Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

all my homepage keeps changing when i restart my computer


  • This topic is locked This topic is locked
34 replies to this topic

#1 liltricia

liltricia

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 14 October 2011 - 09:24 AM

hi
i've been having this problem for a few days now.
everytime i restart/shut off and turn on my computer, my homepage have changed.
i've tried scanning with malwarebytes etc, and even tried another thread http://www.bleepingcomputer.com/forums/topic421313.html, but all doesn't work.

so here's the dds log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by tricia at 21:32:12 on 2011-10-14
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.3039.1838 [GMT 8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\GridService\peer.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\PPStream\PPSAP.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Tudou\飞速Tudou\TudouVa.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\tricia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tricia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\tricia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Users\tricia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\tricia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\tricia\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.goong.info
mStart Page = hxxp://www.goong.info
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 0.0.0.80:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - c:\program files\tudou\烽膣tudou\tudouDetector.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Grid Service] "c:\program files\gridservice\peer.exe" -n Grid
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Internet Explorer Update] "c:\program files\internet explorer\iexplore_update.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\tricia\appdata\roaming\micros~1\windows\startm~1\programs\startup\骠动烽~1.lnk - c:\program files\tudou\烽膣tudou\TudouVa.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &V使用Vagaa哇嘎下载 - c:\vagaa\data\vg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\ikutm.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
Trusted Zone: gogobox.com.tw
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270635433041
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
TCP: DhcpNameServer = 218.186.1.58 202.156.1.78 202.156.1.38
TCP: Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3} : DhcpNameServer = 218.186.1.58 202.156.1.78 202.156.1.38
TCP: Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3}\2375942554335313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3}\37868373132393435303 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3}\4727963696162E08993702960586F6E656 : DhcpNameServer = 202.65.247.31 202.65.244.32
TCP: Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3}\C45656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6137972C-D9E9-4FC1-B095-85445EE33630} : DhcpNameServer = 202.65.247.31 202.65.244.32
TCP: Interfaces\{95843C71-BC6D-4DDD-A3C9-1CDC7DFDEBDA} : DhcpNameServer = 218.186.1.58 202.156.1.78 202.156.1.38
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\94gw4l6k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.goong.info
FF - prefs.js: keyword.URL - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(568).dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\windows media player\np-mswmp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\tricia\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\tricia\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-10 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-10 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110929.001\BHDrvx86.sys [2011-9-30 816760]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20111013.030\IDSvix86.sys [2011-10-14 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-10 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1206000.01d\symnets.sys [2011-5-10 299640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2009-11-12 81920]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-9 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-14 366152]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-10 130008]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-9-8 228408]
R3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\drivers\nvtcam.sys [2010-9-7 2704640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-1 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-14 22216]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-12 185344]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-7-4 25600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-12 29472]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\common files\futuremark shared\futuremark systeminfo\FMSISvc.exe [2011-3-16 129440]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-12 4232192]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-12 1343400]
.
=============== Created Last 30 ================
.
2011-10-14 12:51:25 388096 ----a-r- c:\users\tricia\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-14 12:51:24 -------- d-----w- c:\program files\HiJack
2011-10-14 12:08:30 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-14 11:55:24 -------- d-----w- C:\FavoriteVideo
2011-10-14 11:49:25 -------- d-----w- C:\ComboFix
2011-10-14 11:17:55 98816 ----a-w- c:\windows\sed.exe
2011-10-14 11:17:55 518144 ----a-w- c:\windows\SWREG.exe
2011-10-14 11:17:55 256000 ----a-w- c:\windows\PEV.exe
2011-10-14 11:17:55 208896 ----a-w- c:\windows\MBR.exe
2011-10-14 11:00:54 -------- d-----w- c:\users\tricia\appdata\roaming\Malwarebytes
2011-10-14 11:00:49 -------- d-----w- c:\programdata\Malwarebytes
2011-10-14 11:00:45 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-14 11:00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 00:25:19 -------- d-----w- c:\program files\iPod
2011-10-13 00:21:35 -------- d-----w- c:\program files\Bonjour
2011-10-12 06:09:55 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 06:09:55 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 06:09:52 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 06:09:52 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 06:09:25 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-10-10 16:20:12 764275 --sha-w- c:\program files\internet explorer\iexplore_update.exe
2011-09-28 07:07:09 -------- d-----w- c:\users\tricia\appdata\roaming\360safe
2011-09-16 17:31:01 -------- d-----w- c:\users\tricia\appdata\roaming\calibre
2011-09-16 17:30:28 -------- d-----w- c:\program files\Calibre2
.
==================== Find3M ====================
.
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 09:26:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-30 15:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 15:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-12 18:36:59 153632 ----a-w- c:\windows\system32\ikutm.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST950042 rev.0006 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83411000]<< >>UNKNOWN [0x8C20A000]<< >>UNKNOWN [0x8CBBF000]<< >>UNKNOWN [0x8CDEC000]<< >>UNKNOWN [0x83823000]<< >>UNKNOWN [0x8C090000]<< >>UNKNOWN [0x8C312000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8344852A] -> \Device\Harddisk0\DR0[0x87D02030]
\Driver\Disk[0x87D01F38] -> IRP_MJ_CREATE -> 0x8C20E39F
3 [0x8C20E59E] -> ntkrnlpa!IofCallDriver[0x8344852A] -> [0x87D00618]
\Driver\hpdskflt[0x87CAF6D0] -> IRP_MJ_CREATE -> 0x8CDEDFB0
5 [0x8CDEE090] -> ntkrnlpa!IofCallDriver[0x8344852A] -> [0x8729EB68]
\Driver\ACPI[0x86514468] -> IRP_MJ_CREATE -> 0x8C0994CC
7 [0x8C0993D4] -> ntkrnlpa!IofCallDriver[0x8344852A] -> \Device\Ide\IAAStorageDevice-0[0x87286028]
\Driver\iaStor[0x8729E8C8] -> IRP_MJ_CREATE -> 0x8C35692E
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV ES, AX; MOV DS, AX; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x660; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:33:10.88 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 19 October 2011 - 09:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/423455 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 liltricia

liltricia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 20 October 2011 - 01:16 PM

hi yes i still need help with it.
but i can only get to my computer tomorrow.
thanks in advance!

#4 liltricia

liltricia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 21 October 2011 - 12:28 PM

all my browsers homepage doesn't change to other websites anymore as i've installed hitman.
but once i use the address bar to search on the 3 browsers on my comupter, it will redirect me to google custom search.

i'm waiting on the GMER log now and i'll post it once it's done.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by tricia at 22:25:00 on 2011-10-21
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.3039.1623 [GMT 8:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\GridService\peer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\tricia\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\gogobox\gogobox.exe
C:\Program Files\gogobox\gogobox_e.exe
C:\Windows\system32\conhost.exe
C:\Program Files\gogobox\gogobox_t.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Windows\Explorer.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.goong.info
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 0.0.0.80:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - c:\program files\tudou\烽膣tudou\tudouDetector.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [Google Update] "c:\users\tricia\appdata\local\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_ActiveX.exe -update activex
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Grid Service] "c:\program files\gridservice\peer.exe" -n Grid
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\tricia\appdata\roaming\micros~1\windows\startm~1\programs\startup\骠动烽~1.lnk - c:\program files\tudou\烽膣tudou\TudouVa.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &V使用Vagaa哇嘎下载 - c:\vagaa\data\vg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\ikutm.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
Trusted Zone: gogobox.com.tw
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270635433041
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
TCP: DhcpNameServer = 218.186.1.58 202.156.1.78 202.156.1.38
TCP: Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3} : DhcpNameServer = 218.186.1.58 202.156.1.78 202.156.1.38
TCP: Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3}\2375942554335313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3}\37868373132393435303 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3}\4727963696162E08993702960586F6E656 : DhcpNameServer = 202.65.247.31 202.65.244.32
TCP: Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3}\C45656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6137972C-D9E9-4FC1-B095-85445EE33630} : DhcpNameServer = 202.65.247.32 202.65.244.31
TCP: Interfaces\{95843C71-BC6D-4DDD-A3C9-1CDC7DFDEBDA} : DhcpNameServer = 218.186.1.58 202.156.1.78 202.156.1.38
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\94gw4l6k.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(568).dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\windows media player\np-mswmp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\tricia\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\tricia\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-10 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-10 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-15 818808]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20111020.030\IDSvix86.sys [2011-10-21 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-10 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1206000.01d\symnets.sys [2011-5-10 299640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2009-11-12 81920]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-9 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-14 366152]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-10 130008]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-9-8 228408]
R3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\drivers\nvtcam.sys [2010-9-7 2704640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-1 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-14 22216]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-7-4 25600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-12 29472]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\common files\futuremark shared\futuremark systeminfo\FMSISvc.exe [2011-3-16 129440]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-12 4232192]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-12 185344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-12 1343400]
.
=============== Created Last 30 ================
.
2011-10-14 16:01:27 -------- d-----w- C:\dcache
2011-10-14 15:11:07 -------- d-----w- c:\windows\pss
2011-10-14 15:07:44 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-10-14 14:42:14 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-14 14:27:27 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-14 14:27:14 -------- d-----w- c:\programdata\Hitman Pro
2011-10-14 13:49:13 32824 ----a-w- c:\windows\system32\rrMon.sys
2011-10-14 13:49:10 -------- d-----w- c:\program files\Registrar Registry Manager
2011-10-14 12:51:25 388096 ----a-r- c:\users\tricia\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-14 12:51:24 -------- d-----w- c:\program files\HiJack
2011-10-14 12:08:30 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-14 11:55:24 -------- d-----w- C:\FavoriteVideo
2011-10-14 11:49:25 -------- d-----w- C:\ComboFix
2011-10-14 11:17:55 98816 ----a-w- c:\windows\sed.exe
2011-10-14 11:17:55 518144 ----a-w- c:\windows\SWREG.exe
2011-10-14 11:17:55 256000 ----a-w- c:\windows\PEV.exe
2011-10-14 11:17:55 208896 ----a-w- c:\windows\MBR.exe
2011-10-14 11:00:54 -------- d-----w- c:\users\tricia\appdata\roaming\Malwarebytes
2011-10-14 11:00:49 -------- d-----w- c:\programdata\Malwarebytes
2011-10-14 11:00:45 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-14 11:00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 00:25:19 -------- d-----w- c:\program files\iPod
2011-10-13 00:21:35 -------- d-----w- c:\program files\Bonjour
2011-10-12 06:09:55 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 06:09:55 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 06:09:52 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 06:09:52 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 06:09:25 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-09-28 07:07:09 -------- d-----w- c:\users\tricia\appdata\roaming\360safe
.
==================== Find3M ====================
.
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 09:26:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-30 15:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 15:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-12 18:36:59 153632 ----a-w- c:\windows\system32\ikutm.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST950042 rev.0006 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8343D000]<< >>UNKNOWN [0x8C230000]<< >>UNKNOWN [0x8CF9E000]<< >>UNKNOWN [0x8CF63000]<< >>UNKNOWN [0x83406000]<< >>UNKNOWN [0x8C0A5000]<< >>UNKNOWN [0x8C428000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8347452A] -> \Device\Harddisk0\DR0[0x87D02A20]
\Driver\Disk[0x87D01F38] -> IRP_MJ_CREATE -> 0x8C23439F
3 [0x8C23459E] -> ntkrnlpa!IofCallDriver[0x8347452A] -> [0x87D00340]
\Driver\hpdskflt[0x87CB07B8] -> IRP_MJ_CREATE -> 0x8CF64FB0
5 [0x8CF65090] -> ntkrnlpa!IofCallDriver[0x8347452A] -> [0x865E3840]
\Driver\ACPI[0x86532030] -> IRP_MJ_CREATE -> 0x8C0AE4CC
7 [0x8C0AE3D4] -> ntkrnlpa!IofCallDriver[0x8347452A] -> \Device\Ide\IAAStorageDevice-0[0x87285028]
\Driver\iaStor[0x8729C288] -> IRP_MJ_CREATE -> 0x8C46C92E
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV ES, AX; MOV DS, AX; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x660; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:25:58.25 ===============

#5 liltricia

liltricia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 21 October 2011 - 11:14 PM

and here's my GMER log.

Attached Files



#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:44 AM

Posted 22 October 2011 - 01:20 PM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:44 AM

Posted 22 October 2011 - 01:22 PM

Hi,

I see you've run ComboFix before, could you please post me the log: C:\ComboFix.txt

:step1: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

:step2: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 liltricia

liltricia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 October 2011 - 01:36 AM

14:26:29.0646 3368 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
14:26:30.0738 3368 ============================================================
14:26:30.0738 3368 Current date / time: 2011/10/23 14:26:30.0738
14:26:30.0738 3368 SystemInfo:
14:26:30.0738 3368
14:26:30.0738 3368 OS Version: 6.1.7601 ServicePack: 1.0
14:26:30.0738 3368 Product type: Workstation
14:26:30.0738 3368 ComputerName: TRICIA-PC
14:26:30.0738 3368 UserName: tricia
14:26:30.0738 3368 Windows directory: C:\Windows
14:26:30.0738 3368 System windows directory: C:\Windows
14:26:30.0738 3368 Processor architecture: Intel x86
14:26:30.0738 3368 Number of processors: 2
14:26:30.0738 3368 Page size: 0x1000
14:26:30.0738 3368 Boot type: Normal boot
14:26:30.0738 3368 ============================================================
14:26:31.0471 3368 Initialize success
14:26:33.0109 7352 ============================================================
14:26:33.0109 7352 Scan started
14:26:33.0109 7352 Mode: Manual;
14:26:33.0109 7352 ============================================================
14:26:33.0702 7352 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:26:33.0717 7352 1394ohci - ok
14:26:33.0764 7352 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:26:33.0764 7352 Accelerometer - ok
14:26:33.0826 7352 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:26:33.0842 7352 ACPI - ok
14:26:33.0889 7352 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:26:33.0889 7352 AcpiPmi - ok
14:26:33.0967 7352 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:26:33.0982 7352 adp94xx - ok
14:26:34.0029 7352 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:26:34.0045 7352 adpahci - ok
14:26:34.0092 7352 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:26:34.0092 7352 adpu320 - ok
14:26:34.0185 7352 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:26:34.0185 7352 AFD - ok
14:26:34.0263 7352 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:26:34.0263 7352 agp440 - ok
14:26:34.0310 7352 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:26:34.0310 7352 aic78xx - ok
14:26:34.0372 7352 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:26:34.0372 7352 aliide - ok
14:26:34.0388 7352 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:26:34.0404 7352 amdagp - ok
14:26:34.0419 7352 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:26:34.0419 7352 amdide - ok
14:26:34.0450 7352 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:26:34.0450 7352 AmdK8 - ok
14:26:34.0466 7352 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:26:34.0482 7352 AmdPPM - ok
14:26:34.0497 7352 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:26:34.0497 7352 amdsata - ok
14:26:34.0544 7352 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:26:34.0544 7352 amdsbs - ok
14:26:34.0575 7352 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:26:34.0575 7352 amdxata - ok
14:26:34.0653 7352 AmUStor (3d9c8ca7b297d8dd21541f6329b443ff) C:\Windows\system32\drivers\AmUStor.SYS
14:26:34.0653 7352 AmUStor - ok
14:26:34.0716 7352 ApfiltrService (f5621e9033cf5b3dae91691f74d2c41f) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:26:34.0716 7352 ApfiltrService - ok
14:26:34.0778 7352 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:26:34.0794 7352 AppID - ok
14:26:34.0872 7352 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:26:34.0872 7352 arc - ok
14:26:34.0887 7352 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:26:34.0887 7352 arcsas - ok
14:26:34.0903 7352 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:26:34.0903 7352 AsyncMac - ok
14:26:34.0965 7352 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:26:34.0965 7352 atapi - ok
14:26:35.0012 7352 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
14:26:35.0043 7352 athr - ok
14:26:35.0106 7352 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:26:35.0106 7352 b06bdrv - ok
14:26:35.0137 7352 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:26:35.0168 7352 b57nd60x - ok
14:26:35.0215 7352 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:26:35.0246 7352 BCM43XX - ok
14:26:35.0262 7352 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:26:35.0262 7352 Beep - ok
14:26:35.0464 7352 BHDrvx86 (fe57ab6683f48264d1cd36f5d5ee95a8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx86.sys
14:26:35.0496 7352 BHDrvx86 - ok
14:26:35.0558 7352 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:26:35.0574 7352 blbdrive - ok
14:26:35.0652 7352 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:26:35.0652 7352 bowser - ok
14:26:35.0698 7352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:26:35.0714 7352 BrFiltLo - ok
14:26:35.0745 7352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:26:35.0745 7352 BrFiltUp - ok
14:26:35.0776 7352 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:26:35.0792 7352 Brserid - ok
14:26:35.0808 7352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:26:35.0808 7352 BrSerWdm - ok
14:26:35.0839 7352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:26:35.0839 7352 BrUsbMdm - ok
14:26:35.0854 7352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:26:35.0854 7352 BrUsbSer - ok
14:26:35.0932 7352 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
14:26:35.0948 7352 BthEnum - ok
14:26:35.0995 7352 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:26:35.0995 7352 BTHMODEM - ok
14:26:36.0026 7352 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
14:26:36.0026 7352 BthPan - ok
14:26:36.0088 7352 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
14:26:36.0104 7352 BTHPORT - ok
14:26:36.0166 7352 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
14:26:36.0166 7352 BTHUSB - ok
14:26:36.0213 7352 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
14:26:36.0213 7352 btwaudio - ok
14:26:36.0260 7352 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\DRIVERS\btwavdt.sys
14:26:36.0260 7352 btwavdt - ok
14:26:36.0291 7352 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:26:36.0291 7352 btwl2cap - ok
14:26:36.0307 7352 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
14:26:36.0307 7352 btwrchid - ok
14:26:36.0416 7352 catchme - ok
14:26:36.0447 7352 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:26:36.0447 7352 cdfs - ok
14:26:36.0510 7352 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
14:26:36.0510 7352 cdrom - ok
14:26:36.0556 7352 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:26:36.0556 7352 circlass - ok
14:26:36.0588 7352 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:26:36.0588 7352 CLFS - ok
14:26:36.0634 7352 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:26:36.0634 7352 CmBatt - ok
14:26:36.0666 7352 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:26:36.0666 7352 cmdide - ok
14:26:36.0697 7352 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
14:26:36.0697 7352 CNG - ok
14:26:36.0759 7352 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:26:36.0759 7352 Compbatt - ok
14:26:36.0822 7352 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:26:36.0822 7352 CompositeBus - ok
14:26:36.0853 7352 cpuz135 - ok
14:26:36.0868 7352 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:26:36.0868 7352 crcdisk - ok
14:26:36.0946 7352 dc3d (b6672f62f75fb952d7ae7cb4e80011a9) C:\Windows\system32\DRIVERS\dc3d.sys
14:26:36.0946 7352 dc3d - ok
14:26:37.0040 7352 DCamUSBNovatek (8812a6fb206544694129b275a1a3d40c) C:\Windows\system32\Drivers\nvtcam.sys
14:26:37.0118 7352 DCamUSBNovatek - ok
14:26:37.0165 7352 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:26:37.0165 7352 DfsC - ok
14:26:37.0227 7352 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:26:37.0227 7352 discache - ok
14:26:37.0290 7352 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:26:37.0290 7352 Disk - ok
14:26:37.0368 7352 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:26:37.0368 7352 drmkaud - ok
14:26:37.0430 7352 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:26:37.0461 7352 DXGKrnl - ok
14:26:37.0586 7352 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:26:37.0648 7352 ebdrv - ok
14:26:37.0742 7352 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:26:37.0742 7352 eeCtrl - ok
14:26:37.0804 7352 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:26:37.0820 7352 elxstor - ok
14:26:37.0867 7352 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:26:37.0882 7352 EraserUtilRebootDrv - ok
14:26:37.0929 7352 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:26:37.0929 7352 ErrDev - ok
14:26:37.0992 7352 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:26:37.0992 7352 exfat - ok
14:26:38.0023 7352 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:26:38.0023 7352 fastfat - ok
14:26:38.0054 7352 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:26:38.0054 7352 fdc - ok
14:26:38.0085 7352 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:26:38.0085 7352 FileInfo - ok
14:26:38.0101 7352 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:26:38.0101 7352 Filetrace - ok
14:26:38.0116 7352 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:26:38.0116 7352 flpydisk - ok
14:26:38.0148 7352 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:26:38.0148 7352 FltMgr - ok
14:26:38.0163 7352 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:26:38.0163 7352 FsDepends - ok
14:26:38.0194 7352 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:26:38.0194 7352 Fs_Rec - ok
14:26:38.0272 7352 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:26:38.0288 7352 fvevol - ok
14:26:38.0319 7352 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:26:38.0319 7352 gagp30kx - ok
14:26:38.0382 7352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:26:38.0382 7352 GEARAspiWDM - ok
14:26:38.0397 7352 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:26:38.0397 7352 hcw85cir - ok
14:26:38.0460 7352 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:26:38.0475 7352 HdAudAddService - ok
14:26:38.0522 7352 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:26:38.0522 7352 HDAudBus - ok
14:26:38.0569 7352 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:26:38.0569 7352 HidBatt - ok
14:26:38.0600 7352 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:26:38.0616 7352 HidBth - ok
14:26:38.0647 7352 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:26:38.0647 7352 HidIr - ok
14:26:38.0709 7352 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
14:26:38.0725 7352 HidUsb - ok
14:26:38.0787 7352 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:26:38.0787 7352 hpdskflt - ok
14:26:38.0818 7352 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:26:38.0818 7352 HpqKbFiltr - ok
14:26:38.0881 7352 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:26:38.0881 7352 HpSAMD - ok
14:26:38.0959 7352 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:26:38.0974 7352 HTTP - ok
14:26:39.0021 7352 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:26:39.0021 7352 hwpolicy - ok
14:26:39.0068 7352 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:26:39.0084 7352 i8042prt - ok
14:26:39.0130 7352 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
14:26:39.0130 7352 iaStor - ok
14:26:39.0193 7352 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:26:39.0193 7352 iaStorV - ok
14:26:39.0364 7352 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111021.030\IDSvix86.sys
14:26:39.0380 7352 IDSVix86 - ok
14:26:39.0536 7352 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:26:39.0661 7352 igfx - ok
14:26:39.0676 7352 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:26:39.0676 7352 iirsp - ok
14:26:39.0723 7352 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:26:39.0723 7352 intelide - ok
14:26:39.0739 7352 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:26:39.0739 7352 intelppm - ok
14:26:39.0786 7352 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:26:39.0786 7352 IpFilterDriver - ok
14:26:39.0848 7352 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:26:39.0848 7352 IPMIDRV - ok
14:26:39.0864 7352 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:26:39.0864 7352 IPNAT - ok
14:26:39.0910 7352 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:26:39.0910 7352 IRENUM - ok
14:26:39.0926 7352 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:26:39.0942 7352 isapnp - ok
14:26:39.0973 7352 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:26:39.0988 7352 iScsiPrt - ok
14:26:40.0004 7352 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
14:26:40.0004 7352 kbdclass - ok
14:26:40.0020 7352 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
14:26:40.0020 7352 kbdhid - ok
14:26:40.0082 7352 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
14:26:40.0082 7352 KSecDD - ok
14:26:40.0113 7352 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
14:26:40.0113 7352 KSecPkg - ok
14:26:40.0176 7352 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:26:40.0176 7352 lltdio - ok
14:26:40.0207 7352 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:26:40.0207 7352 LSI_FC - ok
14:26:40.0238 7352 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:26:40.0238 7352 LSI_SAS - ok
14:26:40.0254 7352 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:26:40.0269 7352 LSI_SAS2 - ok
14:26:40.0285 7352 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:26:40.0285 7352 LSI_SCSI - ok
14:26:40.0316 7352 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:26:40.0316 7352 luafv - ok
14:26:40.0394 7352 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
14:26:40.0394 7352 MBAMProtector - ok
14:26:40.0441 7352 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:26:40.0441 7352 megasas - ok
14:26:40.0472 7352 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:26:40.0472 7352 MegaSR - ok
14:26:40.0519 7352 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:26:40.0519 7352 Modem - ok
14:26:40.0550 7352 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:26:40.0550 7352 monitor - ok
14:26:40.0597 7352 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
14:26:40.0597 7352 mouclass - ok
14:26:40.0644 7352 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:26:40.0644 7352 mouhid - ok
14:26:40.0722 7352 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:26:40.0722 7352 mountmgr - ok
14:26:40.0784 7352 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:26:40.0800 7352 mpio - ok
14:26:40.0846 7352 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:26:40.0846 7352 mpsdrv - ok
14:26:40.0924 7352 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:26:40.0924 7352 MRxDAV - ok
14:26:40.0987 7352 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:26:40.0987 7352 mrxsmb - ok
14:26:41.0049 7352 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:26:41.0049 7352 mrxsmb10 - ok
14:26:41.0080 7352 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:26:41.0096 7352 mrxsmb20 - ok
14:26:41.0143 7352 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:26:41.0158 7352 msahci - ok
14:26:41.0190 7352 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:26:41.0190 7352 msdsm - ok
14:26:41.0236 7352 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:26:41.0236 7352 Msfs - ok
14:26:41.0268 7352 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:26:41.0268 7352 mshidkmdf - ok
14:26:41.0299 7352 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:26:41.0299 7352 msisadrv - ok
14:26:41.0346 7352 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:26:41.0346 7352 MSKSSRV - ok
14:26:41.0377 7352 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:26:41.0377 7352 MSPCLOCK - ok
14:26:41.0408 7352 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:26:41.0408 7352 MSPQM - ok
14:26:41.0455 7352 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:26:41.0455 7352 MsRPC - ok
14:26:41.0486 7352 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:26:41.0486 7352 mssmbios - ok
14:26:41.0502 7352 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:26:41.0517 7352 MSTEE - ok
14:26:41.0548 7352 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:26:41.0564 7352 MTConfig - ok
14:26:41.0580 7352 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:26:41.0580 7352 Mup - ok
14:26:41.0642 7352 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:26:41.0642 7352 NativeWifiP - ok
14:26:41.0782 7352 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111021.034\NAVENG.SYS
14:26:41.0782 7352 NAVENG - ok
14:26:41.0876 7352 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111021.034\NAVEX15.SYS
14:26:41.0954 7352 NAVEX15 - ok
14:26:42.0048 7352 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:26:42.0048 7352 NDIS - ok
14:26:42.0094 7352 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:26:42.0094 7352 NdisCap - ok
14:26:42.0110 7352 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:26:42.0110 7352 NdisTapi - ok
14:26:42.0157 7352 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:26:42.0157 7352 Ndisuio - ok
14:26:42.0235 7352 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:26:42.0235 7352 NdisWan - ok
14:26:42.0297 7352 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:26:42.0297 7352 NDProxy - ok
14:26:42.0360 7352 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
14:26:42.0360 7352 Netaapl - ok
14:26:42.0391 7352 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:26:42.0391 7352 NetBIOS - ok
14:26:42.0422 7352 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:26:42.0438 7352 NetBT - ok
14:26:42.0640 7352 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
14:26:42.0781 7352 NETw5s32 - ok
14:26:42.0921 7352 netw5v32 (fb6d0c4caf4c6984079656f26ffd7b86) C:\Windows\system32\DRIVERS\netw5v32.sys
14:26:43.0015 7352 netw5v32 - ok
14:26:43.0062 7352 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:26:43.0062 7352 nfrd960 - ok
14:26:43.0108 7352 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:26:43.0108 7352 Npfs - ok
14:26:43.0124 7352 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:26:43.0124 7352 nsiproxy - ok
14:26:43.0202 7352 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:26:43.0218 7352 Ntfs - ok
14:26:43.0280 7352 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:26:43.0280 7352 NuidFltr - ok
14:26:43.0296 7352 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:26:43.0311 7352 Null - ok
14:26:43.0342 7352 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
14:26:43.0358 7352 NVENETFD - ok
14:26:43.0436 7352 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\Windows\system32\drivers\nvhda32v.sys
14:26:43.0436 7352 NVHDA - ok
14:26:43.0654 7352 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:26:43.0904 7352 nvlddmkm - ok
14:26:43.0951 7352 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:26:43.0966 7352 nvraid - ok
14:26:43.0982 7352 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:26:43.0998 7352 nvstor - ok
14:26:44.0044 7352 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:26:44.0044 7352 nv_agp - ok
14:26:44.0076 7352 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:26:44.0076 7352 ohci1394 - ok
14:26:44.0122 7352 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:26:44.0122 7352 Parport - ok
14:26:44.0169 7352 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:26:44.0169 7352 partmgr - ok
14:26:44.0200 7352 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:26:44.0200 7352 Parvdm - ok
14:26:44.0216 7352 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:26:44.0232 7352 pci - ok
14:26:44.0247 7352 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:26:44.0247 7352 pciide - ok
14:26:44.0278 7352 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:26:44.0294 7352 pcmcia - ok
14:26:44.0325 7352 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:26:44.0325 7352 pcw - ok
14:26:44.0356 7352 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:26:44.0356 7352 PEAUTH - ok
14:26:44.0466 7352 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
14:26:44.0466 7352 Point32 - ok
14:26:44.0512 7352 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:26:44.0512 7352 PptpMiniport - ok
14:26:44.0528 7352 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:26:44.0528 7352 Processor - ok
14:26:44.0559 7352 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:26:44.0575 7352 Psched - ok
14:26:44.0622 7352 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
14:26:44.0622 7352 PxHelp20 - ok
14:26:44.0700 7352 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:26:44.0731 7352 ql2300 - ok
14:26:44.0762 7352 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:26:44.0762 7352 ql40xx - ok
14:26:44.0793 7352 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:26:44.0793 7352 QWAVEdrv - ok
14:26:44.0809 7352 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:26:44.0809 7352 RasAcd - ok
14:26:44.0824 7352 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:26:44.0824 7352 RasAgileVpn - ok
14:26:44.0840 7352 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:26:44.0840 7352 Rasl2tp - ok
14:26:44.0871 7352 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:26:44.0887 7352 RasPppoe - ok
14:26:44.0887 7352 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:26:44.0902 7352 RasSstp - ok
14:26:44.0934 7352 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:26:44.0949 7352 rdbss - ok
14:26:44.0965 7352 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:26:44.0965 7352 rdpbus - ok
14:26:45.0012 7352 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:26:45.0012 7352 RDPCDD - ok
14:26:45.0043 7352 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:26:45.0043 7352 RDPENCDD - ok
14:26:45.0058 7352 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:26:45.0058 7352 RDPREFMP - ok
14:26:45.0105 7352 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:26:45.0105 7352 RDPWD - ok
14:26:45.0168 7352 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:26:45.0168 7352 rdyboost - ok
14:26:45.0199 7352 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
14:26:45.0214 7352 RFCOMM - ok
14:26:45.0261 7352 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:26:45.0261 7352 rspndr - ok
14:26:45.0292 7352 RTL8167 (ae51516a7f70af7b5d9070fe41442e87) C:\Windows\system32\DRIVERS\Rt86win7.sys
14:26:45.0292 7352 RTL8167 - ok
14:26:45.0339 7352 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:26:45.0355 7352 sbp2port - ok
14:26:45.0386 7352 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:26:45.0386 7352 scfilter - ok
14:26:45.0433 7352 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
14:26:45.0448 7352 sdbus - ok
14:26:45.0480 7352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:26:45.0480 7352 secdrv - ok
14:26:45.0511 7352 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:26:45.0511 7352 Serenum - ok
14:26:45.0542 7352 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:26:45.0542 7352 Serial - ok
14:26:45.0589 7352 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:26:45.0589 7352 sermouse - ok
14:26:45.0651 7352 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:26:45.0651 7352 sffdisk - ok
14:26:45.0667 7352 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:26:45.0667 7352 sffp_mmc - ok
14:26:45.0698 7352 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:26:45.0698 7352 sffp_sd - ok
14:26:45.0729 7352 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:26:45.0729 7352 sfloppy - ok
14:26:45.0760 7352 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:26:45.0760 7352 sisagp - ok
14:26:45.0807 7352 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:26:45.0807 7352 SiSRaid2 - ok
14:26:45.0823 7352 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:26:45.0823 7352 SiSRaid4 - ok
14:26:45.0870 7352 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:26:45.0870 7352 Smb - ok
14:26:45.0916 7352 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:26:45.0916 7352 spldr - ok
14:26:46.0041 7352 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
14:26:46.0057 7352 SRTSP - ok
14:26:46.0088 7352 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
14:26:46.0088 7352 SRTSPX - ok
14:26:46.0135 7352 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:26:46.0150 7352 srv - ok
14:26:46.0182 7352 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:26:46.0197 7352 srv2 - ok
14:26:46.0228 7352 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:26:46.0244 7352 SrvHsfHDA - ok
14:26:46.0291 7352 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:26:46.0306 7352 SrvHsfV92 - ok
14:26:46.0338 7352 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:26:46.0369 7352 SrvHsfWinac - ok
14:26:46.0384 7352 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:26:46.0384 7352 srvnet - ok
14:26:46.0478 7352 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:26:46.0478 7352 stexstor - ok
14:26:46.0540 7352 STHDA (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys
14:26:46.0556 7352 STHDA - ok
14:26:46.0603 7352 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:26:46.0618 7352 swenum - ok
14:26:46.0759 7352 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS
14:26:46.0774 7352 SymDS - ok
14:26:46.0821 7352 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
14:26:46.0852 7352 SymEFA - ok
14:26:46.0899 7352 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:26:46.0915 7352 SymEvent - ok
14:26:46.0930 7352 SYMFW - ok
14:26:46.0993 7352 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
14:26:46.0993 7352 SymIRON - ok
14:26:47.0008 7352 SYMNDISV - ok
14:26:47.0118 7352 SymNetS (2c688094650d23b62b0a809decd0b12f) C:\Windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS
14:26:47.0118 7352 SymNetS - ok
14:26:47.0242 7352 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
14:26:47.0242 7352 Tcpip - ok
14:26:47.0305 7352 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
14:26:47.0305 7352 TCPIP6 - ok
14:26:47.0352 7352 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:26:47.0352 7352 tcpipreg - ok
14:26:47.0398 7352 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:26:47.0398 7352 TDPIPE - ok
14:26:47.0414 7352 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:26:47.0414 7352 TDTCP - ok
14:26:47.0461 7352 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:26:47.0461 7352 tdx - ok
14:26:47.0508 7352 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:26:47.0508 7352 TermDD - ok
14:26:47.0632 7352 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:26:47.0632 7352 tssecsrv - ok
14:26:47.0695 7352 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:26:47.0695 7352 TsUsbFlt - ok
14:26:47.0773 7352 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:26:47.0773 7352 tunnel - ok
14:26:47.0820 7352 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:26:47.0820 7352 uagp35 - ok
14:26:47.0898 7352 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:26:47.0898 7352 udfs - ok
14:26:47.0944 7352 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:26:47.0944 7352 uliagpkx - ok
14:26:47.0976 7352 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:26:47.0976 7352 umbus - ok
14:26:48.0007 7352 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:26:48.0007 7352 UmPass - ok
14:26:48.0069 7352 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:26:48.0069 7352 USBAAPL - ok
14:26:48.0085 7352 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:26:48.0085 7352 usbccgp - ok
14:26:48.0132 7352 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:26:48.0147 7352 usbcir - ok
14:26:48.0163 7352 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
14:26:48.0163 7352 usbehci - ok
14:26:48.0210 7352 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:26:48.0210 7352 usbhub - ok
14:26:48.0241 7352 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:26:48.0241 7352 usbohci - ok
14:26:48.0272 7352 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:26:48.0272 7352 usbprint - ok
14:26:48.0288 7352 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:26:48.0288 7352 USBSTOR - ok
14:26:48.0319 7352 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:26:48.0319 7352 usbuhci - ok
14:26:48.0350 7352 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
14:26:48.0350 7352 usbvideo - ok
14:26:48.0366 7352 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:26:48.0366 7352 vdrvroot - ok
14:26:48.0412 7352 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:26:48.0412 7352 vga - ok
14:26:48.0428 7352 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:26:48.0428 7352 VgaSave - ok
14:26:48.0444 7352 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:26:48.0444 7352 vhdmp - ok
14:26:48.0490 7352 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:26:48.0490 7352 viaagp - ok
14:26:48.0506 7352 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:26:48.0506 7352 ViaC7 - ok
14:26:48.0568 7352 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:26:48.0568 7352 viaide - ok
14:26:48.0584 7352 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:26:48.0600 7352 volmgr - ok
14:26:48.0615 7352 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:26:48.0615 7352 volmgrx - ok
14:26:48.0631 7352 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:26:48.0646 7352 volsnap - ok
14:26:48.0662 7352 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:26:48.0662 7352 vsmraid - ok
14:26:48.0693 7352 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:26:48.0693 7352 vwifibus - ok
14:26:48.0709 7352 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:26:48.0709 7352 vwififlt - ok
14:26:48.0756 7352 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
14:26:48.0756 7352 vwifimp - ok
14:26:48.0771 7352 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:26:48.0771 7352 WacomPen - ok
14:26:48.0834 7352 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:26:48.0834 7352 WANARP - ok
14:26:48.0834 7352 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:26:48.0849 7352 Wanarpv6 - ok
14:26:48.0927 7352 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:26:48.0927 7352 Wd - ok
14:26:48.0958 7352 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:26:48.0958 7352 Wdf01000 - ok
14:26:49.0021 7352 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:26:49.0021 7352 WfpLwf - ok
14:26:49.0036 7352 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:26:49.0036 7352 WIMMount - ok
14:26:49.0130 7352 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:26:49.0130 7352 WinUsb - ok
14:26:49.0192 7352 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:26:49.0208 7352 WmiAcpi - ok
14:26:49.0270 7352 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:26:49.0270 7352 ws2ifsl - ok
14:26:49.0333 7352 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:26:49.0333 7352 WudfPf - ok
14:26:49.0380 7352 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:26:49.0395 7352 WUDFRd - ok
14:26:49.0442 7352 MBR (0x1B8) (4140eec3324ec933c67512cbe5f45b91) \Device\Harddisk0\DR0
14:26:49.0458 7352 \Device\Harddisk0\DR0 - ok
14:26:49.0458 7352 Boot (0x1200) (9a7c7949393acbb0ae9e73ee6f4f5af5) \Device\Harddisk0\DR0\Partition0
14:26:49.0458 7352 \Device\Harddisk0\DR0\Partition0 - ok
14:26:49.0473 7352 Boot (0x1200) (b7c47b1ea0c1c8fe18eb909d45692826) \Device\Harddisk0\DR0\Partition1
14:26:49.0473 7352 \Device\Harddisk0\DR0\Partition1 - ok
14:26:49.0504 7352 Boot (0x1200) (93762e3f3bb28aefb9007f25d597db54) \Device\Harddisk0\DR0\Partition2
14:26:49.0504 7352 \Device\Harddisk0\DR0\Partition2 - ok
14:26:49.0504 7352 Boot (0x1200) (03c639eb89fe2b5637bab4c1d52ada21) \Device\Harddisk0\DR0\Partition3
14:26:49.0504 7352 \Device\Harddisk0\DR0\Partition3 - ok
14:26:49.0504 7352 ============================================================
14:26:49.0504 7352 Scan finished
14:26:49.0504 7352 ============================================================
14:26:49.0536 7804 Detected object count: 0
14:26:49.0536 7804 Actual detected object count: 0
14:27:22.0408 6540 Deinitialize success

#9 liltricia

liltricia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 October 2011 - 01:40 AM

ComboFix 11-10-21.06 - tricia 0/2011 Sun 14:09:58.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.3039.1652 [GMT 8:00]
执行位置: c:\users\tricia\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( 2011-09-23 至 2011-10-23 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-10-23 06:20 . 2011-10-23 06:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 16:01 . 2011-10-14 16:01 -------- d-----w- C:\dcache
2011-10-14 15:07 . 2011-10-14 15:07 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-10-14 14:42 . 2011-10-14 14:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-14 14:27 . 2011-10-22 04:12 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-14 14:27 . 2011-10-14 15:07 -------- d-----w- c:\programdata\Hitman Pro
2011-10-14 13:49 . 2010-07-09 00:44 32824 ----a-w- c:\windows\system32\rrMon.sys
2011-10-14 13:49 . 2011-10-14 15:14 -------- d-----w- c:\program files\Registrar Registry Manager
2011-10-14 12:51 . 2011-10-14 12:51 388096 ----a-r- c:\users\tricia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-14 12:51 . 2011-10-14 12:51 -------- d-----w- c:\program files\HiJack
2011-10-14 11:55 . 2011-10-15 05:37 -------- d-----w- C:\FavoriteVideo
2011-10-14 11:00 . 2011-10-14 11:00 -------- d-----w- c:\users\tricia\AppData\Roaming\Malwarebytes
2011-10-14 11:00 . 2011-10-14 11:00 -------- d-----w- c:\programdata\Malwarebytes
2011-10-14 11:00 . 2011-10-14 11:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-14 11:00 . 2011-08-31 09:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-13 00:25 . 2011-10-13 00:25 -------- d-----w- c:\program files\iPod
2011-10-13 00:21 . 2011-10-13 00:21 -------- d-----w- c:\program files\Bonjour
2011-10-12 06:09 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 06:09 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 06:09 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 06:09 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 06:09 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-09-28 07:07 . 2011-09-28 07:07 -------- d-----w- c:\users\tricia\AppData\Roaming\360safe
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 09:26 . 2011-07-05 17:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-30 15:05 . 2011-08-30 15:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 15:05 . 2011-08-30 15:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-16 16:48 . 2011-08-16 16:48 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-12 18:36 . 2010-10-19 16:44 153632 ----a-w- c:\windows\system32\ikutm.dll
2011-10-11 06:36 . 2011-03-23 05:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-11 18:05 . 2010-01-11 14:45 253952 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll
2009-11-30 15:08 . 2009-12-05 08:04 79664 ----a-w- c:\program files\mozilla firefox\components\ThunderComponent.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
2010-04-19 22:08 312896 ----a-w- c:\program files\Tudou\飞速Tudou\tudouDetector.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-07-16 233472]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-29 282624]
"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 567864]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Grid Service"="c:\program files\GridService\peer.exe" [2008-12-30 4993024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-18 273544]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
启动飞速土豆.lnk - c:\program files\Tudou\飞速Tudou\TudouVa.exe [2010-6-12 1404928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-31 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
2010-02-24 03:25 214408 ----a-w- c:\program files\PPStream\PPSAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 10:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-04 25600]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-23 4232192]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\NIS\1007000.01E\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-11 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx86.sys [2011-10-14 818808]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111021.030\IDSvix86.sys [2011-08-22 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS [2011-07-08 299640]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [2010-09-06 2704640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
计划任务 文件夹 里的内容
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735353548-3141926483-3738584842-1001Core.job
- c:\users\tricia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-22 16:56]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735353548-3141926483-3738584842-1001UA.job
- c:\users\tricia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-22 16:56]
.
2011-09-27 c:\windows\Tasks\HPCeeScheduleFortricia.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-08 21:38]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.goong.info
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 0.0.0.80:80
IE: &V使用Vagaa哇嘎下载 - c:\vagaa\Data\vg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\ikutm.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
Trusted Zone: gogobox.com.tw
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 218.186.1.58 202.156.1.78 202.156.1.38
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\94gw4l6k.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 2
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1735353548-3141926483-3738584842-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,{*N茤f*l*v*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1735353548-3141926483-3738584842-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{660A672B-6524-6606-DBE6-5BA1ADAF593E}*]
"hajfdejliiljohoo"=hex:6a,61,70,63,6c,62,62,6b,68,6d,67,68,63,67,6a,66,6f,6f,
6b,6f,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\鹠燫0RV*a*g*a*a*qQ玁\command]
@="explorer \"vagaa://|share|%1\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'Explorer.exe'(7728)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
完成时间: 2011-10-23 14:23:58
ComboFix-quarantined-files.txt 2011-10-23 06:23
ComboFix2.txt 2011-10-14 12:11
ComboFix3.txt 2011-10-14 11:42
.
Pre-Run: 84,717,973,504 bytes free
Post-Run: 85,090,082,816 bytes free
.
- - End Of File - - 34580EF085B3BCC2222B2709C7918D52

OTL logfile created on: 10/23/2011 2:28:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\tricia\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

2.97 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 47.38% Memory free
5.93 Gb Paging File | 4.09 Gb Available in Paging File | 68.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.74 Gb Total Space | 79.19 Gb Free Space | 17.45% Space Free | Partition Type: NTFS
Drive D: | 11.72 Gb Total Space | 1.95 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: TRICIA-PC | User Name: tricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/23 14:27:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tricia\Desktop\OTL.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/24 12:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/18 13:44:31 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/17 08:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/03/22 02:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/31 08:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/31 08:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/24 12:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/24 03:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/22 09:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/22 09:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
PRC - [2009/07/22 02:34:52 | 000,567,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/03/03 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
PRC - [2008/12/31 01:45:08 | 004,993,024 | ---- | M] (FS2YOU) -- C:\Program Files\GridService\peer.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 07:42:12 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\81db02eff5c3514571c1abf0c1eac52e\System.Management.ni.dll
MOD - [2011/10/12 21:08:43 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5693ef411e9d6ad691028ac8d4057753\System.Windows.Forms.ni.dll
MOD - [2011/10/12 21:07:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4d4bed76b14c6d57f8920b25176417b5\System.Drawing.ni.dll
MOD - [2011/10/12 21:07:32 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b30468a5f935dcf2725536b6c9bf7d9d\System.ni.dll
MOD - [2011/10/12 21:07:21 | 011,491,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4c2b00c9c2f2109037cd39d7b7a81633\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/22 02:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/22 02:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/24 03:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/22 02:34:52 | 000,567,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/06/18 03:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/18 03:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/18 03:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/17 08:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/01/13 18:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/04/12 03:00:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/31 08:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/22 09:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/23 02:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/03 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/15 07:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/23 00:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111021.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/04 12:19:27 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111021.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 12:19:27 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111021.034\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/28 12:36:50 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/28 12:36:50 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/08 17:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/05/10 07:05:56 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/31 11:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 11:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/15 10:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 14:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 13:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 03:02:46 | 002,704,640 | ---- | M] (Novatek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV - [2010/07/01 17:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/21 20:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/24 00:51:46 | 004,232,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/22 09:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 06:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/14 06:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/09 05:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/09 05:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009/07/04 09:56:04 | 000,025,600 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/05/25 11:50:50 | 000,203,824 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/04/29 23:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goong.info


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\tricia\Desktop
IE - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
IE - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 1A 5A 77 6A 8A CC 01 [binary data]
IE - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.80:80

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.4.7
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9415/tudouva.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(568).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\tricia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tricia\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tricia\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/09/28 13:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_2_3 [2011/10/22 12:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2010/04/26 00:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/18 13:45:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/22 12:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 18:07:06 | 000,000,000 | ---D | M]

[2009/11/30 23:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tricia\AppData\Roaming\Mozilla\Extensions
[2011/10/16 14:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\94gw4l6k.default\extensions
[2011/08/18 13:57:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\94gw4l6k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/14 22:00:56 | 000,001,820 | ---- | M] () -- C:\Users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\94gw4l6k.default\searchplugins\bing.xml
[2011/07/06 01:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/27 20:05:49 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/16 15:20:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/22 12:10:05 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN_2011_7_2_3
[2011/09/28 13:25:09 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\TRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\94GW4L6K.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/10/11 14:36:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/12 02:05:14 | 000,253,952 | ---- | M] () -- C:\Program Files\mozilla firefox\components\CheckTudouVa.dll
[2009/11/30 23:08:38 | 000,079,664 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\components\ThunderComponent.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteur
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\tricia\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\tricia\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\tricia\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Virtual\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: FaWave = C:\Users\tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicelmgbddfgmpieedjiggifabdpcnln\2011.10.1.0_0\
CHR - Extension: Angry Birds = C:\Users\tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: Angry birds 2 = C:\Users\tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\clocomfidnefnbggmmchcebncgjbambk\2.1_0\
CHR - Extension: Morpheon Dark - Aero = C:\Users\tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi\1.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Speed Dial 2 = C:\Users\tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.5.8.11_0\
CHR - Extension: Plants vs Zombies = C:\Users\tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

O1 HOSTS File: ([2011/10/14 19:39:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (WebDetectorBHO Class) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files\Tudou\飞速Tudou\tudouDetector.dll (土豆网)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Grid Service] C:\Program Files\GridService\peer.exe (FS2YOU)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\启动飞速土豆.lnk = C:\Program Files\Tudou\飞速Tudou\TudouVa.exe (土豆网)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &V使用Vagaa哇嘎下载 - C:\Vagaa\Data\vg.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\ikutm.dll (youku.com)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]gb2 in Trusted sites)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([cache.tv] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivecaption] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivehabit] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivesearch] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([video_1] http in Trusted sites)
O15 - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270635433041 (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} http://www.gogobox.com.tw/neo.fld/GNowStarter.cab (NowStarter Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.78 202.156.1.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CFD11BC-6262-4B22-9A9B-F7CCEA2F01E3}: DhcpNameServer = 218.186.1.58 202.156.1.78 202.156.1.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6137972C-D9E9-4FC1-B095-85445EE33630}: DhcpNameServer = 202.65.244.32 202.65.247.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95843C71-BC6D-4DDD-A3C9-1CDC7DFDEBDA}: DhcpNameServer = 218.186.1.58 202.156.1.78 202.156.1.38
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 14:27:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\tricia\Desktop\OTL.exe
[2011/10/23 14:26:00 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\tricia\Desktop\tdsskiller.exe
[2011/10/23 14:21:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/23 14:20:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/23 14:09:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/23 03:02:02 | 004,269,227 | R--- | C] (Swearware) -- C:\Users\tricia\Desktop\ComboFix.exe
[2011/10/23 02:13:42 | 000,000,000 | ---D | C] -- C:\Users\tricia\Desktop\9eting.com-LOLLIPOP F-电司 DANCE-320K
[2011/10/21 22:22:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\tricia\Desktop\dds.scr
[2011/10/15 00:01:27 | 000,000,000 | ---D | C] -- C:\dcache
[2011/10/14 23:11:07 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/14 23:07:44 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/10/14 22:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/10/14 22:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/10/14 22:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/10/14 21:49:13 | 000,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\Windows\System32\rrMon.sys
[2011/10/14 21:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2011/10/14 20:51:25 | 000,000,000 | ---D | C] -- C:\Users\tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/14 20:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\HiJack
[2011/10/14 20:13:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\tricia\Desktop\TFC.exe
[2011/10/14 19:55:24 | 000,000,000 | ---D | C] -- C:\FavoriteVideo
[2011/10/14 19:17:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/14 19:17:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/14 19:17:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/14 19:17:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/14 19:17:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/14 19:00:54 | 000,000,000 | ---D | C] -- C:\Users\tricia\AppData\Roaming\Malwarebytes
[2011/10/14 19:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/14 19:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/14 19:00:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/14 19:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 08:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 08:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 08:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/12 21:06:59 | 000,000,000 | ---D | C] -- C:\Users\tricia\AppData\Roaming\Opera
[2011/10/12 16:52:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/12 16:52:24 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/12 16:52:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/12 16:52:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/12 16:52:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/12 14:09:52 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 14:09:52 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 14:09:25 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/04 02:55:40 | 000,000,000 | ---D | C] -- C:\Users\tricia\Desktop\temp
[2011/09/28 15:07:09 | 000,000,000 | ---D | C] -- C:\Users\tricia\AppData\Roaming\360safe
[2010/03/15 20:13:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\tricia\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/10/23 14:27:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tricia\Desktop\OTL.exe
[2011/10/23 14:26:07 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\tricia\Desktop\tdsskiller.exe
[2011/10/23 14:14:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1735353548-3141926483-3738584842-1001UA.job
[2011/10/23 12:01:58 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1735353548-3141926483-3738584842-1001Core.job
[2011/10/23 11:58:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/23 03:02:18 | 004,269,227 | R--- | M] (Swearware) -- C:\Users\tricia\Desktop\ComboFix.exe
[2011/10/23 02:13:28 | 087,899,296 | ---- | M] () -- C:\Users\tricia\Desktop\9eting.com-LOLLIPOP_F-电司_DANCE-320K.zip
[2011/10/22 14:08:17 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 14:08:17 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 12:12:41 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/10/22 12:10:44 | 000,001,107 | ---- | M] () -- C:\Users\tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\启动飞速土豆.lnk
[2011/10/22 12:09:31 | 2389,913,600 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/21 22:56:13 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/21 22:56:13 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/21 22:33:21 | 000,302,592 | ---- | M] () -- C:\Users\tricia\Desktop\6h13oy5w.exe
[2011/10/21 22:22:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\tricia\Desktop\dds.scr
[2011/10/21 12:05:56 | 365,613,438 | ---- | M] () -- C:\Users\tricia\Desktop\Private.Practice.S05E04.HDTV.XviD-LOL.avi
[2011/10/21 11:37:01 | 366,233,872 | ---- | M] () -- C:\Users\tricia\Desktop\Greys.Anatomy.S08E06.HDTV.XviD-LOL.avi
[2011/10/21 11:11:27 | 366,640,672 | ---- | M] () -- C:\Users\tricia\Desktop\Charlies.Angels.2011.S01E05.HDTV.XviD-LOL.avi
[2011/10/18 17:03:29 | 000,066,439 | ---- | M] () -- C:\Users\tricia\Desktop\313286_274776682554452_110610082304447_915197_915049144_n.jpg
[2011/10/17 10:57:13 | 000,149,143 | ---- | M] () -- C:\Users\tricia\Desktop\300566_10150409663635935_212186170934_10405556_1492394935_n.jpg
[2011/10/14 23:07:44 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/10/14 20:13:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\tricia\Desktop\TFC.exe
[2011/10/14 19:39:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/14 19:10:12 | 000,000,000 | ---- | M] () -- C:\Users\tricia\defogger_reenable
[2011/10/13 08:26:14 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/12 21:05:39 | 003,942,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/12 01:36:49 | 000,443,021 | ---- | M] () -- C:\Users\tricia\Desktop\From This Moment On - Bella Andre.epub
[2011/10/12 01:36:48 | 000,274,580 | ---- | M] () -- C:\Users\tricia\Desktop\The Look Of Love - Bella Andre.epub
[2011/10/12 01:06:23 | 000,536,423 | ---- | M] () -- C:\Users\tricia\Desktop\Johanna Lindsey - Sherring Cross 3 - The Pursuit -.pdf
[2011/10/12 01:06:15 | 000,589,205 | ---- | M] () -- C:\Users\tricia\Desktop\Johanna Lindsey - Sherring Cross 1 - Man Of My Dreams.pdf
[2011/10/12 01:06:08 | 000,389,852 | ---- | M] () -- C:\Users\tricia\Desktop\Johanna Lindsey - Sherring Cross 2 - Love me Forever.pdf
[2011/10/11 14:36:46 | 000,002,002 | ---- | M] () -- C:\Users\tricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/09 23:06:56 | 123,617,236 | ---- | M] () -- C:\Users\tricia\Desktop\Jason_Derulo《_Future_History》-320K-9Eting音乐社区-huwoods.rar
[2011/10/05 23:23:29 | 000,002,407 | ---- | M] () -- C:\Users\tricia\Desktop\Google Chrome.lnk
[2011/09/28 13:25:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\FunshionService.timestamp
[2011/09/28 00:45:05 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortricia.job

========== Files Created - No Company Name ==========

[2011/10/23 01:59:06 | 087,899,296 | ---- | C] () -- C:\Users\tricia\Desktop\9eting.com-LOLLIPOP_F-电司_DANCE-320K.zip
[2011/10/21 22:33:20 | 000,302,592 | ---- | C] () -- C:\Users\tricia\Desktop\6h13oy5w.exe
[2011/10/21 11:11:50 | 365,613,438 | ---- | C] () -- C:\Users\tricia\Desktop\Private.Practice.S05E04.HDTV.XviD-LOL.avi
[2011/10/21 10:42:36 | 366,233,872 | ---- | C] () -- C:\Users\tricia\Desktop\Greys.Anatomy.S08E06.HDTV.XviD-LOL.avi
[2011/10/21 10:22:56 | 366,640,672 | ---- | C] () -- C:\Users\tricia\Desktop\Charlies.Angels.2011.S01E05.HDTV.XviD-LOL.avi
[2011/10/18 17:03:32 | 000,066,439 | ---- | C] () -- C:\Users\tricia\Desktop\313286_274776682554452_110610082304447_915197_915049144_n.jpg
[2011/10/17 10:57:16 | 000,149,143 | ---- | C] () -- C:\Users\tricia\Desktop\300566_10150409663635935_212186170934_10405556_1492394935_n.jpg
[2011/10/14 22:27:27 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/10/14 19:17:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/14 19:17:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/14 19:17:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/14 19:17:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/14 19:17:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/14 19:10:12 | 000,000,000 | ---- | C] () -- C:\Users\tricia\defogger_reenable
[2011/10/13 08:26:14 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/12 01:36:45 | 000,443,021 | ---- | C] () -- C:\Users\tricia\Desktop\From This Moment On - Bella Andre.epub
[2011/10/12 01:36:42 | 000,274,580 | ---- | C] () -- C:\Users\tricia\Desktop\The Look Of Love - Bella Andre.epub
[2011/10/12 01:06:05 | 000,536,423 | ---- | C] () -- C:\Users\tricia\Desktop\Johanna Lindsey - Sherring Cross 3 - The Pursuit -.pdf
[2011/10/12 01:06:03 | 000,389,852 | ---- | C] () -- C:\Users\tricia\Desktop\Johanna Lindsey - Sherring Cross 2 - Love me Forever.pdf
[2011/10/12 01:05:58 | 000,589,205 | ---- | C] () -- C:\Users\tricia\Desktop\Johanna Lindsey - Sherring Cross 1 - Man Of My Dreams.pdf
[2011/10/09 22:46:41 | 123,617,236 | ---- | C] () -- C:\Users\tricia\Desktop\Jason_Derulo《_Future_History》-320K-9Eting音乐社区-huwoods.rar
[2011/09/18 23:58:07 | 000,000,911 | ---- | C] () -- C:\Users\tricia\AppData\Roaming\coreavc.ini
[2011/08/23 18:06:57 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2011/08/23 18:06:57 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2011/08/23 18:06:57 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2011/08/23 18:06:57 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2011/08/23 18:06:57 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2011/08/23 18:06:57 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2011/04/29 03:02:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2011/03/27 20:07:02 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/05 09:42:28 | 000,001,940 | ---- | C] () -- C:\Users\tricia\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/08 22:38:22 | 000,224,904 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/08/04 12:55:44 | 000,160,872 | ---- | C] () -- C:\Windows\System32\Cam122.ini
[2010/06/22 02:24:05 | 000,000,091 | ---- | C] () -- C:\Windows\user.ini
[2010/03/15 20:13:23 | 000,007,887 | ---- | C] () -- C:\Users\tricia\AppData\Roaming\pcouffin.cat
[2010/03/15 20:13:23 | 000,001,144 | ---- | C] () -- C:\Users\tricia\AppData\Roaming\pcouffin.inf
[2009/12/05 16:05:06 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2009/12/02 01:30:08 | 000,000,235 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/29 22:52:56 | 000,000,358 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/11/12 04:39:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/16 08:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 003,942,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,618,912 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,107,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 06:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/07/14 06:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/07/14 06:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/14 06:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/06/20 13:54:14 | 000,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll

< End of report >

#10 liltricia

liltricia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 October 2011 - 01:42 AM

OTL Extras logfile created on: 10/23/2011 2:28:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\tricia\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

2.97 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 47.38% Memory free
5.93 Gb Paging File | 4.09 Gb Available in Paging File | 68.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.74 Gb Total Space | 79.19 Gb Free Space | 17.45% Space Free | Partition Type: NTFS
Drive D: | 11.72 Gb Total Space | 1.95 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: TRICIA-PC | User Name: tricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1735353548-3141926483-3738584842-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [添加到Vagaa共享] -- explorer "vagaa://|share|%1" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS???μ? -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ?????? -- (PPStream Inc)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10F0131F-1CA2-4433-8473-7C890C769581}_is1" = Monitor Off Utility 1.0
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5C3E7880-7F8B-4A06-A3C3-95509F092161}" = HP MediaSmart SmartMenu
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67EEE999-6738-48E8-925E-65109656CD81}" = calibre
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6959A52E-2B55-4042-9DF7-0F31EBDEDA60}" = EZface ActiveX 210
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76D0B7D8-6683-4D54-A108-046A5E542F0B}" = SoftStylus
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{BCA9BA16-4512-49E3-8F58-1546A0BE8532}" = HP User Guides 0144
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE29AF6F-4BF5-485F-8736-9AE4A400748B}" = Alcor Micro USB Card Reader
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0_is1" = Adobe Audition 3.0 优化版
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 2.7.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Fiddler2" = Fiddler2
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.19.324
"GOGOBOX" = GOGOBOX
"GoldWave v5.52" = GoldWave v5.52
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iku2.1" = iKu 2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{CE29AF6F-4BF5-485F-8736-9AE4A400748B}" = Alcor Micro USB Card Reader
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"iTudou" = iTudou 2.7.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Overture 4 Demo" = Overture 4 Demo
"Plants vs. Zombies" = Plants vs. Zombies
"PPStream" = PPS影音 V2.7.0.1210 正式版
"PROHYBRIDR" = 2007 Microsoft Office system
"RaySource" = RaySource 2.1.10.8366
"RealPlayer 12.0" = RealPlayer
"Shutdown Timer_is1" = Shutdown Timer 1.0
"StreamTorrent 1.0" = StreamTorrent 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.0
"Vagaa哇嘎_is1" = Vagaa version 2.6.7.5
"VLC media player" = VLC media player 1.1.5
"VLC Streamer_is1" = VLC Streamer 1.22
"WildTangent hp Master Uninstall" = HP Games
"WinAVI Video Converter" = WinAVI Video Converter
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"飞速土豆" = 飞速土豆 1.40.19.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1735353548-3141926483-3738584842-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2011 3:44:27 PM | Computer Name = tricia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4384

Error - 2/21/2011 3:44:27 PM | Computer Name = tricia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4384

Error - 2/21/2011 3:44:28 PM | Computer Name = tricia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2011 3:44:28 PM | Computer Name = tricia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5398

Error - 2/21/2011 3:44:28 PM | Computer Name = tricia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5398

Error - 2/22/2011 1:16:57 AM | Computer Name = tricia-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DVDAgent.exe, version: 5.0.0.0, time stamp:
0x4a685206 Faulting module name: CLRCEngine3.dll_unloaded, version: 0.0.0.0, time
stamp: 0x490efec5 Exception code: 0xc0000005 Fault offset: 0x003f1e3e Faulting process
id: 0xde0 Faulting application start time: 0x01cbcfefbda535e0 Faulting application
path: c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe Faulting module path:
CLRCEngine3.dll Report Id: f77db0c8-3e42-11e0-a4f5-0021cc413b26

Error - 2/22/2011 1:55:18 AM | Computer Name = tricia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/22/2011 1:55:20 AM | Computer Name = tricia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/22/2011 1:55:42 AM | Computer Name = tricia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/22/2011 1:55:42 AM | Computer Name = tricia-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Hewlett-Packard Events ]
Error - 12/27/2010 9:58:44 AM | Computer Name = tricia-PC | Source = Hewlett-Packard | ID = 0
Description = en-SG Exception has been thrown by the target of an invocation. mscorlib

at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Object
reference not set to an instance of an object.

Error - 1/1/2011 10:05:27 AM | Computer Name = tricia-PC | Source = Hewlett-Packard | ID = 0
Description = en-SG Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 4/1/2011 9:34:53 AM | Computer Name = tricia-PC | Source = Hewlett-Packard | ID = 0
Description = en-SG Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 4/18/2011 1:26:18 AM | Computer Name = tricia-PC | Source = Hewlett-Packard | ID = 0
Description = en-SG Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 5/30/2011 1:32:53 AM | Computer Name = tricia-PC | Source = Hewlett-Packard | ID = 0
Description = en-SG Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 5/30/2011 1:33:18 AM | Computer Name = tricia-PC | Source = Hewlett-Packard | ID = 0
Description = en-SG Exception has been thrown by the target of an invocation. mscorlib

at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Object
reference not set to an instance of an object.

Error - 6/6/2011 1:34:57 AM | Computer Name = tricia-PC | Source = Hewlett-Packard | ID = 0
Description = en-SG Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 8/15/2011 1:20:09 AM | Computer Name = tricia-PC | Source = Hewlett-Packard | ID = 0
Description = en-SG Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 9/5/2011 6:42:26 AM | Computer Name = tricia-PC | Source = Hewlett-Packard | ID = 0
Description = en-SG Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 10/3/2011 1:03:12 AM | Computer Name = tricia-PC | Source = Hewlett-Packard | ID = 0
Description = en-SG Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


[ OSession Events ]
Error - 7/6/2010 11:10:34 AM | Computer Name = tricia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/2/2011 4:34:35 AM | Computer Name = tricia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/2/2011 7:26:41 AM | Computer Name = tricia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/9/2011 4:39:41 AM | Computer Name = tricia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/21/2011 2:19:03 PM | Computer Name = tricia-PC | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/21/2011 2:55:11 PM | Computer Name = tricia-PC | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 10/21/2011 2:57:47 PM | Computer Name = tricia-PC | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 10/21/2011 3:00:36 PM | Computer Name = tricia-PC | Source = Service Control Manager | ID = 7034
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 3 time(s).

Error - 10/22/2011 12:10:03 AM | Computer Name = tricia-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/22/2011 9:22:09 AM | Computer Name = tricia-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 10/23/2011 12:04:19 AM | Computer Name = tricia-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/23/2011 2:09:50 AM | Computer Name = tricia-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/23/2011 2:16:04 AM | Computer Name = tricia-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/23/2011 2:20:23 AM | Computer Name = tricia-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:44 AM

Posted 23 October 2011 - 08:58 AM

Hi,

P2P Warning

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case StreamTorrent 1.0 and Vagaa ). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

I strongly recommend that you uninstall these programs, however, should you decide to keep this program please refrain from using it until we get your computer clean and always show caution in any files you download.


We need to run an OTL Fix

:exclame: Note: In this fix, I am resetting your browser homepages and proxy settings therefore you may need to reconfigure these after the fix.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goong.info
    IE - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
    IE - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
    IE - HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.80:80
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="
    FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9415/tudouva.pac"
    FF - prefs.js..network.proxy.type: 2
    CHR - default_search_provider: search_url = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteur
    CHR - default_search_provider: suggest_url = 
    O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    [2011/09/28 15:07:09 | 000,000,000 | ---D | C] -- C:\Users\tricia\AppData\Roaming\360safe
    
    :commands
    [CREATERESTOREPOINT]
    [PURITY]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Caasey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#12 liltricia

liltricia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 24 October 2011 - 10:56 AM

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E :

value set successfully!
HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\SOFTWARE

\Microsoft\Internet Explorer\Main\\Start Page| /E : value set

successfully!
HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\Software

\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride|

/E : value set successfully!
HKU\S-1-5-21-1735353548-3141926483-3738584842-1001\Software

\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E

: value set successfully!
Prefs.js: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="

removed from keyword.URL
Prefs.js: "http://127.0.0.1:9415/tudouva.pac" removed from

network.proxy.autoconfig_url
Prefs.js: 2 removed from network.proxy.type
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
C:\autoexec.bat moved successfully.
C:\Users\tricia\AppData\Roaming\360safe folder moved successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 10242011_235541

#13 liltricia

liltricia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 24 October 2011 - 11:03 AM

i'm still facing the problem of google custom search when i use the search function on the address bar, just to let you know.

#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:44 AM

Posted 24 October 2011 - 12:53 PM

Google custom search. Could you try to expand on that for me please? Is it a legitimate Google address? What's custom about it?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 liltricia

liltricia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 25 October 2011 - 08:01 AM

in normal cases, if you search anything thru the address bar on the top of the internet browser, it should look like the picture in the attachment called "normal google search".

but in my case, i'm facing the problem in the attachment called "google custom search"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users