Solved Unable to update virus/spyware definition

J

John16v

Posts: 52   +0
Hi, Can't believe I'm here again but this time with my own laptop. :(

Anyway, long story short, something is preventing me from update any of my virus and spyware definition. I'm running symantec av, malwarebyte and superAS. None of them would update the definition and the weirdest thing on MB is the "check for update" is ghosted and you are not able to highlight it.

Well I ran symantec, MB and sas all using definition from July 21th. Only MB picked up a Trojan p2p and it was able to remove it (did a full scan afterward) Than I use Eset online and it found win32/pinit virus and it also was removed.

After all that still unable to update my the definition.

Appreciate for any help and assistant.

John
 
Should I try to run Farbar Recovery? I know there is something in my computer that is preventing me from the download...

And did I post this on the wrong forums? If so, please direct me in where to post this?
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Wai Yau :: PC785018295244 [limited]

7/26/2012 1:09:59 PM
mbam-log-2012-07-26 (13-09-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 345320
Time elapsed: 2 hour(s), 15 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Try to run DDS and nothing happens? I went to RUN "CMD" and Wscript and check the Stop Script After Specified....and nothing... Please help
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-26 17:36:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 rev.
Running: tix9tbjr.exe; Driver: C:\DOCUME~1\WAIYAU~1\LOCALS~1\Temp\kgtoykow.sys


---- System - GMER 1.0.15 ----

SSDT 89D0B488 ZwConnectPort
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA84C8640]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0113FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3288] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 013E07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3288] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 013E079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3288] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 013E0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
 
Should I turn on my own laptop wifi and download the DDS straight onto the desktop instead of via. USB drive?
 
No.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
No treat found but the log:

18:37:08.0437 2276TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:37:08.0453 2276============================================================
18:37:08.0453 2276Current date / time: 2012/07/26 18:37:08.0453
18:37:08.0453 2276SystemInfo:
18:37:08.0453 2276
18:37:08.0453 2276OS Version: 5.1.2600 ServicePack: 3.0
18:37:08.0453 2276Product type: Workstation
18:37:08.0453 2276ComputerName: PC785018295244
18:37:08.0453 2276UserName: Wai Yau
18:37:08.0453 2276Windows directory: C:\WINDOWS
18:37:08.0453 2276System windows directory: C:\WINDOWS
18:37:08.0453 2276Processor architecture: Intel x86
18:37:08.0453 2276Number of processors: 1
18:37:08.0453 2276Page size: 0x1000
18:37:08.0453 2276Boot type: Normal boot
18:37:08.0453 2276============================================================
18:37:09.0093 2276Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:37:09.0109 2276Drive \Device\Harddisk1\DR14 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:37:09.0109 2276============================================================
18:37:09.0109 2276\Device\Harddisk0\DR0:
18:37:09.0109 2276MBR partitions:
18:37:09.0109 2276\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7BA7688
18:37:09.0109 2276\Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x7BAB588, BlocksNum 0x1761276
18:37:09.0109 2276\Device\Harddisk1\DR14:
18:37:09.0109 2276MBR partitions:
18:37:09.0109 2276\Device\Harddisk1\DR14\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
18:37:09.0109 2276============================================================
18:37:09.0125 2276C: <-> \Device\Harddisk0\DR0\Partition0
18:37:09.0140 2276D: <-> \Device\Harddisk0\DR0\Partition1
18:37:09.0140 2276============================================================
18:37:09.0140 2276Initialize success
18:37:09.0140 2276============================================================
18:37:13.0812 0856============================================================
18:37:13.0812 0856Scan started
18:37:13.0812 0856Mode: Manual;
18:37:13.0812 0856============================================================
18:37:14.0453 0856!SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:37:14.0484 0856!SASCORE - ok
18:37:14.0718 08565U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
18:37:14.0718 08565U870CAP_VID_1262&PID_25FD - ok
18:37:14.0734 0856Abiosdsk - ok
18:37:14.0796 0856abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:37:14.0796 0856abp480n5 - ok
18:37:14.0890 0856ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:37:14.0906 0856ACPI - ok
18:37:14.0937 0856ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:37:14.0953 0856ACPIEC - ok
18:37:15.0078 0856AddFiltr (746742588c07db53731143229e2ee450) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
18:37:15.0125 0856AddFiltr - ok
18:37:15.0156 0856adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:37:15.0171 0856adpu160m - ok
18:37:15.0218 0856aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:37:15.0234 0856aec - ok
18:37:15.0296 0856AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:37:15.0328 0856AFD - ok
18:37:15.0359 0856agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:37:15.0375 0856agp440 - ok
18:37:15.0390 0856agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:37:15.0406 0856agpCPQ - ok
18:37:15.0437 0856Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:37:15.0453 0856Aha154x - ok
18:37:15.0484 0856aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:37:15.0500 0856aic78u2 - ok
18:37:15.0531 0856aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:37:15.0546 0856aic78xx - ok
18:37:15.0625 0856Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:37:15.0625 0856Alerter - ok
18:37:15.0687 0856ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:37:15.0703 0856ALG - ok
18:37:15.0765 0856AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:37:15.0796 0856AliIde - ok
18:37:15.0812 0856alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:37:15.0828 0856alim1541 - ok
18:37:15.0875 0856amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:37:15.0890 0856amdagp - ok
18:37:15.0921 0856amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:37:15.0937 0856amsint - ok
18:37:16.0062 0856Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:37:16.0125 0856Apple Mobile Device - ok
18:37:16.0203 0856AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:37:16.0218 0856AppMgmt - ok
18:37:16.0296 0856Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:37:16.0312 0856Arp1394 - ok
18:37:16.0343 0856asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:37:16.0359 0856asc - ok
18:37:16.0390 0856asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:37:16.0406 0856asc3350p - ok
18:37:16.0437 0856asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:37:16.0453 0856asc3550 - ok
18:37:16.0625 0856aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:37:16.0718 0856aspnet_state - ok
18:37:16.0750 0856AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:37:16.0765 0856AsyncMac - ok
18:37:16.0796 0856atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:37:16.0843 0856atapi - ok
18:37:16.0859 0856Atdisk - ok
18:37:16.0875 0856Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:37:16.0890 0856Atmarpc - ok
18:37:16.0953 0856AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:37:16.0968 0856AudioSrv - ok
18:37:17.0015 0856audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:37:17.0031 0856audstub - ok
18:37:17.0046 0856Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:37:17.0062 0856Beep - ok
18:37:17.0140 0856BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:37:17.0187 0856BITS - ok
18:37:17.0265 0856Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
18:37:17.0359 0856Bonjour Service - ok
18:37:17.0375 0856Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:37:17.0390 0856Browser - ok
18:37:17.0468 0856BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
18:37:17.0484 0856BTWUSB - ok
18:37:17.0515 0856cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:37:17.0531 0856cbidf - ok
18:37:17.0546 0856cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:37:17.0546 0856cbidf2k - ok
18:37:17.0609 0856CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:37:17.0625 0856CCDECODE - ok
18:37:17.0750 0856ccEvtMgr (c8d7452eb1dfc5e1ff044be28c4b07e1) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
18:37:17.0796 0856ccEvtMgr - ok
18:37:17.0828 0856ccPwdSvc (ef8116f41b92ab7a577cfda867cfa542) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
18:37:17.0875 0856ccPwdSvc - ok
18:37:17.0937 0856ccSetMgr (13248340757445ef3e158d99d6181fcc) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
18:37:17.0968 0856ccSetMgr - ok
18:37:18.0000 0856cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:37:18.0015 0856cd20xrnt - ok
18:37:18.0046 0856Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:37:18.0062 0856Cdaudio - ok
18:37:18.0109 0856Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:37:18.0109 0856Cdfs - ok
18:37:18.0140 0856Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:37:18.0140 0856Cdrom - ok
18:37:18.0156 0856Changer - ok
18:37:18.0218 0856CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:37:18.0218 0856CiSvc - ok
18:37:18.0250 0856ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:37:18.0250 0856ClipSrv - ok
18:37:18.0406 0856clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:37:18.0437 0856clr_optimization_v2.0.50727_32 - ok
18:37:18.0500 0856clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:37:18.0531 0856clr_optimization_v4.0.30319_32 - ok
18:37:18.0578 0856CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:37:18.0593 0856CmBatt - ok
18:37:18.0640 0856CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:37:18.0656 0856CmdIde - ok
18:37:18.0671 0856Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:37:18.0687 0856Compbatt - ok
18:37:18.0687 0856COMSysApp - ok
18:37:18.0718 0856Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:37:18.0734 0856Cpqarray - ok
18:37:18.0796 0856CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:37:18.0812 0856CryptSvc - ok
18:37:18.0859 0856dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:37:18.0875 0856dac2w2k - ok
18:37:18.0890 0856dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:37:18.0906 0856dac960nt - ok
18:37:18.0984 0856DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:37:19.0000 0856DcomLaunch - ok
18:37:19.0140 0856DefWatch (cc564a31a2e9f7ddb6de55848c3c0a0b) C:\Program Files\Symantec AntiVirus\DefWatch.exe
18:37:19.0156 0856DefWatch - ok
18:37:19.0187 0856Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:37:19.0187 0856Dhcp - ok
18:37:19.0250 0856Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:37:19.0265 0856Disk - ok
18:37:19.0281 0856dmadmin - ok
18:37:19.0359 0856dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:37:19.0421 0856dmboot - ok
18:37:19.0468 0856dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:37:19.0484 0856dmio - ok
18:37:19.0531 0856dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:37:19.0546 0856dmload - ok
18:37:19.0593 0856dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:37:19.0625 0856dmserver - ok
18:37:19.0656 0856DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:37:19.0671 0856DMusic - ok
18:37:19.0734 0856Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:37:19.0750 0856Dnscache - ok
18:37:19.0828 0856Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:37:19.0843 0856Dot3svc - ok
18:37:19.0875 0856dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:37:19.0890 0856dpti2o - ok
18:37:19.0921 0856drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:37:19.0937 0856drmkaud - ok
18:37:20.0015 0856E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:37:20.0031 0856E100B - ok
18:37:20.0093 0856eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
18:37:20.0109 0856eabfiltr - ok
18:37:20.0140 0856eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
18:37:20.0140 0856eabusb - ok
18:37:20.0171 0856EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:37:20.0187 0856EapHost - ok
18:37:20.0390 0856eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:37:20.0421 0856eeCtrl - ok
18:37:20.0546 0856ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
18:37:20.0578 0856ehRecvr - ok
18:37:20.0656 0856ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
18:37:20.0687 0856ehSched - ok
18:37:20.0750 0856EraserUtilDrv11210 (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
18:37:20.0750 0856EraserUtilDrv11210 - ok
18:37:20.0812 0856ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:37:20.0828 0856ERSvc - ok
18:37:20.0890 0856Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:37:20.0921 0856Eventlog - ok
18:37:21.0015 0856EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:37:21.0062 0856EventSystem - ok
18:37:21.0171 0856Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:37:21.0203 0856Fastfat - ok
18:37:21.0281 0856FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:37:21.0296 0856FastUserSwitchingCompatibility - ok
18:37:21.0328 0856Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:37:21.0359 0856Fdc - ok
18:37:21.0375 0856Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:37:21.0390 0856Fips - ok
18:37:21.0406 0856Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:37:21.0421 0856Flpydisk - ok
18:37:21.0453 0856FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:37:21.0484 0856FltMgr - ok
18:37:21.0640 0856FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:37:21.0640 0856FontCache3.0.0.0 - ok
18:37:21.0703 0856Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:37:21.0703 0856Fs_Rec - ok
18:37:21.0765 0856Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:37:21.0765 0856Ftdisk - ok
18:37:21.0812 0856GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:37:21.0812 0856GEARAspiWDM - ok
18:37:21.0859 0856ggflt (e43455d5445848a309e62c9a5763b68e) C:\WINDOWS\system32\DRIVERS\ggflt.sys
18:37:21.0875 0856ggflt - ok
18:37:21.0921 0856ggsemc (04b0167f64b21ba39b5ca1ecddf383bc) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
18:37:21.0921 0856ggsemc - ok
18:37:21.0968 0856Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:37:21.0984 0856Gpc - ok
18:37:22.0156 0856gupdate1c9a39916b61c5f (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:37:22.0156 0856gupdate1c9a39916b61c5f - ok
18:37:22.0171 0856gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:37:22.0171 0856gupdatem - ok
18:37:22.0250 0856gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:37:22.0281 0856gusvc - ok
18:37:22.0343 0856HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
18:37:22.0359 0856HBtnKey - ok
18:37:22.0468 0856HdAudAddService (4905d28aa09f63e6a2f4e93ed6dd7d19) C:\WINDOWS\system32\drivers\CHDAud.sys
18:37:22.0484 0856HdAudAddService - ok
18:37:22.0515 0856HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:37:22.0531 0856HDAudBus - ok
18:37:22.0687 0856helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:37:22.0687 0856helpsvc - ok
18:37:22.0750 0856HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:37:22.0781 0856HidServ - ok
18:37:22.0843 0856HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:37:22.0859 0856HidUsb - ok
18:37:22.0921 0856hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:37:22.0953 0856hkmsvc - ok
18:37:23.0000 0856hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:37:23.0015 0856hpn - ok
18:37:23.0125 0856hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18:37:23.0250 0856hpqwmiex - ok
18:37:23.0328 0856HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:37:23.0343 0856HSFHWAZL - ok
18:37:23.0500 0856HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:37:23.0531 0856HSF_DPV - ok
18:37:23.0640 0856HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:37:23.0656 0856HTTP - ok
18:37:23.0671 0856HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:37:23.0687 0856HTTPFilter - ok
18:37:23.0734 0856i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:37:23.0750 0856i2omgmt - ok
18:37:23.0812 0856i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:37:23.0828 0856i2omp - ok
18:37:23.0921 0856i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:37:23.0937 0856i8042prt - ok
18:37:24.0125 0856ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:37:24.0156 0856ialm - ok
18:37:24.0281 0856iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:37:24.0296 0856iaStor - ok
18:37:24.0468 0856IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:37:24.0500 0856IDriverT - ok
18:37:24.0781 0856idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:37:24.0890 0856idsvc - ok
18:37:25.0093 0856Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:37:25.0125 0856Imapi - ok
18:37:25.0203 0856ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:37:25.0234 0856ImapiService - ok
18:37:25.0312 0856ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:37:25.0312 0856ini910u - ok
18:37:25.0359 0856IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:37:25.0375 0856IntelIde - ok
18:37:25.0406 0856intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:37:25.0421 0856intelppm - ok
18:37:25.0453 0856Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:37:25.0468 0856Ip6Fw - ok
18:37:25.0515 0856IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:37:25.0531 0856IpFilterDriver - ok
18:37:25.0578 0856IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:37:25.0593 0856IpInIp - ok
18:37:25.0656 0856IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:37:25.0687 0856IpNat - ok
18:37:25.0890 0856iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe
18:37:26.0015 0856iPod Service - ok
18:37:26.0046 0856IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:37:26.0062 0856IPSec - ok
18:37:26.0109 0856IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:37:26.0125 0856IRENUM - ok
18:37:26.0156 0856isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:37:26.0171 0856isapnp - ok
18:37:26.0281 0856JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
18:37:26.0312 0856JavaQuickStarterService - ok
18:37:26.0359 0856Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:37:26.0375 0856Kbdclass - ok
18:37:26.0406 0856kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:37:26.0421 0856kbdhid - ok
18:37:26.0500 0856kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:37:26.0515 0856kmixer - ok
18:37:26.0593 0856KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:37:26.0609 0856KSecDD - ok
18:37:26.0687 0856lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:37:26.0703 0856lanmanserver - ok
18:37:26.0781 0856lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:37:26.0812 0856lanmanworkstation - ok
18:37:26.0828 0856Lbd - ok
18:37:26.0843 0856lbrtfdc - ok
18:37:26.0921 0856LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
18:37:26.0937 0856LHidFlt2 - ok
18:37:27.0000 0856LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
18:37:27.0031 0856LHidUsb - ok
18:37:27.0125 0856LightScribeService (86e8bcaa91fc2acfacd99cf2bf9f1f47) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:37:27.0156 0856LightScribeService - ok
18:37:27.0218 0856LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:37:27.0234 0856LmHosts - ok
18:37:27.0281 0856LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
18:37:27.0296 0856LMouFlt2 - ok
18:37:27.0406 0856McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
18:37:27.0437 0856McrdSvc - ok
18:37:27.0562 0856MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:37:27.0609 0856MDM - ok
18:37:27.0671 0856mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:37:27.0687 0856mdmxsdk - ok
18:37:27.0750 0856Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:37:27.0765 0856Messenger - ok
18:37:27.0843 0856MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
18:37:27.0859 0856MHN - ok
18:37:27.0937 0856MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:37:27.0953 0856MHNDRV - ok
18:37:27.0984 0856mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:37:28.0000 0856mnmdd - ok
18:37:28.0062 0856mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:37:28.0078 0856mnmsrvc - ok
18:37:28.0125 0856Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:37:28.0140 0856Modem - ok
18:37:28.0203 0856Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:37:28.0218 0856Mouclass - ok
18:37:28.0265 0856mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:37:28.0281 0856mouhid - ok
18:37:28.0312 0856MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:37:28.0328 0856MountMgr - ok
18:37:28.0406 0856MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance
 
Service\maintenanceservice.exe
18:37:28.0500 0856MozillaMaintenance - ok
18:37:28.0515 0856mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:37:28.0531 0856mraid35x - ok
18:37:28.0609 0856MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:37:28.0625 0856MRxDAV - ok
18:37:28.0718 0856MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:37:28.0765 0856MRxSmb - ok
18:37:28.0812 0856MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:37:28.0828 0856MSDTC - ok
18:37:28.0906 0856Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:37:28.0921 0856Msfs - ok
18:37:28.0937 0856MSIServer - ok
18:37:28.0968 0856MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:37:28.0984 0856MSKSSRV - ok
18:37:29.0031 0856MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:37:29.0046 0856MSPCLOCK - ok
18:37:29.0078 0856MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:37:29.0093 0856MSPQM - ok
18:37:29.0140 0856mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:37:29.0156 0856mssmbios - ok
18:37:29.0187 0856MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:37:29.0203 0856MSTEE - ok
18:37:29.0250 0856Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:37:29.0265 0856Mup - ok
18:37:29.0312 0856NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:37:29.0343 0856NABTSFEC - ok
18:37:29.0406 0856napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:37:29.0500 0856napagent - ok
18:37:29.0734 0856NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120717.004\naveng.sys
18:37:29.0734 0856NAVENG - ok
18:37:29.0937 0856NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120717.004\navex15.sys
18:37:29.0968 0856NAVEX15 - ok
18:37:30.0250 0856NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:37:30.0281 0856NDIS - ok
18:37:30.0328 0856NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:37:30.0328 0856NdisIP - ok
18:37:30.0390 0856NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:37:30.0390 0856NdisTapi - ok
18:37:30.0453 0856Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:37:30.0468 0856Ndisuio - ok
18:37:30.0500 0856NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:37:30.0531 0856NdisWan - ok
18:37:30.0640 0856NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:37:30.0656 0856NDProxy - ok
18:37:30.0671 0856NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:37:30.0687 0856NetBIOS - ok
18:37:30.0734 0856NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:37:30.0765 0856NetBT - ok
18:37:30.0843 0856NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:37:30.0890 0856NetDDE - ok
18:37:30.0906 0856NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:37:30.0906 0856NetDDEdsdm - ok
18:37:30.0968 0856Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:30.0984 0856Netlogon - ok
18:37:31.0031 0856Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:37:31.0031 0856Netman - ok
18:37:31.0187 0856NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:37:31.0218 0856NetTcpPortSharing - ok
18:37:31.0468 0856NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
18:37:31.0531 0856NETw3x32 - ok
18:37:31.0812 0856NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:37:31.0828 0856NIC1394 - ok
18:37:31.0906 0856Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:37:31.0921 0856Nla - ok
18:37:31.0937 0856Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:37:31.0953 0856Npfs - ok
18:37:32.0031 0856Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:37:32.0062 0856Ntfs - ok
18:37:32.0125 0856NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:32.0125 0856NtLmSsp - ok
18:37:32.0218 0856NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:37:32.0312 0856NtmsSvc - ok
18:37:32.0359 0856Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:37:32.0375 0856Null - ok
18:37:32.0406 0856NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:37:32.0421 0856NwlnkFlt - ok
18:37:32.0453 0856NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:37:32.0468 0856NwlnkFwd - ok
18:37:32.0500 0856ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:37:32.0531 0856ohci1394 - ok
18:37:32.0656 0856ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:37:32.0687 0856ose - ok
18:37:32.0734 0856Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:37:32.0750 0856Parport - ok
18:37:32.0812 0856PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:37:32.0828 0856PartMgr - ok
18:37:32.0859 0856ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:37:32.0875 0856ParVdm - ok
18:37:32.0906 0856PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:37:32.0921 0856PCI - ok
18:37:32.0937 0856PCIDump - ok
18:37:32.0984 0856PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:37:33.0000 0856PCIIde - ok
18:37:33.0062 0856Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:37:33.0078 0856Pcmcia - ok
18:37:33.0093 0856PDCOMP - ok
18:37:33.0109 0856PDFRAME - ok
18:37:33.0125 0856PDRELI - ok
18:37:33.0140 0856PDRFRAME - ok
18:37:33.0187 0856perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:37:33.0218 0856perc2 - ok
18:37:33.0250 0856perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:37:33.0250 0856perc2hib - ok
18:37:33.0343 0856PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:37:33.0343 0856PlugPlay - ok
18:37:33.0359 0856PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:33.0375 0856PolicyAgent - ok
18:37:33.0406 0856PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:37:33.0421 0856PptpMiniport - ok
18:37:33.0437 0856ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:33.0453 0856ProtectedStorage - ok
18:37:33.0468 0856PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:37:33.0484 0856PSched - ok
18:37:33.0515 0856Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:37:33.0531 0856Ptilink - ok
18:37:33.0593 0856PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:37:33.0609 0856PxHelp20 - ok
18:37:33.0656 0856ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:37:33.0687 0856ql1080 - ok
18:37:33.0718 0856Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:37:33.0734 0856Ql10wnt - ok
18:37:33.0765 0856ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:37:33.0796 0856ql12160 - ok
18:37:33.0828 0856ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:37:33.0843 0856ql1240 - ok
18:37:33.0890 0856ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:37:33.0906 0856ql1280 - ok
18:37:33.0953 0856RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:37:33.0968 0856RasAcd - ok
18:37:34.0031 0856RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:37:34.0046 0856RasAuto - ok
18:37:34.0078 0856Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:37:34.0093 0856Rasl2tp - ok
18:37:34.0171 0856RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:37:34.0218 0856RasMan - ok
18:37:34.0250 0856RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:37:34.0265 0856RasPppoe - ok
18:37:34.0281 0856Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:37:34.0296 0856Raspti - ok
18:37:34.0343 0856Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:37:34.0359 0856Rdbss - ok
18:37:34.0375 0856RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:37:34.0390 0856RDPCDD - ok
18:37:34.0453 0856rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:37:34.0468 0856rdpdr - ok
18:37:34.0531 0856RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
18:37:34.0562 0856RDPWD - ok
18:37:34.0625 0856RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:37:34.0671 0856RDSessMgr - ok
18:37:34.0703 0856redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:37:34.0718 0856redbook - ok
18:37:34.0750 0856RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:37:34.0765 0856RemoteAccess - ok
18:37:34.0812 0856RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:37:34.0828 0856RemoteRegistry - ok
18:37:34.0921 0856rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
18:37:34.0921 0856rimmptsk - ok
18:37:34.0968 0856rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
18:37:34.0984 0856rimsptsk - ok
18:37:35.0031 0856rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
18:37:35.0046 0856rismxdp - ok
18:37:35.0109 0856RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:37:35.0140 0856RpcLocator - ok
18:37:35.0234 0856RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:37:35.0250 0856RpcSs - ok
18:37:35.0312 0856RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:37:35.0375 0856RSVP - ok
18:37:35.0437 0856rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:37:35.0453 0856rtl8139 - ok
18:37:35.0500 0856s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
18:37:35.0515 0856s0016bus - ok
18:37:35.0578 0856s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
18:37:35.0609 0856s0016mdfl - ok
18:37:35.0671 0856s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
18:37:35.0687 0856s0016mdm - ok
18:37:35.0765 0856s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
18:37:35.0781 0856s0016mgmt - ok
18:37:35.0812 0856s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
18:37:35.0828 0856s0016nd5 - ok
18:37:35.0875 0856s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
18:37:35.0906 0856s0016obex - ok
18:37:35.0953 0856s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
18:37:35.0984 0856s0016unic - ok
18:37:36.0031 0856s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
18:37:36.0062 0856s116obex - ok
18:37:36.0125 0856SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:36.0125 0856SamSs - ok
18:37:36.0265 0856SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:37:36.0281 0856SASDIFSV - ok
18:37:36.0296 0856SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:37:36.0312 0856SASKUTIL - ok
18:37:36.0468 0856SavRoam (e20aed7668511d2848d64f2f3fa7c8e0) C:\Program Files\Symantec AntiVirus\SavRoam.exe
18:37:36.0500 0856SavRoam - ok
18:37:36.0609 0856SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
18:37:36.0625 0856SAVRT - ok
18:37:36.0687 0856SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
18:37:36.0703 0856SAVRTPEL - ok
18:37:36.0781 0856SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:37:36.0812 0856SCardSvr - ok
18:37:36.0906 0856Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:37:36.0937 0856Schedule - ok
18:37:36.0968 0856sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:37:36.0984 0856sdbus - ok
18:37:37.0031 0856SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
18:37:37.0062 0856SE27bus - ok
18:37:37.0109 0856SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
18:37:37.0125 0856SE27mdfl - ok
18:37:37.0187 0856SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
18:37:37.0203 0856SE27mdm - ok
18:37:37.0296 0856Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:37:37.0312 0856Secdrv - ok
18:37:37.0359 0856seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:37:37.0375 0856seclogon - ok
18:37:37.0406 0856SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:37:37.0421 0856SENS - ok
18:37:37.0453 0856Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:37:37.0468 0856Serenum - ok
18:37:37.0500 0856Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:37:37.0515 0856Serial - ok
18:37:37.0593 0856sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
18:37:37.0609 0856sffdisk - ok
18:37:37.0656 0856sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
18:37:37.0671 0856sffp_sd - ok
18:37:37.0718 0856Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:37:37.0734 0856Sfloppy - ok
18:37:37.0843 0856SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:37:37.0906 0856SharedAccess - ok
18:37:37.0984 0856ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:37:37.0984 0856ShellHWDetection - ok
18:37:38.0000 0856Simbad - ok
18:37:38.0046 0856sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:37:38.0062 0856sisagp - ok
18:37:38.0125 0856SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:37:38.0140 0856SLIP - ok
18:37:38.0312 0856SNDSrvc (074001698482de1f6ddc7be92da67721) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
18:37:38.0375 0856SNDSrvc - ok
18:37:38.0421 0856Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:37:38.0437 0856Sparrow - ok
18:37:38.0546 0856SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:37:38.0625 0856SPBBCDrv - ok
18:37:38.0781 0856SPBBCSvc (ea07435c72a8534c3a8e02d87246e546) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
18:37:38.0921 0856SPBBCSvc - ok
18:37:39.0187 0856splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:37:39.0187 0856splitter - ok
18:37:39.0265 0856Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:37:39.0281 0856Spooler - ok
18:37:39.0343 0856sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:37:39.0375 0856sr - ok
18:37:39.0453 0856srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:37:39.0484 0856srservice - ok
18:37:39.0578 0856Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:37:39.0609 0856Srv - ok
18:37:39.0656 0856SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:37:39.0671 0856SSDPSRV - ok
18:37:39.0781 0856stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:37:39.0828 0856stisvc - ok
18:37:39.0875 0856streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:37:39.0890 0856streamip - ok
18:37:39.0921 0856swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:37:39.0937 0856swenum - ok
18:37:40.0000 0856swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:37:40.0015 0856swmidi - ok
18:37:40.0031 0856SwPrv - ok
18:37:40.0343 0856Symantec AntiVirus (07c8477743aa4a7db19ccd23598817b1) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
18:37:40.0531 0856Symantec AntiVirus - ok
18:37:40.0812 0856symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:37:40.0828 0856symc810 - ok
18:37:40.0875 0856symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:37:40.0890 0856symc8xx - ok
18:37:41.0031 0856SymEvent (3feeb051c94f5005f56423619315273b) C:\Program Files\Symantec\SYMEVENT.SYS
18:37:41.0046 0856SymEvent - ok
18:37:41.0109 0856SYMREDRV (8d668fe83a439e2166b7defff995cddc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:37:41.0125 0856SYMREDRV - ok
18:37:41.0171 0856SYMTDI (b825e10cd61046672fef234820842c42) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:37:41.0203 0856SYMTDI - ok
18:37:41.0234 0856sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:37:41.0250 0856sym_hi - ok
18:37:41.0281 0856sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:37:41.0281 0856sym_u3 - ok
18:37:41.0375 0856SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:37:41.0390 0856SynTP - ok
18:37:41.0468 0856sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:37:41.0484 0856sysaudio - ok
18:37:41.0562 0856SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:37:41.0593 0856SysmonLog - ok
18:37:41.0687 0856TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:37:41.0718 0856TapiSrv - ok
18:37:41.0796 0856Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:37:41.0828 0856Tcpip - ok
18:37:41.0859 0856TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:37:41.0875 0856TDPIPE - ok
18:37:41.0921 0856TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:37:41.0937 0856TDTCP - ok
18:37:41.0953 0856TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:37:41.0968 0856TermDD - ok
18:37:42.0031 0856TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:37:42.0093 0856TermService - ok
18:37:42.0156 0856tffsport (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys
18:37:42.0171 0856tffsport - ok
18:37:42.0218 0856Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:37:42.0234 0856Themes - ok
18:37:42.0281 0856TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:37:42.0312 0856TlntSvr - ok
18:37:42.0359 0856TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:37:42.0375 0856TosIde - ok
18:37:42.0421 0856TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:37:42.0437 0856TrkWks - ok
18:37:42.0484 0856Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:37:42.0500 0856Udfs - ok
18:37:42.0515 0856UIUSys - ok
18:37:42.0562 0856ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:37:42.0578 0856ultra - ok
18:37:42.0656 0856Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:37:42.0687 0856Update - ok
18:37:42.0734 0856upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:37:42.0765 0856upnphost - ok
18:37:42.0796 0856UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:37:42.0828 0856UPS - ok
18:37:42.0875 0856USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:37:42.0890 0856USBAAPL - ok
18:37:42.0968 0856usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:37:42.0984 0856usbaudio - ok
18:37:43.0046 0856usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:37:43.0062 0856usbccgp - ok
18:37:43.0109 0856usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:37:43.0125 0856usbehci - ok
18:37:43.0203 0856usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:37:43.0218 0856usbhub - ok
18:37:43.0281 0856usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:37:43.0296 0856usbprint - ok
18:37:43.0359 0856usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:37:43.0375 0856usbscan - ok
18:37:43.0421 0856usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
18:37:43.0437 0856usbser - ok
18:37:43.0484 0856USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:37:43.0484 0856USBSTOR - ok
18:37:43.0500 0856usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:37:43.0515 0856usbuhci - ok
18:37:43.0546 0856VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:37:43.0562 0856VgaSave - ok
18:37:43.0593 0856viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:37:43.0625 0856viaagp - ok
18:37:43.0656 0856ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:37:43.0656 0856ViaIde - ok
18:37:43.0734 0856VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:37:43.0750 0856VolSnap - ok
18:37:43.0843 0856VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:37:43.0906 0856VSS - ok
18:37:43.0953 0856W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:37:43.0984 0856W32Time - ok
18:37:44.0203 0856w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
18:37:44.0312 0856w39n51 - ok
18:37:44.0640 0856Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:37:44.0656 0856Wanarp - ok
18:37:44.0734 0856wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
18:37:44.0750 0856wceusbsh - ok
18:37:44.0859 0856Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:37:44.0921 0856Wdf01000 - ok
18:37:44.0937 0856WDICA - ok
18:37:44.0984 0856wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:37:45.0000 0856wdmaud - ok
18:37:45.0046 0856WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:37:45.0078 0856WebClient - ok
18:37:45.0218 0856winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:37:45.0250 0856winachsf - ok
18:37:45.0390 0856winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:37:45.0421 0856winmgmt - ok
18:37:45.0531 0856WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:37:45.0546 0856WmdmPmSN - ok
18:37:45.0671 0856Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:37:45.0718 0856Wmi - ok
18:37:45.0812 0856WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:37:45.0828 0856WmiAcpi - ok
18:37:45.0890 0856WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:37:45.0906 0856WmiApSrv - ok
18:37:46.0125 0856WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:37:46.0281 0856WMPNetworkSvc - ok
18:37:46.0312 0856WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:37:46.0328 0856WpdUsb - ok
18:37:46.0562 0856WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:37:46.0687 0856WPFFontCache_v0400 - ok
18:37:46.0765 0856wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:37:46.0781 0856wscsvc - ok
18:37:46.0828 0856WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:37:46.0843 0856WSTCODEC - ok
18:37:46.0890 0856wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:37:46.0906 0856wuauserv - ok
18:37:47.0000 0856WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:37:47.0031 0856WZCSVC - ok
18:37:47.0078 0856xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:37:47.0093 0856xmlprov - ok
18:37:47.0171 0856MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
18:37:47.0218 0856\Device\Harddisk0\DR0 - ok
18:37:47.0234 0856MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR14
18:37:47.0250 0856\Device\Harddisk1\DR14 - ok
18:37:47.0265 0856Boot (0x1200) (320f34f5c2b0affc7a3826645bbeb530) \Device\Harddisk0\DR0\Partition0
18:37:47.0265 0856\Device\Harddisk0\DR0\Partition0 - ok
18:37:47.0265 0856Boot (0x1200) (8092664a72caf09ab14f22881be64791) \Device\Harddisk0\DR0\Partition1
18:37:47.0281 0856\Device\Harddisk0\DR0\Partition1 - ok
18:37:47.0281 0856Boot (0x1200) (2643fa23ff8b06de6dc390bbacd46b19) \Device\Harddisk1\DR14\Partition0
18:37:47.0296 0856\Device\Harddisk1\DR14\Partition0 - ok
18:37:47.0296 0856============================================================
18:37:47.0296 0856Scan finished
18:37:47.0296 0856============================================================
18:37:47.0312 1608Detected object count: 0
18:37:47.0312 1608Actual detected object count: 0
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Rogue Killer found two thing (a log has been created) do I go ahead and close it to run ASWmbr

When I try to close RK "None emement have been deleted" do you really want to quit?

I guess to run ASWmbr, I will need to turn my internet connection back on to run, right?
 
RK Log:
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Wai Yau [Admin rights]
Mode: Scan -- Date: 07/26/2012 18:53:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x89D0B488)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2080BH PL +++++
--- User ---
[MBR] 86a6482f4bcc5b6d3898c30c760e1a4c
[BSP] 3ca06dfd8ecf47907b7dafdc5a0494d5 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 63310 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 129676680 | Size: 11970 Mo
2 - [XXXXXX] UNKNOWN (0xd7) [VISIBLE] Offset (sectors): 154191870 | Size: 1027 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 19:26:03
-----------------------------
19:26:03.812 OS Version: Windows 5.1.2600 Service Pack 3
19:26:03.812 Number of processors: 1 586 0xE08
19:26:03.812 ComputerName: PC785018295244 UserName: Wai Yau
19:26:04.421 Initialize success
19:35:23.328 AVAST engine defs: 12072602
19:36:06.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:36:06.500 Disk 0 Vendor: Size: 0MB BusType: 0
19:36:06.625 Disk 0 MBR read successfully
19:36:06.640 Disk 0 MBR scan
19:36:06.687 Disk 0 unknown MBR code
19:36:06.687 Disk 0 MBR hidden
19:36:06.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 63310 MB offset 63
19:36:06.796 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 11970 MB offset 129676680
19:36:06.843 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 154191870
19:36:07.015 Disk 0 scanning C:\WINDOWS\system32\drivers
19:37:15.218 Service scanning
19:38:01.968 Modules scanning
19:38:58.453 Disk 0 trace - called modules:
19:38:59.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
19:38:59.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a77eab8]
19:38:59.062 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8a7d7900]
19:38:59.078 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a783030]
19:38:59.890 AVAST engine scan C:\WINDOWS
19:39:41.687 AVAST engine scan C:\WINDOWS\system32
19:52:37.328 AVAST engine scan C:\WINDOWS\system32\drivers
19:54:05.312 AVAST engine scan C:\Documents and Settings\Wai Yau
20:21:50.078 AVAST engine scan C:\Documents and Settings\All Users
20:24:26.671 Scan finished successfully
20:30:30.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Wai Yau\Desktop\MBR.dat"
20:30:30.390 The log file has been saved successfully to "C:\Documents and Settings\Wai Yau\Desktop\aswMBR.txt"
 
What to do with RogueKiller? Can I close it and ignore the error message?

"None element have been deleted, do you want to quit? Yes or No"
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-07-27.02 - Wai Yau 07/26/2012 20:44:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.966 [GMT -5:00]
Running from: c:\documents and settings\Wai Yau\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Wai Yau\Desktop\Security Center.lnk
c:\windows\system32\ff4h.gy
D:\Autorun.inf
.
Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-26 13:24 . 2012-07-26 13:24--------d-----w-c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-07-26 07:49 . 2012-07-26 07:49--------d-----w-c:\windows\system32\wbem\Repository
2012-07-26 07:48 . 2012-07-26 07:58--------d-----w-c:\program files\SUPERAntiSpyware
2012-07-26 07:44 . 2012-07-26 07:44--------d-----w-c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-07-26 03:50 . 2012-07-26 03:50--------d-----w-c:\documents and settings\All Users\Application Data\SUPERSetup
2012-07-11 01:45 . 2012-07-11 01:45--------d-----w-c:\documents and settings\Wai Yau\Application Data\SUPERAntiSpyware.com
2012-07-11 01:44 . 2012-07-11 01:44--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-07-11 01:33 . 2012-07-11 01:33--------d-----w-c:\documents and settings\Wai Yau\Application Data\Malwarebytes
2012-07-11 01:33 . 2012-07-11 01:33--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-11 01:33 . 2012-07-26 14:12--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-07-11 01:33 . 2012-07-03 18:4622344----a-w-c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 12:01 . 2006-03-16 04:00578560----a-w-c:\windows\system32\user32.DLL
2012-06-22 02:45 . 2012-06-22 02:45426184----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-06-22 02:45 . 2011-07-18 17:5870344-c--a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2006-03-16 04:001866112----a-w-c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-06-20 07:211372672------w-c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-03-16 04:001172480----a-w-c:\windows\system32\msxml3.dll
2012-06-04 22:35 . 2005-05-26 11:19222448----a-w-c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-03-16 04:00152576----a-w-c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-05-24 01:4222040----a-w-c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-05-24 01:4215384----a-w-c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2006-03-16 04:00329240----a-w-c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2006-03-16 04:00219160----a-w-c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2006-03-16 04:00210968----a-w-c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-05-24 01:4215384----a-w-c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2006-03-16 04:0097304----a-w-c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2006-03-16 04:0053784----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2006-03-16 04:0035864----a-w-c:\windows\system32\wups.dll
2012-06-02 20:19 . 2005-05-26 11:1645080----a-w-c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2007-05-24 01:4217944----a-w-c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2006-03-16 04:00577048----a-w-c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2006-03-16 04:001933848----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2007-05-25 03:4417136----a-w-c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2006-12-02 05:13275696----a-w-c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2006-03-16 04:00599040----a-w-c:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2006-03-16 04:00832512----a-w-c:\windows\system32\wininet.dll
2012-05-04 13:16 . 2006-03-16 04:002148352----a-w-c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2006-03-16 04:002026496----a-w-c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2006-03-16 04:00139656----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-06-16 04:06 . 2012-06-06 23:0285472----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-10 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54551296----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:4236272-c--a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-10-03 15:141409384-c--a-w-c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 21:33421160----a-w-c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38421888----a-w-c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-07-26 07:584777856----a-w-c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-20 00:45198160----a-w-c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c9a39916b61c5f"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Wai Yau\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [9/25/2007 6:35 PM 149376]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R3 EraserUtilDrv11210;EraserUtilDrv11210;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [7/17/2012 8:39 PM 106656]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9a39916b61c5f;Google Update Service (gupdate1c9a39916b61c5f);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2009 12:03 AM 133104]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 3:39 PM 61952]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/24/2009 11:31 PM 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2009 12:03 AM 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/6/2012 6:03 PM 113120]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [4/20/2009 7:09 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [4/20/2009 7:09 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [4/20/2009 7:09 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [4/20/2009 7:09 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [4/20/2009 7:09 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [4/20/2009 7:09 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [4/20/2009 7:09 PM 115752]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 9:27 PM 124608]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:03]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:03]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278996565-3618360-3996099003-1005Core.job
- c:\documents and settings\Wai Yau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-28 01:28]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278996565-3618360-3996099003-1005UA.job
- c:\documents and settings\Wai Yau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-28 01:28]
.
2012-07-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 99546b7c-7b13-4366-9b83-7f7d4f45e89e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-07-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d682e5bf-f789-4044-b272-b1a639ccd3a7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: battlefieldheroes.com\www
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\documents and settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
.
.
------- File Associations -------
.
.scr=MicroStation Resource
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Getdo - c:\documents and settings\Wai Yau\Application Data\Adobe\Update\flacor.dat
MSConfigStartUp-Locarm - c:\documents and settings\Wai Yau\Application Data\Adobe\Update\hlpgdi.dat
MSConfigStartUp-Privacy Protection - c:\documents and settings\All Users\Application Data\privacy.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 20:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????g??????`?@?????L?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3272)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\eHome\ehmsas.exe
c:\windows\Logi_MwX.Exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-07-26 21:00:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 02:00
.
Pre-Run: 7,921,393,664 bytes free
Post-Run: 8,408,317,952 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /noguiboot
.
- - End Of File - - FD5A7EF6D3C96EEE06BC1B113A0DD369
 
Looks good.

How is computer doing?

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 7/26/2012 9:58:23 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Wai Yau\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.87% Memory free
6.72 Gb Paging File | 6.43 Gb Available in Paging File | 95.67% Paging File free
Paging file location(s): C:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.83 Gb Total Space | 7.87 Gb Free Space | 12.73% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.39 Gb Free Space | 11.88% Space Free | Partition Type: FAT32
Drive F: | 14.90 Gb Total Space | 14.38 Gb Free Space | 96.52% Space Free | Partition Type: FAT32

Computer Name: PC785018295244 | User Name: Wai Yau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/26 21:57:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wai Yau\Desktop\OTL.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/23 21:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/06/23 21:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/06/23 21:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2003/12/17 10:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE


========== Modules (No Company Name) ==========

MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/04/12 17:46:46 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/07/19 17:13:42 | 000,172,032 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/15 23:06:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2006/06/12 15:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2005/06/23 21:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 21:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 21:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 11:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 11:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 11:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 14:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 23:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\WAIYAU~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/05/16 03:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120717.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 03:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120717.004\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/15 23:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/15 23:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys -- (EraserUtilDrv11210)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/24 23:31:07 | 000,024,616 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/24 23:31:07 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/04/14 00:10:52 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tffsport.sys -- (tffsport)
DRV - [2007/04/03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2006/08/29 23:12:28 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/08/29 23:11:08 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/08/29 23:10:56 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/07/26 23:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/06/06 15:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/05/12 15:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/28 10:25:44 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/04/28 10:25:40 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/04/28 10:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus)
DRV - [2006/04/21 12:06:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/12/22 12:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 15:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 13:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 16:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 16:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 16:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/13 21:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/22 14:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/04/22 14:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/03/30 23:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 22:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 22:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - SOFTWARE\Classes\CLSID\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8}\InprocServer32 File not found
IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120302
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.4
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.3.7
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Wai Yau\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Wai Yau\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 23:06:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 18:03:03 | 000,000,000 | ---D | M]

[2009/12/05 23:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Extensions
[2009/12/05 23:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/06/15 23:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions
[2010/06/24 21:39:37 | 000,000,000 | ---D | M] (Clear Private Data... +) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{0dd39226-2650-404d-a43d-ffd906b35a9e}
[2011/11/29 20:20:29 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/10/07 18:38:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/06/24 21:39:37 | 000,000,000 | ---D | M] (Stealther) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2010/02/11 23:09:23 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2012/06/07 22:54:25 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/01/06 20:33:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/01/26 20:19:13 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2012/06/15 23:08:56 | 000,000,000 | ---D | M] (BlackFox V2-Blue) -- C:\Documents and Settings\Wai Yau\Application Data\Mozilla\Firefox\Profiles\i8pquvsp.default\extensions\zigboom.designs@gmail.com
[2012/06/07 20:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/07 22:54:23 | 000,030,312 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\WAI YAU\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\I8PQUVSP.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2012/06/15 23:06:15 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/12/09 03:58:53 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\mozilla firefox\plugins\npdsplay.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2006/12/09 03:58:18 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll
[2012/06/06 18:02:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/06 18:02:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.cnn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.cnn.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Slinky Elegant = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\
CHR - Extension: Proxy Switchy! = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Blank Black New Tab Page = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fchjkeaocneafiffcdbckcgdaagipaal\2.0_0\
CHR - Extension: Midnight Theme for Google+ = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\finnjafohcjomamkgpdhhdofeghkkpna\1.3.1_0\
CHR - Extension: KB SSL Enforcer = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\1.0.20_0\
CHR - Extension: AVG Threat Labs Site Safety = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncnjjicckpooflgclhneahpkahcpoama\1.0.3.81_0\
CHR - Extension: Gmail = C:\Documents and Settings\Wai Yau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 20:52:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll File not found
O3 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228" File not found
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227" File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..Trusted Domains: battlefieldheroes.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3278996565-3618360-3996099003-1005\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1341968587911 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B6955BE-4DF5-49D7-842E-63C5B3226BC5}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Air.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Air.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/26 21:57:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wai Yau\Desktop\OTL.exe
[2012/07/26 20:42:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/26 20:41:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/26 20:41:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/26 20:41:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/26 20:41:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/26 20:41:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/26 20:40:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/26 20:38:32 | 004,719,912 | R--- | C] (Swearware) -- C:\Documents and Settings\Wai Yau\Desktop\ComboFix.exe
[2012/07/26 18:59:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Wai Yau\Desktop\aswMBR.exe
[2012/07/26 18:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wai Yau\Desktop\RK_Quarantine
[2012/07/26 18:37:01 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Wai Yau\Desktop\TDSSKiller.exe
[2012/07/26 02:48:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wai Yau\Recent
[2012/07/26 02:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/26 02:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/07/25 22:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware(2)
[2012/07/25 22:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/07/10 20:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wai Yau\Application Data\SUPERAntiSpyware.com
[2012/07/10 20:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/07/10 20:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wai Yau\Application Data\Malwarebytes
[2012/07/10 20:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/10 20:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/10 20:33:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/10 20:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/26 21:57:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wai Yau\Desktop\OTL.exe
[2012/07/26 21:38:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3278996565-3618360-3996099003-1005UA.job
[2012/07/26 21:38:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3278996565-3618360-3996099003-1005Core.job
[2012/07/26 21:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/26 20:55:42 | 000,001,437 | ---- | M] () -- C:\hpqp.ini
[2012/07/26 20:55:35 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2012/07/26 20:55:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/26 20:52:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/26 20:52:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/26 20:51:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/26 20:51:28 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/26 20:42:54 | 000,000,336 | RHS- | M] () -- C:\boot.ini
[2012/07/26 20:37:50 | 004,719,912 | R--- | M] (Swearware) -- C:\Documents and Settings\Wai Yau\Desktop\ComboFix.exe
[2012/07/26 20:30:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Wai Yau\Desktop\MBR.dat
[2012/07/26 18:59:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Wai Yau\Desktop\aswMBR.exe
[2012/07/26 18:50:26 | 001,552,384 | ---- | M] () -- C:\Documents and Settings\Wai Yau\Desktop\RogueKiller.exe
[2012/07/26 15:34:17 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Wai Yau\Desktop\tix9tbjr.exe
[2012/07/26 09:23:35 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d682e5bf-f789-4044-b272-b1a639ccd3a7.job
[2012/07/26 09:23:35 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 99546b7c-7b13-4366-9b83-7f7d4f45e89e.job
[2012/07/26 09:12:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Wai Yau\Desktop\TDSSKiller.exe
[2012/07/11 20:36:43 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\Wai Yau\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/11 20:36:42 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Wai Yau\Desktop\Google Chrome.lnk
[2012/07/10 20:59:53 | 000,000,220 | ---- | M] () -- C:\Boot.bak
[2012/07/10 20:44:27 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpy.lnk
[2012/07/10 20:11:42 | 000,403,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/05 19:17:48 | 000,119,332 | ---- | M] () -- C:\Documents and Settings\Wai Yau\My Documents\honey&me.jpg
[2012/07/05 19:17:20 | 000,086,542 | ---- | M] () -- C:\Documents and Settings\Wai Yau\My Documents\family.jpg
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/26 20:42:54 | 000,000,220 | ---- | C] () -- C:\Boot.bak
[2012/07/26 20:42:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/26 20:41:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/26 20:41:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/26 20:41:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/26 20:41:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/26 20:41:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/26 20:30:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Wai Yau\Desktop\MBR.dat
[2012/07/26 18:51:08 | 001,552,384 | ---- | C] () -- C:\Documents and Settings\Wai Yau\Desktop\RogueKiller.exe
[2012/07/26 15:34:17 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Wai Yau\Desktop\tix9tbjr.exe
[2012/07/26 09:23:34 | 000,000,514 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d682e5bf-f789-4044-b272-b1a639ccd3a7.job
 
You must log in or register to reply here.

Similar threads

Shawn Knight
NASA accidentally instructs Voyager 2 to turn its antenna away from Earth
Replies
14
Views
1K
Endymio
Endymio
Joe White
Call on FCC to update definition of "high speed" Internet, from 25/3 Mbps to at least...
2
Replies
43
Views
4K
Danny101
Danny101
Scorpus
Intel lifts the lid on Arc laptop GPUs, here's what you need to know
Replies
15
Views
3K
meric
M

Latest posts

Back