service (gupdate1c9a39916b61c5f);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2009 12:03 AM 133104]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 3:39 PM 61952]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/24/2009 11:31 PM 13224]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2009 12:03 AM 133104]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/6/2012 6:03 PM 113120]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [4/20/2009 7:09 PM 89256]
    S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [4/20/2009 7:09 PM 15016]
    S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [4/20/2009 7:09 PM 120744]
    S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [4/20/2009 7:09 PM 114216]
    S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [4/20/2009 7:09 PM 25512]
    S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [4/20/2009 7:09 PM 110632]
    S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [4/20/2009 7:09 PM 115752]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 9:27 PM 124608]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
    .
    2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:03]
    .
    2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:03]
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278996565-3618360-3996099003-1005Core.job
    - c:\documents and settings\Wai Yau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-28 01:28]
    .
    2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278996565-3618360-3996099003-1005UA.job
    - c:\documents and settings\Wai Yau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-28 01:28]
    .
    2012-07-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 99546b7c-7b13-4366-9b83-7f7d4f45e89e.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2012-07-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d682e5bf-f789-4044-b272-b1a639ccd3a7.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.cnn.com/
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
    IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: battlefieldheroes.com\www
    Trusted Zone: microsoft.com\update
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    FF - ProfilePath - c:\documents and settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
    .
    .
    ------- File Associations -------
    .
    .scr=MicroStation Resource
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Getdo - c:\documents and settings\Wai Yau\Application Data\Adobe\Update\flacor.dat
    MSConfigStartUp-Locarm - c:\documents and settings\Wai Yau\Application Data\Adobe\Update\hlpgdi.dat
    MSConfigStartUp-Privacy Protection - c:\documents and settings\All Users\Application Data\privacy.exe
    MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-26 20:54
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????g??????`?@?????L?@
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(916)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(3272)
    c:\windows\system32\WININET.dll
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\progra~1\WINDOW~1\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\Logi_MwX.Exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-26 21:00:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-27 02:00
    .
    Pre-Run: 7,921,393,664 bytes free
    Post-Run: 8,408,317,952 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /noguiboot
    .
    - - End Of File - - FD5A7EF6D3C96EEE06BC1B113A0DD369
     
  24. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good.

    How is computer doing?

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  25. John16v

    John16v TS Rookie Topic Starter Posts: 52

    OTL logfile created on: 7/26/2012 9:58:23 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Wai Yau\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.87% Memory free
    6.72 Gb Paging File | 6.43 Gb Available in Paging File | 95.67% Paging File free
    Paging file location(s): C:\pagefile.sys 5000 5000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 61.83 Gb Total Space | 7.87 Gb Free Space | 12.73% Space Free | Partition Type: NTFS
    Drive D: | 11.67 Gb Total Space | 1.39 Gb Free Space | 11.88% Space Free | Partition Type: FAT32
    Drive F: | 14.90 Gb Total Space | 14.38 Gb Free Space | 96.52% Space Free | Partition Type: FAT32

    Computer Name: PC785018295244 | User Name: Wai Yau | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/26 21:57:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wai Yau\Desktop\OTL.exe
    PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/06/23 21:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
    PRC - [2005/06/23 21:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2005/06/23 21:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2003/12/17 10:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2010/04/12 17:46:46 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/07/19 17:13:42 | 000,172,032 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/06/15 23:06:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2006/06/12 15:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
    SRV - [2005/06/23 21:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2005/06/23 21:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2005/06/23 21:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2005/06/02 11:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2005/06/02 11:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
    SRV - [2005/06/02 11:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2005/04/22 14:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2005/03/30 23:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\WAIYAU~1\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/05/16 03:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120717.004\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/05/16 03:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120717.004\NAVENG.SYS -- (NAVENG)
    DRV - [2012/05/15 23:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/05/15 23:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys -- (EraserUtilDrv11210)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009/04/24 23:31:07 | 000,024,616 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
    DRV - [2009/04/24 23:31:07 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
    DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)
    DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)
    DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
    DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
    DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)
    DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
    DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)
    DRV - [2008/04/14 00:10:52 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tffsport.sys -- (tffsport)
    DRV - [2007/04/03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
    DRV - [2006/08/29 23:12:28 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/08/29 23:11:08 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/08/29 23:10:56 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2006/07/26 23:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
    DRV - [2006/06/06 15:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
    DRV - [2006/05/12 15:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/04/28 10:25:44 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
    DRV - [2006/04/28 10:25:40 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
    DRV - [2006/04/28 10:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus)
    DRV - [2006/04/21 12:06:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
    DRV - [2005/12/22 12:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/11/16 15:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/11/01 13:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/09/19 16:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
    DRV - [2005/09/19 16:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2005/09/19 16:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2005/05/13 21:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2005/04/22 14:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
    DRV - [2005/04/22 14:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
    DRV - [2005/03/30 23:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2005/02/04 22:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2005/02/04 22:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
    DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
    DRV - [2003/12/17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
    DRV - [2003/12/17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - SOFTWARE\Classes\CLSID\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8}\InprocServer32 File not found
    IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
    FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302
    FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0
    FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.4
    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
    FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
    FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
    FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
    FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.3.7
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Wai Yau\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Wai Yau\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 23:06:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 18:03:03 | 000,000,000 | ---D | M]

    [2009/12/05 23:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Extensions
    [2009/12/05 23:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2012/06/15 23:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions
    [2010/06/24 21:39:37 | 000,000,000 | ---D | M] (Clear Private Data... +) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{0dd39226-2650-404d-a43d-ffd906b35a9e}
    [2011/11/29 20:20:29 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2011/10/07 18:38:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2010/06/24 21:39:37 | 000,000,000 | ---D | M] (Stealther) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
    [2010/02/11 23:09:23 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
    [2012/06/07 22:54:25 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/01/06 20:33:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2012/01/26 20:19:13 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    [2012/06/15 23:08:56 | 000,000,000 | ---D | M] (BlackFox V2-Blue) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\zigboom.designs@gmail.com
    [2012/06/07 20:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/07 22:54:23 | 000,030,312 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\WAI YAU\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\I8PQUVSP.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
    [2012/06/15 23:06:15 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2006/12/09 03:58:53 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\mozilla firefox\plugins\npdsplay.dll
    [2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
    [2006/12/09 03:58:18 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll
    [2012/06/06 18:02:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/06/06 18:02:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.cnn.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.cnn.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
    CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Slinky Elegant = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\
    CHR - Extension: Proxy Switchy! = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Blank Black New Tab Page = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fchjkeaocneafiffcdbckcgdaagipaal\2.0_0\
    CHR - Extension: Midnight Theme for Google+ = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\finnjafohcjomamkgpdhhdofeghkkpna\1.3.1_0\
    CHR - Extension: KB SSL Enforcer = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\1.0.20_0\
    CHR - Extension: AVG Threat Labs Site Safety = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncnjjicckpooflgclhneahpkahcpoama\1.0.3.81_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/26 20:52:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll File not found
    O3 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
    O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228" File not found
    O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227" File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..Trusted Domains: battlefieldheroes.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1341968587911 (MUWebControl Class)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B6955BE-4DF5-49D7-842E-63C5B3226BC5}: DhcpNameServer = 192.168.0.1 205.171.3.25
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Air.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Air.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/26 21:57:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wai Yau\Desktop\OTL.exe
    [2012/07/26 20:42:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/07/26 20:41:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/07/26 20:41:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/07/26 20:41:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/07/26 20:41:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/07/26 20:41:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/26 20:40:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/07/26 20:38:32 | 004,719,912 | R--- | C] (Swearware) -- C:\Documents and Settings\Wai Yau\Desktop\ComboFix.exe
    [2012/07/26 18:59:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Wai Yau\Desktop\aswMBR.exe
    [2012/07/26 18:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wai Yau\Desktop\RK_Quarantine
    [2012/07/26 18:37:01 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Wai Yau\Desktop\TDSSKiller.exe
    [2012/07/26 02:48:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wai Yau\Recent
    [2012/07/26 02:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/07/26 02:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/25 22:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware(2)
    [2012/07/25 22:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
    [2012/07/10 20:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wai Yau\Application Data\SUPERAntiSpyware.com
    [2012/07/10 20:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/07/10 20:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wai Yau\Application Data\Malwarebytes
    [2012/07/10 20:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/10 20:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/07/10 20:33:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/07/10 20:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/26 21:57:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wai Yau\Desktop\OTL.exe
    [2012/07/26 21:38:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3278996565-3618360-3996099003-1005UA.job
    [2012/07/26 21:38:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3278996565-3618360-3996099003-1005Core.job
    [2012/07/26 21:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/26 20:55:42 | 000,001,437 | ---- | M] () -- C:\hpqp.ini
    [2012/07/26 20:55:35 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
    [2012/07/26 20:55:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/07/26 20:52:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/07/26 20:52:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/26 20:51:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/07/26 20:51:28 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/26 20:42:54 | 000,000,336 | RHS- | M] () -- C:\boot.ini
    [2012/07/26 20:37:50 | 004,719,912 | R--- | M] (Swearware) -- C:\Documents and Settings\Wai Yau\Desktop\ComboFix.exe
    [2012/07/26 20:30:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Wai Yau\Desktop\MBR.dat
    [2012/07/26 18:59:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Wai Yau\Desktop\aswMBR.exe
    [2012/07/26 18:50:26 | 001,552,384 | ---- | M] () -- C:\Documents and Settings\Wai Yau\Desktop\RogueKiller.exe
    [2012/07/26 15:34:17 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Wai Yau\Desktop\tix9tbjr.exe
    [2012/07/26 09:23:35 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d682e5bf-f789-4044-b272-b1a639ccd3a7.job
    [2012/07/26 09:23:35 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 99546b7c-7b13-4366-9b83-7f7d4f45e89e.job
    [2012/07/26 09:12:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Wai Yau\Desktop\TDSSKiller.exe
    [2012/07/11 20:36:43 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\Wai Yau\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/07/11 20:36:42 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Wai Yau\Desktop\Google Chrome.lnk
    [2012/07/10 20:59:53 | 000,000,220 | ---- | M] () -- C:\Boot.bak
    [2012/07/10 20:44:27 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpy.lnk
    [2012/07/10 20:11:42 | 000,403,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/07/05 19:17:48 | 000,119,332 | ---- | M] () -- C:\Documents and Settings\Wai Yau\My Documents\honey&me.jpg
    [2012/07/05 19:17:20 | 000,086,542 | ---- | M] () -- C:\Documents and Settings\Wai Yau\My Documents\family.jpg
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/26 20:42:54 | 000,000,220 | ---- | C] () -- C:\Boot.bak
    [2012/07/26 20:42:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/07/26 20:41:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/07/26 20:41:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/07/26 20:41:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/07/26 20:41:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/07/26 20:41:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/07/26 20:30:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Wai Yau\Desktop\MBR.dat
    [2012/07/26 18:51:08 | 001,552,384 | ---- | C] () -- C:\Documents and Settings\Wai Yau\Desktop\RogueKiller.exe
    [2012/07/26 15:34:17 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Wai Yau\Desktop\tix9tbjr.exe
    [2012/07/26 09:23:34 | 000,000,514 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d682e5bf-f789-4044-b272-b1a639ccd3a7.job
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...