Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer infected by Trojan.Agent.Gen


  • Please log in to reply

#1
Dahelper

Dahelper

    Member

  • Member
  • PipPip
  • 17 posts
Hi fellow geeks!
I have a problem that requires solving. So recently, in our class, there is an epidermic of thumb-drive virus.Classmates who use thumb-drive to transfer their data information to other classmates' computers have made them infected and today, mine have also been infected too!But thankfully, since I have got Symantec Endpoint Protection,the infection did not spread that far(I hope!).But after I reopen the computer, SEP has been popping up messages saying that they blocked a file from tampering with explorer.exe. So after that, I ran a scan using malwarebytes and the result said that I have 1 infected file and it is called Trojan.Agent.Gen(result shown below). But feeling unsure whether the virus has been destroyed for good, I have to give you guys a look in my system and either give me a head-up saying that my system is safe or giving me further instructions to get this pesky malware out of my computer. Thanks a lot!

OTL log:

OTL logfile created on: 25/11/2011 11:45:29 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\113658\Downloads
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

2.92 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 51.07% Memory free
5.83 Gb Paging File | 4.06 Gb Available in Paging File | 69.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.00 Gb Total Space | 28.65 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Drive D: | 266.06 Gb Total Space | 79.09 Gb Free Space | 29.72% Space Free | Partition Type: NTFS

Computer Name: RP113658 | User Name: 113658 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 23:08:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\113658\Downloads\OTL.exe
PRC - [2011/08/04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/07/16 12:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/17 12:40:42 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/04/16 20:54:08 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/01 16:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/01/20 17:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/17 10:44:48 | 000,801,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/14 14:55:24 | 001,426,768 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel.exe
PRC - [2010/12/06 20:44:36 | 000,943,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Easy Display Manager\dmhkcore.exe
PRC - [2010/12/06 20:44:28 | 007,058,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Easy Display Manager\WifiManager.exe
PRC - [2010/11/29 14:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Movie Color Enhancer\MovieColorEnhancer.exe
PRC - [2010/11/23 16:07:20 | 001,755,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\SAMSUNG\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/11/17 17:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files\SAMSUNG\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/11/03 11:00:42 | 002,113,024 | ---- | M] (Megaupload Limited) -- C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
PRC - [2010/09/09 17:31:06 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/09/09 17:31:06 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/09/09 17:31:04 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/09/09 17:31:04 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/09/09 17:31:02 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/08/27 10:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files\SAMSUNG\Samsung Update Plus\SUPBackground.exe
PRC - [2010/07/21 12:55:02 | 002,835,744 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/07/21 12:55:02 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/07/21 12:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/03/29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/02/10 23:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/11/06 08:59:08 | 000,520,192 | ---- | M] (Republic Polytechnic) -- C:\Program Files\Republic Poly\UTClient\UTAgent.exe
PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/07/14 09:26:21 | 000,101,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/06 13:57:38 | 000,032,768 | ---- | M] () -- C:\Program Files\WOW Vision\wowVEOS\StreamingServer.exe
PRC - [2006/12/09 19:04:10 | 000,128,832 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
PRC - [2006/12/09 19:04:10 | 000,117,568 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 08:32:26 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9fd745809e19a5d89664ce39dca5a1fd\System.Windows.Forms.ni.dll
MOD - [2011/11/18 08:32:14 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\dfc4d66aa1c881c5113227aa6a651f1d\System.Web.Services.ni.dll
MOD - [2011/11/18 08:32:00 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9c231c541f6a3ee6175680ff16e48d58\System.Drawing.ni.dll
MOD - [2011/11/18 08:31:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0404f57d897ed8c8f55d93bd500eb2ed\System.Xml.ni.dll
MOD - [2011/11/18 08:31:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\713abf381855421ddeca48b74a1fd93c\System.Configuration.ni.dll
MOD - [2011/11/18 08:31:40 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\238cc390c937027c598abd385df3be72\System.ni.dll
MOD - [2011/11/18 08:31:30 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1ec9ca97505278a1f18ce928f0ab6d7f\mscorlib.ni.dll
MOD - [2011/11/15 13:39:54 | 000,420,920 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
MOD - [2011/11/15 13:39:53 | 003,702,840 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 13:38:16 | 000,122,952 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 13:38:15 | 000,222,280 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 13:38:14 | 001,746,504 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/15 10:36:18 | 008,593,056 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011/11/15 10:36:18 | 008,593,056 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\APPLIC~1\15.0.874.121\gcswf32.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/03 10:58:18 | 000,019,968 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwinit.dll
MOD - [2010/11/03 10:58:14 | 000,015,360 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwssl.dll
MOD - [2010/11/03 10:58:12 | 000,061,440 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwapp.dll
MOD - [2010/11/03 10:58:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwhttp.dll
MOD - [2010/11/03 10:58:00 | 000,036,864 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwftp.dll
MOD - [2010/11/03 10:57:58 | 000,033,280 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwmime.dll
MOD - [2010/11/03 10:57:56 | 000,020,480 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwdir.dll
MOD - [2010/11/03 10:57:54 | 000,055,296 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwhtml.dll
MOD - [2010/11/03 10:57:54 | 000,026,112 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwstream.dll
MOD - [2010/11/03 10:57:50 | 000,024,064 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwfile.dll
MOD - [2010/11/03 10:57:48 | 000,027,648 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwcache.dll
MOD - [2010/11/03 10:57:46 | 000,022,016 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwtrans.dll
MOD - [2010/11/03 10:57:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwcore.dll
MOD - [2010/11/03 10:57:30 | 000,038,400 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwutils.dll
MOD - [2010/07/05 19:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files\SAMSUNG\Movie Color Enhancer\WinCRT.dll
MOD - [2010/05/07 23:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files\SAMSUNG\Samsung Recovery Solution 5\Resdll.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/01 16:46:20 | 000,839,680 | R--- | M] () -- C:\Program Files\Megaupload\Mega Manager\libeay32.dll
MOD - [2009/12/01 16:46:20 | 000,159,744 | R--- | M] () -- C:\Program Files\Megaupload\Mega Manager\ssleay32.dll
MOD - [2009/12/01 16:46:20 | 000,062,464 | R--- | M] () -- C:\Program Files\Megaupload\Mega Manager\hs_regex.dll
MOD - [2009/05/06 13:57:38 | 000,032,768 | ---- | M] () -- C:\Program Files\WOW Vision\wowVEOS\StreamingServer.exe
MOD - [2009/05/02 13:47:24 | 000,016,384 | ---- | M] () -- C:\Program Files\WOW Vision\wowVEOS\LightFTPServerLogInterface.dll
MOD - [2006/09/10 22:04:12 | 000,188,416 | ---- | M] () -- C:\Program Files\Republic Poly\UTClient\utenc.dll
MOD - [2006/08/12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SAMSUNG\Easy Display Manager\HookDllPS2.dll
MOD - [2000/01/01 08:00:00 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/14 13:53:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/06 22:56:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 20:54:08 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/01 16:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/09/09 17:31:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/09/09 17:31:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/09/09 17:31:04 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/09/09 17:31:04 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/09/09 17:31:02 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/21 12:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/09 19:04:10 | 000,128,832 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -- (FwcAgent)


========== Driver Services (SafeList) ==========

DRV - [2011/11/09 15:49:08 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 15:49:08 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/22 22:24:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111124.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/22 22:24:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111124.036\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/28 00:01:33 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/16 20:54:08 | 010,552,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/16 20:54:08 | 000,020,328 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvpciflt.sys -- (nvpciflt)
DRV - [2011/04/16 20:06:02 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011/04/16 20:06:02 | 000,061,824 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2011/04/16 10:53:11 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/04/16 10:52:43 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/09 17:31:08 | 000,043,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/09/09 17:31:06 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/09/09 17:31:06 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/09/09 17:31:06 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/09/09 17:31:04 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/09/09 17:31:04 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/09/09 17:30:58 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/09/09 17:30:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/09/09 17:30:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/04/19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 07:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/12/15 13:57:00 | 000,023,416 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisrd.sys -- (Ndisrd)
DRV - [2008/06/11 09:29:20 | 000,041,088 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vacgnrkd.sys -- (EuMusDesignVirtualAudioCableWdm_gnr) Generic Custom Virtual Cable (WDM)
DRV - [2008/03/05 00:00:40 | 000,034,128 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2000/01/01 08:00:00 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ISA-Firewall.rp.sg:8080

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\113658\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\113658\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/09 21:30:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/09 21:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\113658\AppData\Roaming\mozilla\Extensions
[2011/10/08 23:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/08 23:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/06/16 12:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\113658\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Linkbucks Bypass = C:\Users\113658\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjdbebcogpgoffmnpkbpelaindeedjn\1.1_0\

O1 HOSTS File: ([2011/11/25 21:44:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WPGStreaming] C:\Program Files\WOW Vision\wowVEOS\StreamingServer.exe ()
O4 - Startup: C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O15 - HKCU\..Trusted Domains: media.rp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: myrp.edu.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: myrp.rp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: myrp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rp.edu.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: timessoft.rp.sg ([]* in Local intranet)
O16 - DPF: {62415890-4985-0825-2508-23487C2A845F} http://192.168.1.188...ab/ipcamera.cab (IPCamera Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA85F0F-8445-4C1F-A458-F3337DAF092D}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Program Files\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation)
O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) -C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/25 23:03:33 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2011/11/25 22:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/25 22:53:27 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/25 22:39:04 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Roaming\Malwarebytes
[2011/11/25 22:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/25 22:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 22:38:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/25 22:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/25 21:49:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/25 21:44:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/25 21:27:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/25 21:27:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/25 21:27:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/25 21:27:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/25 21:27:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/25 21:21:58 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{2A6A45C0-537A-40B0-9487-93182503CED5}
[2011/11/25 21:21:45 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{B6106C73-77F2-4771-8A21-2C3CB9FA227E}
[2011/11/25 15:25:45 | 000,000,000 | ---D | C] -- C:\Users\113658\Documents\OneNote Notebooks
[2011/11/25 08:32:08 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{E9643B62-1739-49E8-BCA7-C170C3BFBC85}
[2011/11/25 08:31:40 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{02AF3872-62A1-442E-97DD-8E1AAEA24FA1}
[2011/11/24 09:24:16 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{F7808B3F-A486-47F8-9BF1-F4A0A7AD9B93}
[2011/11/24 09:23:54 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1CB9FAC6-9262-49DC-A099-1BC97025E74F}
[2011/11/23 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{7DC61455-B174-454A-A0D9-25DF1E68AFA7}
[2011/11/23 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{2795A759-E490-4B64-8AF5-9F7FF686EEC3}
[2011/11/23 08:52:52 | 000,000,000 | ---D | C] -- C:\umlet_11_1
[2011/11/23 08:34:47 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{531F63A6-CBBD-4085-98DE-54137B8DE905}
[2011/11/23 08:34:26 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{D173E84F-D09A-4FA3-9399-AD4A1EA56BCC}
[2011/11/22 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{EE40D5DD-3877-4AD1-9BAE-F8A9F4777B1E}
[2011/11/22 15:39:38 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{4296C094-A804-4F0D-99DA-CC57DDD5F98B}
[2011/11/22 02:01:24 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1DA3557F-F67C-4255-8BC3-BF69CE3101B5}
[2011/11/22 02:01:02 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{E2BBFA57-C298-4AF6-8263-87D384C5D352}
[2011/11/21 14:00:23 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{A930550B-268E-4F7D-BA9A-571AD0BAD4E0}
[2011/11/21 13:59:59 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{B50C329D-9CEA-4958-98C5-84D9CF7F088E}
[2011/11/20 15:46:18 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{979EA20D-9E73-4FDE-A975-3BD72562235D}
[2011/11/20 15:46:04 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{A6D2BDCD-E967-459B-BEA2-D5EFABEAED7C}
[2011/11/19 15:40:33 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{B09CCFFD-35A6-4522-989C-AC52048F0176}
[2011/11/19 15:40:19 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{80EF247E-8396-44A7-8581-027B1C186E1C}
[2011/11/18 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{2D1D8338-2E26-49D2-A491-9F6868FBC9E2}
[2011/11/18 23:06:08 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{43CD8535-8E6B-4356-B3CE-F3FCBBAEAFE9}
[2011/11/18 09:33:52 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1E8346EA-7431-4FF9-8513-B272768218E1}
[2011/11/18 09:33:30 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{96EEB1BC-8FA5-4503-8271-566AB3F3E2CC}
[2011/11/18 01:04:18 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/11/18 01:04:18 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/11/18 01:04:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/11/18 01:04:17 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/11/18 01:04:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/11/18 01:01:14 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/18 00:57:00 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/18 00:56:59 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/11/18 00:56:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/18 00:56:54 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/18 00:56:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/18 00:56:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/18 00:56:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/18 00:56:53 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/18 00:56:52 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/18 00:56:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/18 00:56:51 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/18 00:56:50 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/17 21:33:05 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{ACA7CD90-160F-4F67-B1D9-28DEEC0B2CAD}
[2011/11/17 21:32:44 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{7C6E6AEA-AF52-4135-AB03-D7DC997AF2CB}
[2011/11/17 09:32:17 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{C4A1D532-C215-4A79-B5CE-560590148C0D}
[2011/11/17 09:32:05 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{550FE020-B2C9-4753-A00F-273F72E1EC86}
[2011/11/16 21:31:44 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{5FE850B9-E6C5-4172-A1C2-33F45810C9DD}
[2011/11/16 21:31:33 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{DFEE0EB9-5BF9-432E-9670-415B44B8943F}
[2011/11/16 08:30:54 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{C7C2176A-1DCE-449C-A477-5A1B33236597}
[2011/11/16 08:30:14 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{86AC21EE-82BE-4263-BAE2-11D556C629A7}
[2011/11/15 19:30:13 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{6C1FA556-CB2F-456D-8444-94F4378D33B1}
[2011/11/15 19:30:02 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{7B7D7D45-BFD2-46B8-936D-0D0A39EE95F5}
[2011/11/15 14:22:44 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{40AF4C3A-F11F-4082-AAC5-DB5D39BDF14D}
[2011/11/15 01:55:53 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1E64644C-71A6-4AD2-BA0C-0213667D8D1C}
[2011/11/15 01:55:27 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{53F163C1-99FD-4995-92A5-ECD9955DACB6}
[2011/11/14 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{842176E7-3BA6-4157-B9C3-E9C4D1B00651}
[2011/11/14 13:54:31 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1B6D0FC9-5B36-41D9-981D-16CCF17A095A}
[2011/11/13 19:30:22 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{ECC2F602-0EB4-4843-8E23-84E5F8B2862F}
[2011/11/13 19:30:12 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{4D726FEA-1E8A-402C-A5B1-C497E30C1A43}
[2011/11/12 17:03:14 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{7B648088-B42B-4500-95AF-EE3827FE3E01}
[2011/11/12 17:02:52 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{FC5A6BE1-EABA-4B1F-86F0-79B21D6B4C0A}
[2011/11/11 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{5D812E37-F3AD-42A9-B815-E962BC2E4317}
[2011/11/11 01:42:50 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\Skyrim
[2011/11/11 01:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/11/10 14:44:59 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{08C0477E-4C26-447C-8E57-E2F4F0B6BD27}
[2011/11/10 14:44:43 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1C7104EE-5D71-4F30-A166-6588C54FAB32}
[2011/11/09 14:40:41 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{35692BCB-83C7-42BB-8C6B-EB1CC182410F}
[2011/11/09 14:40:30 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{638DACE3-486A-4AF0-B6D7-E1A084BDF16B}
[2011/11/08 21:57:29 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{92AA301E-BD58-4D81-857D-50D4A9E1D986}
[2011/11/08 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{29A2D9B0-4E8E-474C-9EE9-C3DA3699758C}
[2011/11/07 15:43:50 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{52E94A31-239B-407C-964F-DD70B4781509}
[2011/11/07 15:43:38 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{F2EE1623-48C8-4705-8B62-F757248193E9}
[2011/11/06 15:48:51 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{4253440B-965F-44DB-A26C-01069E3C45DC}
[2011/11/06 15:48:41 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{17FC8FBD-7C99-497F-9A33-5FF77B7C7B29}
[2011/11/05 14:17:39 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{31B44EB8-EBBB-49EB-B138-D6F9D6A7F185}
[2011/11/05 14:17:24 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{168402C8-00BD-4E3A-A682-9BCB1C784E74}
[2011/11/04 15:56:37 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{EE4A2FC4-A3D2-49BE-B7D8-31B11A37176B}
[2011/11/04 15:56:23 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{CA07E41D-1E97-47A8-B15A-2596C6ACE75B}
[2011/11/03 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{9401D812-9CEA-4D17-A5D0-1FC495A71F37}
[2011/11/03 22:10:46 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{3409EBAA-4E3A-4802-841D-35E7D5CAD573}
[2011/11/02 21:17:47 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{6D7F7E03-D3EF-47D8-A914-818C5C2E1E21}
[2011/11/02 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{753955DD-E1CC-4CCD-BDCC-E938F4AC3F63}
[2011/11/02 08:51:43 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{6CB18F6B-E98A-47B5-8470-9370008EB8AA}
[2011/11/02 08:51:18 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{831F8DD2-1A39-4E34-AAF0-43BDB76405F9}
[2011/11/01 14:48:06 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{7D3AFE22-2399-40FF-97FB-53225FB8A74B}
[2011/11/01 14:47:56 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{8FA7A8BF-6DD2-424F-A3C6-2B07BB71DC4C}
[2011/10/31 15:01:20 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{5A4DB069-6AB9-4186-B62F-2B4E44A9D92B}
[2011/10/31 15:00:54 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{491B4233-BFBB-4A56-9876-81CC5586EE11}
[2011/10/31 01:39:32 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\THQ
[2011/10/31 01:35:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/10/31 01:35:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/10/31 01:35:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/10/30 15:53:02 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{ABEC6C42-714A-4B0A-B385-909944A6A8D9}
[2011/10/30 15:52:38 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{94FD7DB3-EA0D-43F5-9214-148DC644D63D}
[2011/10/30 02:16:35 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{C0F38810-430D-4866-9139-61F3DAF789ED}
[2011/10/30 02:16:10 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{FBEB4949-EF2A-4F60-8B5B-D443D9A5245E}
[2011/10/29 15:38:22 | 000,000,000 | ---D | C] -- C:\Users\113658\Desktop\GHostOne
[2011/10/29 15:31:55 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garena
[2011/10/29 15:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2011/10/29 15:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Garena Classic
[2011/10/29 15:16:44 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\ghost_configurator
[2011/10/29 14:15:40 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1361D495-A5BE-465B-B7BD-9C7B28F39EDF}
[2011/10/29 14:15:18 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{020E706A-2F03-4218-87D6-C3D22D330D23}
[2011/10/28 21:28:54 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{3BEE1372-D3DD-4C4B-BF21-C50450C92682}
[2011/10/28 21:28:40 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{8E54CA52-FF17-41BC-8B98-5CD5FEB07900}
[2011/10/28 08:31:39 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{94AF0177-9614-4B70-AD1C-025A039D32DA}
[2011/10/28 08:31:09 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{6101495C-3F61-4F89-825E-3E4521FC9A6C}
[2011/10/27 14:20:37 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{64F370EF-B1B2-4223-BF12-A99EB523F921}
[2011/10/27 14:20:11 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{AC3558A7-A0CE-42AE-BD2A-E68C90FD9F65}
[2010/11/28 20:39:30 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/11/25 23:44:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1801674531-725345543-306271UA.job
[2011/11/25 23:43:48 | 000,018,464 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 23:43:48 | 000,018,464 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 23:38:38 | 000,000,483 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/11/25 23:36:36 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/11/25 23:35:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 23:35:19 | 2348,511,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/25 22:53:27 | 000,002,969 | ---- | M] () -- C:\Users\113658\Desktop\HiJackThis.lnk
[2011/11/25 22:38:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 21:44:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/25 21:44:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1801674531-725345543-306271Core.job
[2011/11/25 16:39:27 | 000,653,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/25 16:39:27 | 000,121,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/25 15:25:50 | 000,001,266 | ---- | M] () -- C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/11/24 12:49:01 | 000,003,584 | ---- | M] () -- C:\Users\113658\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/22 01:42:13 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2011/11/19 15:46:00 | 000,002,368 | ---- | M] () -- C:\Users\113658\Desktop\Google Chrome.lnk
[2011/11/18 08:29:52 | 000,440,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/17 08:40:53 | 000,003,212 | RHS- | M] () -- C:\Users\113658\ntuser.pol
[2011/11/17 08:37:35 | 000,000,000 | ---- | M] () -- C:\t1ag.2
[2011/11/08 14:42:22 | 000,000,000 | ---- | M] () -- C:\t1d4.4
[2011/11/06 15:46:21 | 000,000,000 | ---- | M] () -- C:\t190.2
[2011/11/05 14:14:33 | 000,000,000 | ---- | M] () -- C:\t19c.4
[2011/10/29 16:22:16 | 001,372,941 | ---- | M] () -- C:\Users\113658\Desktop\aaa.png
[2011/10/29 15:32:00 | 000,000,999 | ---- | M] () -- C:\Users\113658\Desktop\Garena Classic.lnk

========== Files Created - No Company Name ==========

[2011/11/25 22:53:27 | 000,002,969 | ---- | C] () -- C:\Users\113658\Desktop\HiJackThis.lnk
[2011/11/25 22:38:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 21:27:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/25 21:27:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/25 21:27:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/25 21:27:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/25 21:27:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/25 15:25:50 | 000,001,266 | ---- | C] () -- C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/11/24 12:49:00 | 000,003,584 | ---- | C] () -- C:\Users\113658\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/22 01:42:13 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2011/11/17 08:37:35 | 000,000,000 | ---- | C] () -- C:\t1ag.2
[2011/11/08 14:42:22 | 000,000,000 | ---- | C] () -- C:\t1d4.4
[2011/11/06 15:46:21 | 000,000,000 | ---- | C] () -- C:\t190.2
[2011/11/05 14:14:33 | 000,000,000 | ---- | C] () -- C:\t19c.4
[2011/10/29 16:22:15 | 001,372,941 | ---- | C] () -- C:\Users\113658\Desktop\aaa.png
[2011/10/29 15:32:00 | 000,000,999 | ---- | C] () -- C:\Users\113658\Desktop\Garena Classic.lnk
[2011/10/23 17:41:34 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/06/14 00:22:03 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/06/14 00:22:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/05/31 09:27:08 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/05/04 23:05:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/16 22:12:35 | 000,000,028 | ---- | C] () -- C:\Windows\HotFixList.ini
[2011/04/16 19:50:13 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC.dat
[2011/04/16 19:50:13 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/04/16 19:44:32 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/04/16 19:44:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/04/16 19:44:20 | 000,960,940 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011/04/16 19:44:20 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011/04/16 19:38:37 | 000,080,488 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/04/16 10:27:33 | 000,000,483 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011/04/16 10:26:57 | 000,037,907 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/17 10:45:28 | 000,474,070 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2010/11/28 21:15:58 | 000,206,952 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 000,440,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,653,710 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,121,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 08:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

Malwarebytes Anti Malware:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8238

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25/11/2011 10:48:04 PM
mbam-log-2011-11-25 (22-48-04).txt

Scan type: Quick scan
Objects scanned: 219740
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\113658\AppData\Roaming\Vreqel.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

There is a little program you might want to install (and tell your classmates about) called Autorun Eater
http://download.cnet...4-10752777.html
It's a small program which will stay resident and prevent an infected USB drive from infecting your PC.

One way to keep an infection from spreading via USB drives is to create two folders on the USB drive before you use it on another computer. Call one folder autorun.inf and the other folder desktop.ini
The folders are just empty folders. They work by preventing an infected computer from putting a file of the same name on the USB drive. You should still scan the drive after plugging it in.

Ron
  • 0

#3
Dahelper

Dahelper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Ron,

Thanks for the reply.Here are the logs you requested:

Combofix:


ComboFix 11-11-25.02 - 113658 1/2011 Sat 14:33:11.2.8 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.932.81.1033.18.2985.1603 [GMT 8:00]
Running from: c:\users\113658\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 06:42 . 2011-11-26 06:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-26 06:42 . 2011-11-26 06:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 06:42 . 2011-11-26 06:42 -------- d-----w- c:\users\student_baseline\AppData\Local\temp
2011-11-26 06:42 . 2011-11-26 06:42 -------- d-----w- c:\users\admin\AppData\Local\temp
2011-11-25 14:53 . 2011-11-25 14:53 388096 ----a-r- c:\users\113658\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-25 14:53 . 2011-11-25 14:53 -------- d-----w- c:\program files\Trend Micro
2011-11-25 14:39 . 2011-11-25 14:39 -------- d-----w- c:\users\113658\AppData\Roaming\Malwarebytes
2011-11-25 14:38 . 2011-11-25 14:38 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 14:38 . 2011-08-31 09:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 14:38 . 2011-11-25 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-23 00:52 . 2011-11-23 00:52 -------- d-----w- C:\umlet_11_1
2011-11-17 17:04 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-17 17:04 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-17 17:04 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-17 17:04 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-17 17:04 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-11-17 17:04 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-17 17:04 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-11-17 17:01 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 16:57 . 2011-10-01 02:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-10 17:42 . 2011-11-10 17:49 -------- d-----w- c:\users\113658\AppData\Local\Skyrim
2011-10-30 17:39 . 2011-10-30 17:39 -------- d-----w- c:\users\113658\AppData\Local\THQ
2011-10-30 17:35 . 2008-07-12 00:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-10-30 17:35 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-10-30 17:35 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-10-29 07:31 . 2011-10-29 07:33 -------- d-----w- c:\program files\Garena Classic
2011-10-29 07:16 . 2011-10-29 07:16 -------- d-----w- c:\users\113658\AppData\Local\ghost_configurator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 09:50 . 2011-10-23 09:41 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-10-23 09:50 . 2011-10-23 09:41 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-10-23 09:50 . 2011-06-13 16:22 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-10-23 09:41 . 2011-06-13 16:22 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-23 09:41 . 2011-06-13 16:22 280736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-10-08 15:07 . 2011-04-16 02:36 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-21 17:30 . 2011-09-21 17:29 8107 ----a-w- c:\windows\w7dsd.reg
2011-09-21 17:30 . 2011-09-21 17:29 8089 ----a-w- c:\windows\w7dse.reg
2011-09-21 17:29 . 2011-09-21 17:29 233888 ----a-w- c:\windows\system32\DreamScene.dll
2011-09-21 14:32 . 2011-09-21 14:32 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-16 04:17 . 2011-07-09 13:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-17 399736]
"WPGStreaming"="c:\program files\WOW Vision\wowVEOS\StreamingServer.exe" [2009-05-06 32768]
"Mega Manager"="c:\program files\Megaupload\Mega Manager\MegaManager.exe" [2010-11-03 2113024]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-09-09 115560]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 9972328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 177176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 836896]
Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
UTAgent 4.7.lnk - c:\program files\Republic Poly\UTClient\UTAgent.exe [2011-4-16 520192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-306271\Scripts\Logon\0\0]
"Script"=rpstorage.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-36406\Scripts\Logon\0\0]
"Script"=script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-36406\Scripts\Logon\1\0]
"Script"=advclient.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Classic\safedrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-16 20328]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-27 218688]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-16 2009704]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2000-01-01 297000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33320]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-03-04 34128]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104]
S3 EuMusDesignVirtualAudioCableWdm_gnr;Generic Custom Virtual Cable (WDM);c:\windows\system32\DRIVERS\vacgnrkd.sys [2008-06-11 41088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2000-01-01 269824]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [2008-12-15 23416]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-04-16 61824]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-04-16 141568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 327784]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1801674531-725345543-306271Core.job
- c:\users\113658\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 11:11]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1801674531-725345543-306271UA.job
- c:\users\113658\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 11:11]
.
2011-11-26 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2011-04-13 06:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sg/
uInternet Settings,ProxyServer = ISA-Firewall.rp.sg:8080
uInternet Settings,ProxyOverride = <local>
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll
DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://192.168.1.188:81/en/cab/ipcamera.cab
FF - ProfilePath - c:\users\113658\AppData\Roaming\Mozilla\Firefox\Profiles\e79rl7n4.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Vreqel - c:\users\113658\AppData\Roaming\Vreqel.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-724803936-3942047656-3826316143-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\Installation]
"strAbsolutePath"="d:\\マブラヴ11\\"
"strObjectOcean"="d:\\マブラヴ11\\マブラヴ11.rio"
"strIciPath"="d:\\マブラヴ11\\マブラヴ11.rio.ici"
"strTTFileName"="マブラヴ11.rbt"
"strInstallSourcePath"="f:\\"
"bInstalled"=dword:00000001
"strInstallTypeSelect"="1"
"strInstallSystemType"=""
.
[HKEY_USERS\S-1-5-21-724803936-3942047656-3826316143-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\InstallFont]
"MS Pゴシック%#24%$-B%$-A"="マブラヴ11.rio\\MS Pゴシック24BA.5RF"
"MS Pゴシック%#16%$-B"="マブラヴ11.rio\\MS Pゴシック16B.5RF"
.
[HKEY_USERS\S-1-5-21-724803936-3942047656-3826316143-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\PeculiarToTheApp]
"strTheAppName"="マブラヴ1.1"
.
[HKEY_USERS\S-1-5-21-724803936-3942047656-3826316143-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rUGPBasic]
"strRugpPluginFolder"="d:\\マブラヴ11\\Plugins"
"nRugpVersion"=dword:0000157c
"bIsIllegalTerminateCheck"=dword:00000000
.
[HKEY_USERS\S-1-5-21-724803936-3942047656-3826316143-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmBoxSettings]
"nWndFrameLevel"=dword:00000003
"nWndBaseRatioSrc"=dword:000000c0
"nWndBaseRatioDst"=dword:00000006
"nWndBaseColor1"=dword:002020a0
"nWndBaseColor2"=dword:00c0c0ff
"nWndBaseGradation"=dword:00000001
"nFontBlank"=dword:00000002
"nMainFontColor"=dword:ffffffff
"nSelectedFontColor"=dword:ff8090c0
.
[HKEY_USERS\S-1-5-21-724803936-3942047656-3826316143-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmInstallation]
"strFontCachePath"="d:\\マブラヴ11\\"
"strVirtuaRegistryAbsolutePath"="d:\\マブラヴ11\\Vmreg\\"
.
[HKEY_USERS\S-1-5-21-724803936-3942047656-3826316143-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmPeculiarToTheApp]
"strStandardFont"="MS Pゴシック%#24%$-B%$-A"
"strLowSpecFont"="MS Pゴシック%#16%$-B"
"bCanSettingWindow"=dword:00000001
"bCanSettingFont"=dword:00000001
"bPageOverNext"=dword:00000000
"bUucAccessMasterKey"=dword:00000001
"bCanSettingSound"=dword:00000001
"bFullScreenMenuOff"=dword:00000000
"bWindowMenuAccessMasterKey"=dword:00000001
.
[HKEY_USERS\S-1-5-21-724803936-3942047656-3826316143-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmUISettings]
"dwMainFontStyle"=dword:00000005
"bFullScreen"=dword:00000001
"strCurrentMonitorDevice"=""
"dwCurrentMonitorFlag"=dword:00000000
"nWindowSize"=dword:00000003
"nFaceWindowSize"=dword:00000003
"isBgm"=dword:00000001
"isEffect"=dword:00000001
"nVoiceLevel"=dword:00000001
"nLayeredEffect"=dword:00000001
"nSeenMsgSkip"=dword:00000001
"nAutoMsgSkip"=dword:00000000
"bMouseTrace"=dword:00000001
"nTextSpeed"=dword:00000030
.
[HKEY_USERS\S-1-5-21-724803936-3942047656-3826316143-1001\Software\Tarte\ォ0ソ0マ0ヘ0_*庵T]
"IsInst"="1"
"MultiInstStat"="0"
"InstTo"="d:\\Program Files\\Tarte\\カタハネ"
"AbnormalTerminateFlg"="0"
"WinStat"="0"
"FastModeFlg_AR"="1"
"AutoSpeed"="1000"
"MojiSpeed"="1000"
"EffectSpeed"="1000"
"VoiceVolume"="1000"
"MusicVolume"="200"
"SoundVolume"="500"
"NANIDO"="0"
"GameSpeed"="1"
"TOPMOST"="0"
"FullScFreq"="0"
"FullScBits"="0"
"WinPosX"="150"
"WinPosY"="120"
.
[HKEY_USERS\S-1-5-21-839522115-1801674531-725345543-306271\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\Installation]
"strAbsolutePath"="d:\\マブラヴ11\\"
"strObjectOcean"="d:\\マブラヴ11\\マブラヴ11.rio"
"strIciPath"="d:\\マブラヴ11\\マブラヴ11.rio.ici"
"strTTFileName"="マブラヴ11.rbt"
"strInstallSourcePath"="f:\\"
"bInstalled"=dword:00000001
"strInstallTypeSelect"="1"
"strInstallSystemType"=""
.
[HKEY_USERS\S-1-5-21-839522115-1801674531-725345543-306271\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\InstallFont]
"MS Pゴシック%#16%$-B"="マブラヴ11.rio\\MS Pゴシック16B.5RF"
"MS Pゴシック%#24%$-B%$-A"="マブラヴ11.rio\\MS Pゴシック24BA.5RF"
.
[HKEY_USERS\S-1-5-21-839522115-1801674531-725345543-306271\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\PeculiarToTheApp]
"strTheAppName"="マブラヴ1.1"
.
[HKEY_USERS\S-1-5-21-839522115-1801674531-725345543-306271\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rUGPBasic]
"strRugpPluginFolder"="d:\\マブラヴ11\\Plugins"
"nRugpVersion"=dword:0000157c
"bIsIllegalTerminateCheck"=dword:00000000
.
[HKEY_USERS\S-1-5-21-839522115-1801674531-725345543-306271\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmBoxSettings]
"nWndFrameLevel"=dword:00000003
"nWndBaseRatioSrc"=dword:000000c0
"nWndBaseRatioDst"=dword:00000006
"nWndBaseColor1"=dword:002020a0
"nWndBaseColor2"=dword:00c0c0ff
"nWndBaseGradation"=dword:00000001
"nFontBlank"=dword:00000002
"nMainFontColor"=dword:ffffffff
"nSelectedFontColor"=dword:ff8090c0
.
[HKEY_USERS\S-1-5-21-839522115-1801674531-725345543-306271\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmInstallation]
"strFontCachePath"="d:\\マブラヴ11\\"
"strVirtuaRegistryAbsolutePath"="d:\\マブラヴ11\\Vmreg\\"
.
[HKEY_USERS\S-1-5-21-839522115-1801674531-725345543-306271\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmPeculiarToTheApp]
"bCanSettingWindow"=dword:00000001
"bCanSettingFont"=dword:00000001
"bPageOverNext"=dword:00000000
"bUucAccessMasterKey"=dword:00000001
"bCanSettingSound"=dword:00000001
"bFullScreenMenuOff"=dword:00000000
"bWindowMenuAccessMasterKey"=dword:00000001
"strLowSpecFont"="MS Pゴシック%#16%$-B"
"strStandardFont"="MS Pゴシック%#24%$-B%$-A"
.
[HKEY_USERS\S-1-5-21-839522115-1801674531-725345543-306271\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmUISettings]
"bFullScreen"=dword:00000000
"strCurrentMonitorDevice"="\\\\.\\DISPLAY1"
"dwCurrentMonitorFlag"=dword:00000001
"nWindowSize"=dword:00000003
"nFaceWindowSize"=dword:00000003
"isBgm"=dword:00000001
"isEffect"=dword:00000001
"nVoiceLevel"=dword:00000001
"nLayeredEffect"=dword:00000001
"nSeenMsgSkip"=dword:00000001
"nAutoMsgSkip"=dword:00000000
"bMouseTrace"=dword:00000001
"dwMainFontStyle"=dword:0000000c
"nTextSpeed"=dword:00000030
.
[HKEY_USERS\S-1-5-21-839522115-1801674531-725345543-306271\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?慴"=hex:33,bf,15,b0,20,0f,58,bd,6b,0d,0e,64,60,82,d9,93,7f,e5,20,10,93,c6,31,
05,1b,07,26,ee,96,1f,d6,52,f0,f7,74,47,34,67,69,47,ee,44,c9,88,e8,bc,64,7e,\
"?祥"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-839522115-1801674531-725345543-306271\Software\Tarte\ォ0ソ0マ0ヘ0_*庵T]
"IsInst"="1"
"MultiInstStat"="0"
"InstTo"="d:\\Program Files\\Tarte\\カタハネ"
"AbnormalTerminateFlg"="0"
"WinStat"="0"
"FastModeFlg_AR"="1"
"AutoSpeed"="1000"
"MojiSpeed"="1000"
"EffectSpeed"="1000"
"VoiceVolume"="1000"
"MusicVolume"="200"
"SoundVolume"="500"
"NANIDO"="0"
"GameSpeed"="1"
"TOPMOST"="0"
"FullScFreq"="0"
"FullScBits"="0"
"WinPosX"="150"
"WinPosY"="120"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6084)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2011-11-26 14:43:27
ComboFix-quarantined-files.txt 2011-11-26 06:43
.
Pre-Run: 30,030,241,792 bytes free
Post-Run: 30,011,314,176 bytes free
.
- - End Of File - - 912D61FB5FB1BF0DBF9C565C0B0F6EEF

TDSSKiller:


15:59:00.0145 6884 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
15:59:00.0927 6884 ============================================================
15:59:00.0928 6884 Current date / time: 2011/11/26 15:59:00.0927
15:59:00.0928 6884 SystemInfo:
15:59:00.0928 6884
15:59:00.0928 6884 OS Version: 6.1.7600 ServicePack: 0.0
15:59:00.0928 6884 Product type: Workstation
15:59:00.0928 6884 ComputerName: RP113658
15:59:00.0928 6884 UserName: 113658
15:59:00.0928 6884 Windows directory: C:\Windows
15:59:00.0928 6884 System windows directory: C:\Windows
15:59:00.0928 6884 Processor architecture: Intel x86
15:59:00.0928 6884 Number of processors: 8
15:59:00.0928 6884 Page size: 0x1000
15:59:00.0928 6884 Boot type: Normal boot
15:59:00.0928 6884 ============================================================
15:59:02.0761 6884 Initialize success
15:59:11.0437 6780 ============================================================
15:59:11.0437 6780 Scan started
15:59:11.0437 6780 Mode: Manual;
15:59:11.0437 6780 ============================================================
15:59:12.0579 6780 1394hub - ok
15:59:12.0632 6780 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
15:59:12.0640 6780 1394ohci - ok
15:59:12.0687 6780 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:59:12.0693 6780 ACPI - ok
15:59:12.0709 6780 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:59:12.0712 6780 AcpiPmi - ok
15:59:12.0752 6780 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:59:12.0759 6780 adp94xx - ok
15:59:12.0782 6780 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:59:12.0796 6780 adpahci - ok
15:59:12.0806 6780 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:59:12.0814 6780 adpu320 - ok
15:59:12.0875 6780 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
15:59:12.0882 6780 AFD - ok
15:59:12.0968 6780 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:59:12.0970 6780 agp440 - ok
15:59:12.0992 6780 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:59:12.0995 6780 aic78xx - ok
15:59:13.0076 6780 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:59:13.0078 6780 aliide - ok
15:59:13.0086 6780 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:59:13.0097 6780 amdagp - ok
15:59:13.0110 6780 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:59:13.0116 6780 amdide - ok
15:59:13.0141 6780 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:59:13.0142 6780 AmdK8 - ok
15:59:13.0150 6780 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:59:13.0151 6780 AmdPPM - ok
15:59:13.0203 6780 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
15:59:13.0205 6780 amdsata - ok
15:59:13.0225 6780 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:59:13.0227 6780 amdsbs - ok
15:59:13.0303 6780 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
15:59:13.0305 6780 amdxata - ok
15:59:13.0324 6780 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:59:13.0326 6780 AppID - ok
15:59:13.0368 6780 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:59:13.0371 6780 arc - ok
15:59:13.0380 6780 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:59:13.0382 6780 arcsas - ok
15:59:13.0416 6780 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:59:13.0417 6780 AsyncMac - ok
15:59:13.0435 6780 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:59:13.0436 6780 atapi - ok
15:59:13.0549 6780 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:59:13.0576 6780 b06bdrv - ok
15:59:13.0592 6780 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:59:13.0601 6780 b57nd60x - ok
15:59:13.0710 6780 BCM43XX (55bbdde1cbd3fa79ea88baaa051d9735) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:59:13.0740 6780 BCM43XX - ok
15:59:13.0826 6780 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:59:13.0827 6780 Beep - ok
15:59:13.0860 6780 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:59:13.0861 6780 blbdrive - ok
15:59:13.0917 6780 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
15:59:13.0918 6780 bowser - ok
15:59:13.0937 6780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:59:13.0939 6780 BrFiltLo - ok
15:59:13.0959 6780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:59:13.0967 6780 BrFiltUp - ok
15:59:14.0001 6780 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:59:14.0006 6780 Brserid - ok
15:59:14.0021 6780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:59:14.0032 6780 BrSerWdm - ok
15:59:14.0048 6780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:59:14.0053 6780 BrUsbMdm - ok
15:59:14.0066 6780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:59:14.0067 6780 BrUsbSer - ok
15:59:14.0154 6780 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
15:59:14.0155 6780 BthEnum - ok
15:59:14.0182 6780 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:59:14.0183 6780 BTHMODEM - ok
15:59:14.0204 6780 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
15:59:14.0205 6780 BthPan - ok
15:59:14.0227 6780 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
15:59:14.0231 6780 BTHPORT - ok
15:59:14.0265 6780 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
15:59:14.0267 6780 BTHUSB - ok
15:59:14.0319 6780 btwampfl (525432cfd6d8c004860af7ecd0a84234) C:\Windows\system32\drivers\btwampfl.sys
15:59:14.0323 6780 btwampfl - ok
15:59:14.0337 6780 btwaudio (cf8799a563f734984d4e053cacec1426) C:\Windows\system32\drivers\btwaudio.sys
15:59:14.0339 6780 btwaudio - ok
15:59:14.0417 6780 btwavdt (9ed9932043d599aea04f6ea2d86964a1) C:\Windows\system32\drivers\btwavdt.sys
15:59:14.0421 6780 btwavdt - ok
15:59:14.0436 6780 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:59:14.0438 6780 btwl2cap - ok
15:59:14.0452 6780 btwrchid (373d1bb0f7dc8f1931f9b7e0de3e9a30) C:\Windows\system32\DRIVERS\btwrchid.sys
15:59:14.0453 6780 btwrchid - ok
15:59:14.0591 6780 catchme - ok
15:59:14.0692 6780 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:59:14.0696 6780 cdfs - ok
15:59:14.0763 6780 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:59:14.0781 6780 cdrom - ok
15:59:14.0809 6780 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:59:14.0811 6780 circlass - ok
15:59:14.0838 6780 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:59:14.0842 6780 CLFS - ok
15:59:14.0946 6780 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:59:14.0948 6780 CmBatt - ok
15:59:14.0987 6780 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:59:14.0989 6780 cmdide - ok
15:59:15.0020 6780 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:59:15.0027 6780 CNG - ok
15:59:15.0058 6780 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:59:15.0059 6780 Compbatt - ok
15:59:15.0093 6780 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:59:15.0095 6780 CompositeBus - ok
15:59:15.0140 6780 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:59:15.0156 6780 crcdisk - ok
15:59:15.0276 6780 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
15:59:15.0284 6780 CSC - ok
15:59:15.0348 6780 dfmirage (699ef0fd9ae72b7f5ad756e382c73e0e) C:\Windows\system32\DRIVERS\dfmirage.sys
15:59:15.0350 6780 dfmirage - ok
15:59:15.0396 6780 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
15:59:15.0398 6780 DfsC - ok
15:59:15.0442 6780 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:59:15.0444 6780 discache - ok
15:59:15.0522 6780 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:59:15.0525 6780 Disk - ok
15:59:15.0592 6780 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:59:15.0594 6780 drmkaud - ok
15:59:15.0658 6780 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:59:15.0662 6780 dtsoftbus01 - ok
15:59:15.0726 6780 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
15:59:15.0741 6780 DXGKrnl - ok
15:59:15.0816 6780 EagleNT - ok
15:59:15.0851 6780 EagleXNt - ok
15:59:15.0957 6780 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:59:16.0001 6780 ebdrv - ok
15:59:16.0075 6780 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:59:16.0082 6780 eeCtrl - ok
15:59:16.0191 6780 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:59:16.0216 6780 elxstor - ok
15:59:16.0274 6780 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:59:16.0276 6780 EraserUtilRebootDrv - ok
15:59:16.0306 6780 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:59:16.0308 6780 ErrDev - ok
15:59:16.0341 6780 EuMusDesignVirtualAudioCableWdm_gnr (e5698d367ec5b12a131c6e0d2b4499aa) C:\Windows\system32\DRIVERS\vacgnrkd.sys
15:59:16.0343 6780 EuMusDesignVirtualAudioCableWdm_gnr - ok
15:59:16.0453 6780 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:59:16.0469 6780 exfat - ok
15:59:16.0481 6780 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:59:16.0485 6780 fastfat - ok
15:59:16.0515 6780 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:59:16.0523 6780 fdc - ok
15:59:16.0549 6780 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:59:16.0550 6780 FileInfo - ok
15:59:16.0566 6780 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:59:16.0575 6780 Filetrace - ok
15:59:16.0616 6780 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:59:16.0628 6780 flpydisk - ok
15:59:16.0675 6780 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:59:16.0678 6780 FltMgr - ok
15:59:16.0705 6780 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:59:16.0707 6780 FsDepends - ok
15:59:16.0720 6780 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:59:16.0722 6780 Fs_Rec - ok
15:59:16.0811 6780 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:59:16.0814 6780 fvevol - ok
15:59:16.0863 6780 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:59:16.0881 6780 gagp30kx - ok
15:59:16.0933 6780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:59:16.0934 6780 GEARAspiWDM - ok
15:59:17.0001 6780 GGSAFERDriver - ok
15:59:17.0096 6780 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
15:59:17.0097 6780 hamachi - ok
15:59:17.0170 6780 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:59:17.0172 6780 hcw85cir - ok
15:59:17.0235 6780 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:59:17.0260 6780 HdAudAddService - ok
15:59:17.0338 6780 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:59:17.0341 6780 HDAudBus - ok
15:59:17.0381 6780 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:59:17.0396 6780 HidBatt - ok
15:59:17.0414 6780 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:59:17.0418 6780 HidBth - ok
15:59:17.0452 6780 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:59:17.0465 6780 HidIr - ok
15:59:17.0492 6780 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:59:17.0493 6780 HidUsb - ok
15:59:17.0520 6780 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:59:17.0528 6780 HpSAMD - ok
15:59:17.0556 6780 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:59:17.0561 6780 HTTP - ok
15:59:17.0617 6780 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:59:17.0617 6780 hwpolicy - ok
15:59:17.0646 6780 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:59:17.0651 6780 i8042prt - ok
15:59:17.0718 6780 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
15:59:17.0743 6780 iaStorV - ok
15:59:18.0022 6780 igfx (45d1bffaecf68a2247fc0e3b78a0adfa) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:59:18.0203 6780 igfx - ok
15:59:18.0282 6780 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:59:18.0286 6780 iirsp - ok
15:59:18.0421 6780 IntcAzAudAddService (b751c833a31a7da037da3f379ad50c2f) C:\Windows\system32\drivers\RTKVHDA.sys
15:59:18.0463 6780 IntcAzAudAddService - ok
15:59:18.0566 6780 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:59:18.0570 6780 IntcDAud - ok
15:59:18.0597 6780 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:59:18.0600 6780 intelide - ok
15:59:18.0635 6780 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:59:18.0636 6780 intelppm - ok
15:59:18.0682 6780 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:18.0685 6780 IpFilterDriver - ok
15:59:18.0711 6780 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:59:18.0713 6780 IPMIDRV - ok
15:59:18.0724 6780 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:59:18.0737 6780 IPNAT - ok
15:59:18.0760 6780 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:59:18.0762 6780 IRENUM - ok
15:59:18.0772 6780 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:59:18.0774 6780 isapnp - ok
15:59:18.0803 6780 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:59:18.0807 6780 iScsiPrt - ok
15:59:18.0886 6780 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:18.0888 6780 kbdclass - ok
15:59:18.0899 6780 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:59:18.0913 6780 kbdhid - ok
15:59:18.0935 6780 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
15:59:18.0936 6780 KSecDD - ok
15:59:18.0966 6780 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
15:59:18.0968 6780 KSecPkg - ok
15:59:19.0016 6780 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:59:19.0017 6780 lltdio - ok
15:59:19.0065 6780 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:59:19.0072 6780 LSI_FC - ok
15:59:19.0160 6780 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:59:19.0165 6780 LSI_SAS - ok
15:59:19.0179 6780 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:59:19.0183 6780 LSI_SAS2 - ok
15:59:19.0196 6780 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:59:19.0198 6780 LSI_SCSI - ok
15:59:19.0228 6780 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:59:19.0230 6780 luafv - ok
15:59:19.0239 6780 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:59:19.0240 6780 megasas - ok
15:59:19.0257 6780 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:59:19.0260 6780 MegaSR - ok
15:59:19.0291 6780 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:59:19.0292 6780 Modem - ok
15:59:19.0318 6780 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:59:19.0318 6780 monitor - ok
15:59:19.0347 6780 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:59:19.0348 6780 mouclass - ok
15:59:19.0436 6780 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:59:19.0438 6780 mouhid - ok
15:59:19.0465 6780 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:59:19.0467 6780 mountmgr - ok
15:59:19.0491 6780 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:59:19.0503 6780 mpio - ok
15:59:19.0524 6780 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:59:19.0525 6780 mpsdrv - ok
15:59:19.0538 6780 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:59:19.0549 6780 MRxDAV - ok
15:59:19.0591 6780 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:19.0593 6780 mrxsmb - ok
15:59:19.0641 6780 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:19.0645 6780 mrxsmb10 - ok
15:59:19.0685 6780 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:19.0687 6780 mrxsmb20 - ok
15:59:19.0762 6780 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
15:59:19.0763 6780 msahci - ok
15:59:19.0776 6780 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:59:19.0793 6780 msdsm - ok
15:59:19.0818 6780 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:59:19.0819 6780 Msfs - ok
15:59:19.0827 6780 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:59:19.0833 6780 mshidkmdf - ok
15:59:19.0844 6780 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:59:19.0845 6780 msisadrv - ok
15:59:19.0890 6780 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:59:19.0892 6780 MSKSSRV - ok
15:59:19.0941 6780 msloop (ade6270c1003923e92a9bbba272133a9) C:\Windows\system32\DRIVERS\loop.sys
15:59:19.0954 6780 msloop - ok
15:59:19.0978 6780 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:19.0980 6780 MSPCLOCK - ok
15:59:20.0058 6780 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:59:20.0068 6780 MSPQM - ok
15:59:20.0088 6780 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:59:20.0091 6780 MsRPC - ok
15:59:20.0110 6780 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:59:20.0111 6780 mssmbios - ok
15:59:20.0124 6780 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:59:20.0132 6780 MSTEE - ok
15:59:20.0154 6780 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:59:20.0156 6780 MTConfig - ok
15:59:20.0179 6780 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:59:20.0180 6780 Mup - ok
15:59:20.0223 6780 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:59:20.0227 6780 NativeWifiP - ok
15:59:20.0372 6780 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111125.019\NAVENG.SYS
15:59:20.0374 6780 NAVENG - ok
15:59:20.0427 6780 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111125.019\NAVEX15.SYS
15:59:20.0451 6780 NAVEX15 - ok
15:59:20.0550 6780 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:59:20.0563 6780 NDIS - ok
15:59:20.0594 6780 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:59:20.0602 6780 NdisCap - ok
15:59:20.0684 6780 Ndisrd (609803d1302b80e895035b09084114c3) C:\Windows\system32\DRIVERS\ndisrd.sys
15:59:20.0686 6780 Ndisrd - ok
15:59:20.0782 6780 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:20.0784 6780 NdisTapi - ok
15:59:20.0814 6780 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:20.0817 6780 Ndisuio - ok
15:59:20.0840 6780 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:20.0844 6780 NdisWan - ok
15:59:20.0859 6780 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:59:20.0861 6780 NDProxy - ok
15:59:20.0903 6780 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
15:59:20.0920 6780 Netaapl - ok
15:59:20.0938 6780 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:59:20.0940 6780 NetBIOS - ok
15:59:20.0959 6780 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:59:20.0962 6780 NetBT - ok
15:59:21.0095 6780 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:59:21.0112 6780 nfrd960 - ok
15:59:21.0143 6780 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:59:21.0144 6780 Npfs - ok
15:59:21.0163 6780 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:59:21.0164 6780 nsiproxy - ok
15:59:21.0225 6780 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
15:59:21.0242 6780 Ntfs - ok
15:59:21.0314 6780 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:59:21.0315 6780 Null - ok
15:59:21.0362 6780 nusb3hub (ff6d3248e791e7a897bd8ea2fbacbcff) C:\Windows\system32\DRIVERS\nusb3hub.sys
15:59:21.0364 6780 nusb3hub - ok
15:59:21.0385 6780 nusb3xhc (b5eb7e275f2967026c6031897624bc51) C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:59:21.0388 6780 nusb3xhc - ok
15:59:21.0634 6780 nvlddmkm (45f67478b9acaf5746a12dee77445e6e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:59:21.0855 6780 nvlddmkm - ok
15:59:21.0947 6780 nvpciflt (a8c6e7e58814453d3e52be49ab43bd1c) C:\Windows\system32\DRIVERS\nvpciflt.sys
15:59:21.0949 6780 nvpciflt - ok
15:59:22.0003 6780 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
15:59:22.0011 6780 nvraid - ok
15:59:22.0024 6780 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
15:59:22.0033 6780 nvstor - ok
15:59:22.0088 6780 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:59:22.0090 6780 nv_agp - ok
15:59:22.0098 6780 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:59:22.0100 6780 ohci1394 - ok
15:59:22.0132 6780 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:59:22.0133 6780 Parport - ok
15:59:22.0191 6780 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
15:59:22.0194 6780 partmgr - ok
15:59:22.0212 6780 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:59:22.0225 6780 Parvdm - ok
15:59:22.0252 6780 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:59:22.0255 6780 pci - ok
15:59:22.0288 6780 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:59:22.0301 6780 pciide - ok
15:59:22.0313 6780 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:59:22.0318 6780 pcmcia - ok
15:59:22.0333 6780 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:59:22.0336 6780 pcw - ok
15:59:22.0359 6780 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:59:22.0368 6780 PEAUTH - ok
15:59:22.0506 6780 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:59:22.0509 6780 PptpMiniport - ok
15:59:22.0571 6780 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\Windows\system32\CCM\prepdrv.sys
15:59:22.0617 6780 prepdrvr - ok
15:59:22.0641 6780 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:59:22.0659 6780 Processor - ok
15:59:22.0704 6780 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:59:22.0706 6780 Psched - ok
15:59:22.0821 6780 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:59:22.0841 6780 ql2300 - ok
15:59:22.0852 6780 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:59:22.0868 6780 ql40xx - ok
15:59:22.0894 6780 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:59:22.0896 6780 QWAVEdrv - ok
15:59:22.0915 6780 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:59:22.0925 6780 RasAcd - ok
15:59:22.0967 6780 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:59:22.0969 6780 RasAgileVpn - ok
15:59:23.0032 6780 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:23.0034 6780 Rasl2tp - ok
15:59:23.0074 6780 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:23.0076 6780 RasPppoe - ok
15:59:23.0088 6780 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:59:23.0090 6780 RasSstp - ok
15:59:23.0108 6780 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:59:23.0112 6780 rdbss - ok
15:59:23.0124 6780 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:59:23.0126 6780 rdpbus - ok
15:59:23.0137 6780 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:23.0138 6780 RDPCDD - ok
15:59:23.0156 6780 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
15:59:23.0158 6780 RDPDR - ok
15:59:23.0193 6780 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:59:23.0195 6780 RDPENCDD - ok
15:59:23.0252 6780 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:59:23.0253 6780 RDPREFMP - ok
15:59:23.0272 6780 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
15:59:23.0275 6780 RDPWD - ok
15:59:23.0302 6780 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:59:23.0305 6780 rdyboost - ok
15:59:23.0347 6780 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
15:59:23.0350 6780 RFCOMM - ok
15:59:23.0368 6780 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:59:23.0370 6780 rspndr - ok
15:59:23.0420 6780 RTL8167 (274b4042a72bfe0e0cf9dcd57fdf94f9) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:59:23.0425 6780 RTL8167 - ok
15:59:23.0454 6780 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
15:59:23.0456 6780 s3cap - ok
15:59:23.0566 6780 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\Windows\system32\Drivers\SABI.sys
15:59:23.0567 6780 SABI - ok
15:59:23.0605 6780 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:59:23.0618 6780 sbp2port - ok
15:59:23.0644 6780 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:59:23.0657 6780 scfilter - ok
15:59:23.0715 6780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:59:23.0716 6780 secdrv - ok
15:59:23.0751 6780 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:59:23.0761 6780 Serenum - ok
15:59:23.0788 6780 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:59:23.0799 6780 Serial - ok
15:59:23.0859 6780 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:59:23.0862 6780 sermouse - ok
15:59:23.0912 6780 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:59:23.0914 6780 sffdisk - ok
15:59:23.0931 6780 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:59:23.0934 6780 sffp_mmc - ok
15:59:23.0950 6780 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:59:23.0961 6780 sffp_sd - ok
15:59:23.0981 6780 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:59:23.0984 6780 sfloppy - ok
15:59:24.0000 6780 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:59:24.0001 6780 sisagp - ok
15:59:24.0041 6780 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:59:24.0055 6780 SiSRaid2 - ok
15:59:24.0069 6780 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:59:24.0096 6780 SiSRaid4 - ok
15:59:24.0112 6780 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:59:24.0125 6780 Smb - ok
15:59:24.0264 6780 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
15:59:24.0271 6780 SPBBCDrv - ok
15:59:24.0345 6780 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:59:24.0346 6780 spldr - ok
15:59:24.0369 6780 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
15:59:24.0378 6780 SRTSP - ok
15:59:24.0397 6780 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
15:59:24.0406 6780 SRTSPL - ok
15:59:24.0417 6780 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
15:59:24.0423 6780 SRTSPX - ok
15:59:24.0466 6780 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
15:59:24.0469 6780 srv - ok
15:59:24.0489 6780 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
15:59:24.0492 6780 srv2 - ok
15:59:24.0505 6780 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
15:59:24.0506 6780 srvnet - ok
15:59:24.0541 6780 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:59:24.0548 6780 stexstor - ok
15:59:24.0617 6780 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:59:24.0620 6780 storflt - ok
15:59:24.0679 6780 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
15:59:24.0680 6780 storvsc - ok
15:59:24.0706 6780 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:59:24.0707 6780 swenum - ok
15:59:24.0753 6780 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:59:24.0756 6780 SymEvent - ok
15:59:24.0794 6780 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
15:59:24.0796 6780 SYMREDRV - ok
15:59:24.0814 6780 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
15:59:24.0818 6780 SYMTDI - ok
15:59:24.0898 6780 SysPlant (8adc033c77b2b006ea59beb2c8c6a38b) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
15:59:24.0900 6780 SysPlant - ok
15:59:24.0976 6780 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
15:59:24.0993 6780 Tcpip - ok
15:59:25.0075 6780 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
15:59:25.0093 6780 TCPIP6 - ok
15:59:25.0127 6780 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:59:25.0128 6780 tcpipreg - ok
15:59:25.0150 6780 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:59:25.0156 6780 TDPIPE - ok
15:59:25.0179 6780 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
15:59:25.0179 6780 TDTCP - ok
15:59:25.0192 6780 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:59:25.0194 6780 tdx - ok
15:59:25.0266 6780 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\Windows\system32\DRIVERS\teefer2.sys
15:59:25.0269 6780 Teefer2 - ok
15:59:25.0287 6780 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:59:25.0289 6780 TermDD - ok
15:59:25.0390 6780 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:25.0392 6780 tssecsrv - ok
15:59:25.0430 6780 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:59:25.0433 6780 tunnel - ok
15:59:25.0461 6780 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:59:25.0464 6780 uagp35 - ok
15:59:25.0490 6780 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
15:59:25.0496 6780 udfs - ok
15:59:25.0530 6780 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:59:25.0532 6780 uliagpkx - ok
15:59:25.0555 6780 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:59:25.0557 6780 umbus - ok
15:59:25.0638 6780 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:59:25.0645 6780 UmPass - ok
15:59:25.0719 6780 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
15:59:25.0735 6780 USBAAPL - ok
15:59:25.0776 6780 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:25.0779 6780 usbccgp - ok
15:59:25.0804 6780 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:59:25.0819 6780 usbcir - ok
15:59:25.0865 6780 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
15:59:25.0867 6780 usbehci - ok
15:59:25.0890 6780 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
15:59:25.0894 6780 usbhub - ok
15:59:25.0933 6780 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
15:59:25.0936 6780 usbohci - ok
15:59:26.0000 6780 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:59:26.0004 6780 usbprint - ok
15:59:26.0047 6780 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:26.0051 6780 USBSTOR - ok
15:59:26.0098 6780 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
15:59:26.0112 6780 usbuhci - ok
15:59:26.0161 6780 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
15:59:26.0165 6780 usbvideo - ok
15:59:26.0210 6780 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:59:26.0211 6780 vdrvroot - ok
15:59:26.0295 6780 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:26.0298 6780 vga - ok
15:59:26.0322 6780 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:59:26.0324 6780 VgaSave - ok
15:59:26.0337 6780 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:59:26.0342 6780 vhdmp - ok
15:59:26.0361 6780 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:59:26.0364 6780 viaagp - ok
15:59:26.0376 6780 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:59:26.0380 6780 ViaC7 - ok
15:59:26.0391 6780 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:59:26.0393 6780 viaide - ok
15:59:26.0404 6780 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
15:59:26.0416 6780 vmbus - ok
15:59:26.0425 6780 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:59:26.0426 6780 VMBusHID - ok
15:59:26.0448 6780 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:59:26.0449 6780 volmgr - ok
15:59:26.0464 6780 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:59:26.0467 6780 volmgrx - ok
15:59:26.0485 6780 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:59:26.0487 6780 volsnap - ok
15:59:26.0519 6780 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:59:26.0522 6780 vsmraid - ok
15:59:26.0541 6780 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:59:26.0543 6780 vwifibus - ok
15:59:26.0571 6780 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:59:26.0572 6780 vwififlt - ok
15:59:26.0658 6780 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:59:26.0669 6780 WacomPen - ok
15:59:26.0730 6780 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:26.0732 6780 WANARP - ok
15:59:26.0737 6780 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:26.0738 6780 Wanarpv6 - ok
15:59:26.0768 6780 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:59:26.0774 6780 Wd - ok
15:59:26.0801 6780 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:59:26.0805 6780 Wdf01000 - ok
15:59:26.0837 6780 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:59:26.0837 6780 WfpLwf - ok
15:59:26.0927 6780 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:59:26.0931 6780 WIMMount - ok
15:59:27.0021 6780 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
15:59:27.0031 6780 WinUsb - ok
15:59:27.0112 6780 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:59:27.0114 6780 WmiAcpi - ok
15:59:27.0211 6780 WPS (d48d0b1b5fdc074373c624af3b573412) C:\Windows\system32\drivers\wpsdrvnt.sys
15:59:27.0212 6780 WPS - ok
15:59:27.0254 6780 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
15:59:27.0256 6780 WpsHelper - ok
15:59:27.0295 6780 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:59:27.0299 6780 ws2ifsl - ok
15:59:27.0339 6780 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:59:27.0341 6780 WudfPf - ok
15:59:27.0463 6780 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:27.0468 6780 WUDFRd - ok
15:59:27.0539 6780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:59:27.0555 6780 \Device\Harddisk0\DR0 - ok
15:59:27.0559 6780 Boot (0x1200) (4ca2a8d369b49e4d47d7f4a645ded0bc) \Device\Harddisk0\DR0\Partition0
15:59:27.0560 6780 \Device\Harddisk0\DR0\Partition0 - ok
15:59:27.0575 6780 Boot (0x1200) (2df387edd311bef4bdc1187835cac5da) \Device\Harddisk0\DR0\Partition1
15:59:27.0576 6780 \Device\Harddisk0\DR0\Partition1 - ok
15:59:27.0597 6780 Boot (0x1200) (efaa508db26af764ef72e51329364a64) \Device\Harddisk0\DR0\Partition2
15:59:27.0598 6780 \Device\Harddisk0\DR0\Partition2 - ok
15:59:27.0599 6780 ============================================================
15:59:27.0599 6780 Scan finished
15:59:27.0599 6780 ============================================================
15:59:27.0608 3232 Detected object count: 0
15:59:27.0608 3232 Actual detected object count: 0
15:59:37.0024 1376 Deinitialize success

OTL.txt


OTL logfile created on: 26/11/2011 4:07:53 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\113658\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

2.92 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 51.18% Memory free
5.83 Gb Paging File | 4.09 Gb Available in Paging File | 70.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.00 Gb Total Space | 27.90 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive D: | 266.06 Gb Total Space | 75.93 Gb Free Space | 28.54% Space Free | Partition Type: NTFS

Computer Name: RP113658 | User Name: 113658 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 23:08:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\113658\Desktop\OTL.exe
PRC - [2011/08/04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/07/16 12:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/16 12:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/17 12:40:42 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/04/16 20:54:08 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/01 16:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/01/20 17:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/17 10:44:48 | 000,801,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/14 14:55:24 | 001,426,768 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel.exe
PRC - [2010/12/06 20:44:36 | 000,943,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Easy Display Manager\dmhkcore.exe
PRC - [2010/12/06 20:44:28 | 007,058,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Easy Display Manager\WifiManager.exe
PRC - [2010/11/29 14:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Movie Color Enhancer\MovieColorEnhancer.exe
PRC - [2010/11/23 16:07:20 | 001,755,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\SAMSUNG\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/11/17 17:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files\SAMSUNG\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/11/03 11:00:42 | 002,113,024 | ---- | M] (Megaupload Limited) -- C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
PRC - [2010/09/09 17:31:06 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/09/09 17:31:06 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/09/09 17:31:04 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/09/09 17:31:04 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/09/09 17:31:02 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/08/27 10:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files\SAMSUNG\Samsung Update Plus\SUPBackground.exe
PRC - [2010/07/21 12:55:02 | 002,835,744 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/07/21 12:55:02 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/07/21 12:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/03/29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/02/10 23:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/11/06 08:59:08 | 000,520,192 | ---- | M] (Republic Polytechnic) -- C:\Program Files\Republic Poly\UTClient\UTAgent.exe
PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/07/14 09:26:21 | 000,101,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/06 13:57:38 | 000,032,768 | ---- | M] () -- C:\Program Files\WOW Vision\wowVEOS\StreamingServer.exe
PRC - [2006/12/09 19:04:10 | 000,128,832 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
PRC - [2006/12/09 19:04:10 | 000,117,568 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 08:32:26 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9fd745809e19a5d89664ce39dca5a1fd\System.Windows.Forms.ni.dll
MOD - [2011/11/18 08:32:14 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\dfc4d66aa1c881c5113227aa6a651f1d\System.Web.Services.ni.dll
MOD - [2011/11/18 08:32:00 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9c231c541f6a3ee6175680ff16e48d58\System.Drawing.ni.dll
MOD - [2011/11/18 08:31:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0404f57d897ed8c8f55d93bd500eb2ed\System.Xml.ni.dll
MOD - [2011/11/18 08:31:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\713abf381855421ddeca48b74a1fd93c\System.Configuration.ni.dll
MOD - [2011/11/18 08:31:40 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\238cc390c937027c598abd385df3be72\System.ni.dll
MOD - [2011/11/18 08:31:30 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1ec9ca97505278a1f18ce928f0ab6d7f\mscorlib.ni.dll
MOD - [2011/11/15 13:39:54 | 000,420,920 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
MOD - [2011/11/15 13:39:53 | 003,702,840 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 13:38:16 | 000,122,952 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 13:38:15 | 000,222,280 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 13:38:14 | 001,746,504 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/15 10:36:18 | 008,593,056 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011/11/15 10:36:18 | 008,593,056 | ---- | M] () -- C:\Users\113658\AppData\Local\Google\Chrome\APPLIC~1\15.0.874.121\gcswf32.dll
MOD - [2011/06/16 12:17:34 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/03 10:58:18 | 000,019,968 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwinit.dll
MOD - [2010/11/03 10:58:14 | 000,015,360 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwssl.dll
MOD - [2010/11/03 10:58:12 | 000,061,440 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwapp.dll
MOD - [2010/11/03 10:58:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwhttp.dll
MOD - [2010/11/03 10:58:00 | 000,036,864 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwftp.dll
MOD - [2010/11/03 10:57:58 | 000,033,280 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwmime.dll
MOD - [2010/11/03 10:57:56 | 000,020,480 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwdir.dll
MOD - [2010/11/03 10:57:54 | 000,055,296 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwhtml.dll
MOD - [2010/11/03 10:57:54 | 000,026,112 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwstream.dll
MOD - [2010/11/03 10:57:50 | 000,024,064 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwfile.dll
MOD - [2010/11/03 10:57:48 | 000,027,648 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwcache.dll
MOD - [2010/11/03 10:57:46 | 000,022,016 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwtrans.dll
MOD - [2010/11/03 10:57:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwcore.dll
MOD - [2010/11/03 10:57:30 | 000,038,400 | ---- | M] () -- C:\Program Files\Megaupload\Mega Manager\wwwutils.dll
MOD - [2010/07/05 19:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files\SAMSUNG\Movie Color Enhancer\WinCRT.dll
MOD - [2010/05/07 23:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files\SAMSUNG\Samsung Recovery Solution 5\Resdll.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/01 16:46:20 | 000,839,680 | R--- | M] () -- C:\Program Files\Megaupload\Mega Manager\libeay32.dll
MOD - [2009/12/01 16:46:20 | 000,159,744 | R--- | M] () -- C:\Program Files\Megaupload\Mega Manager\ssleay32.dll
MOD - [2009/12/01 16:46:20 | 000,062,464 | R--- | M] () -- C:\Program Files\Megaupload\Mega Manager\hs_regex.dll
MOD - [2009/11/04 08:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2009/05/06 13:57:38 | 000,032,768 | ---- | M] () -- C:\Program Files\WOW Vision\wowVEOS\StreamingServer.exe
MOD - [2009/05/02 13:47:24 | 000,016,384 | ---- | M] () -- C:\Program Files\WOW Vision\wowVEOS\LightFTPServerLogInterface.dll
MOD - [2006/09/10 22:04:12 | 000,188,416 | ---- | M] () -- C:\Program Files\Republic Poly\UTClient\utenc.dll
MOD - [2006/08/12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SAMSUNG\Easy Display Manager\HookDllPS2.dll
MOD - [2000/01/01 08:00:00 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/14 13:53:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/06 22:56:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 20:54:08 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/01 16:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/09/09 17:31:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/09/09 17:31:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/09/09 17:31:04 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/09/09 17:31:04 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/09/09 17:31:02 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/21 12:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/09 19:04:10 | 000,128,832 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -- (FwcAgent)


========== Driver Services (SafeList) ==========

DRV - [2011/11/09 15:49:08 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 15:49:08 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/22 22:24:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111125.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/22 22:24:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111125.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/28 00:01:33 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/16 20:54:08 | 010,552,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/16 20:54:08 | 000,020,328 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvpciflt.sys -- (nvpciflt)
DRV - [2011/04/16 20:06:02 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011/04/16 20:06:02 | 000,061,824 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2011/04/16 10:53:11 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/04/16 10:52:43 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/09 17:31:08 | 000,043,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/09/09 17:31:06 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/09/09 17:31:06 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/09/09 17:31:06 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/09/09 17:31:04 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/09/09 17:31:04 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/09/09 17:30:58 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/09/09 17:30:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/09/09 17:30:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/04/19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 07:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/12/15 13:57:00 | 000,023,416 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisrd.sys -- (Ndisrd)
DRV - [2008/06/11 09:29:20 | 000,041,088 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vacgnrkd.sys -- (EuMusDesignVirtualAudioCableWdm_gnr) Generic Custom Virtual Cable (WDM)
DRV - [2008/03/05 00:00:40 | 000,034,128 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2000/01/01 08:00:00 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ISA-Firewall.rp.sg:8080

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\113658\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\113658\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/09 21:30:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/09 21:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\113658\AppData\Roaming\mozilla\Extensions
[2011/10/08 23:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/08 23:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/06/16 12:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\113658\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\113658\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Linkbucks Bypass = C:\Users\113658\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjdbebcogpgoffmnpkbpelaindeedjn\1.1_0\

O1 HOSTS File: ([2011/11/25 21:44:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WPGStreaming] C:\Program Files\WOW Vision\wowVEOS\StreamingServer.exe ()
O4 - Startup: C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O15 - HKCU\..Trusted Domains: media.rp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: myrp.edu.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: myrp.rp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: myrp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rp.edu.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: timessoft.rp.sg ([]* in Local intranet)
O16 - DPF: {62415890-4985-0825-2508-23487C2A845F} http://192.168.1.188...ab/ipcamera.cab (IPCamera Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA85F0F-8445-4C1F-A458-F3337DAF092D}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Program Files\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation)
O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) -C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 14:43:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/26 14:42:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/26 14:24:47 | 004,307,453 | R--- | C] (Swearware) -- C:\Users\113658\Desktop\ComboFix.exe
[2011/11/26 14:22:19 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{71D4DF9C-99A4-49DF-8D7E-5673F4535EC4}
[2011/11/26 14:21:55 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{CCFF0C12-1534-457F-A7F3-941C87F3378C}
[2011/11/26 00:35:03 | 000,000,000 | ---D | C] -- C:\Users\113658\Desktop\New folder (3)
[2011/11/25 23:06:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\113658\Desktop\OTL.exe
[2011/11/25 23:03:33 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2011/11/25 22:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/25 22:53:27 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/25 22:48:52 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\113658\Desktop\tdsskiller.exe
[2011/11/25 22:39:04 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Roaming\Malwarebytes
[2011/11/25 22:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/25 22:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 22:38:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/25 22:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/25 21:54:53 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\113658\Desktop\aswMBR.exe
[2011/11/25 21:27:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/25 21:27:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/25 21:27:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/25 21:27:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/25 21:27:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/25 21:21:58 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{2A6A45C0-537A-40B0-9487-93182503CED5}
[2011/11/25 21:21:45 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{B6106C73-77F2-4771-8A21-2C3CB9FA227E}
[2011/11/25 15:25:45 | 000,000,000 | ---D | C] -- C:\Users\113658\Documents\OneNote Notebooks
[2011/11/25 08:32:08 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{E9643B62-1739-49E8-BCA7-C170C3BFBC85}
[2011/11/25 08:31:40 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{02AF3872-62A1-442E-97DD-8E1AAEA24FA1}
[2011/11/24 09:24:16 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{F7808B3F-A486-47F8-9BF1-F4A0A7AD9B93}
[2011/11/24 09:23:54 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1CB9FAC6-9262-49DC-A099-1BC97025E74F}
[2011/11/23 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{7DC61455-B174-454A-A0D9-25DF1E68AFA7}
[2011/11/23 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{2795A759-E490-4B64-8AF5-9F7FF686EEC3}
[2011/11/23 08:52:52 | 000,000,000 | ---D | C] -- C:\umlet_11_1
[2011/11/23 08:34:47 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{531F63A6-CBBD-4085-98DE-54137B8DE905}
[2011/11/23 08:34:26 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{D173E84F-D09A-4FA3-9399-AD4A1EA56BCC}
[2011/11/22 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{EE40D5DD-3877-4AD1-9BAE-F8A9F4777B1E}
[2011/11/22 15:39:38 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{4296C094-A804-4F0D-99DA-CC57DDD5F98B}
[2011/11/22 02:01:24 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1DA3557F-F67C-4255-8BC3-BF69CE3101B5}
[2011/11/22 02:01:02 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{E2BBFA57-C298-4AF6-8263-87D384C5D352}
[2011/11/21 14:00:23 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{A930550B-268E-4F7D-BA9A-571AD0BAD4E0}
[2011/11/21 13:59:59 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{B50C329D-9CEA-4958-98C5-84D9CF7F088E}
[2011/11/20 15:46:18 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{979EA20D-9E73-4FDE-A975-3BD72562235D}
[2011/11/20 15:46:04 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{A6D2BDCD-E967-459B-BEA2-D5EFABEAED7C}
[2011/11/19 15:40:33 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{B09CCFFD-35A6-4522-989C-AC52048F0176}
[2011/11/19 15:40:19 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{80EF247E-8396-44A7-8581-027B1C186E1C}
[2011/11/18 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{2D1D8338-2E26-49D2-A491-9F6868FBC9E2}
[2011/11/18 23:06:08 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{43CD8535-8E6B-4356-B3CE-F3FCBBAEAFE9}
[2011/11/18 09:33:52 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1E8346EA-7431-4FF9-8513-B272768218E1}
[2011/11/18 09:33:30 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{96EEB1BC-8FA5-4503-8271-566AB3F3E2CC}
[2011/11/18 01:04:18 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/11/18 01:04:18 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/11/18 01:04:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/11/18 01:04:17 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/11/18 01:04:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/11/18 01:01:14 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/18 00:57:00 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/18 00:56:59 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/11/18 00:56:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/18 00:56:54 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/18 00:56:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/18 00:56:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/18 00:56:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/18 00:56:53 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/18 00:56:52 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/18 00:56:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/18 00:56:51 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/18 00:56:50 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/17 21:33:05 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{ACA7CD90-160F-4F67-B1D9-28DEEC0B2CAD}
[2011/11/17 21:32:44 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{7C6E6AEA-AF52-4135-AB03-D7DC997AF2CB}
[2011/11/17 09:32:17 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{C4A1D532-C215-4A79-B5CE-560590148C0D}
[2011/11/17 09:32:05 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{550FE020-B2C9-4753-A00F-273F72E1EC86}
[2011/11/16 21:31:44 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{5FE850B9-E6C5-4172-A1C2-33F45810C9DD}
[2011/11/16 21:31:33 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{DFEE0EB9-5BF9-432E-9670-415B44B8943F}
[2011/11/16 08:30:54 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{C7C2176A-1DCE-449C-A477-5A1B33236597}
[2011/11/16 08:30:14 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{86AC21EE-82BE-4263-BAE2-11D556C629A7}
[2011/11/15 19:30:13 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{6C1FA556-CB2F-456D-8444-94F4378D33B1}
[2011/11/15 19:30:02 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{7B7D7D45-BFD2-46B8-936D-0D0A39EE95F5}
[2011/11/15 14:22:44 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{40AF4C3A-F11F-4082-AAC5-DB5D39BDF14D}
[2011/11/15 01:55:53 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1E64644C-71A6-4AD2-BA0C-0213667D8D1C}
[2011/11/15 01:55:27 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{53F163C1-99FD-4995-92A5-ECD9955DACB6}
[2011/11/14 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{842176E7-3BA6-4157-B9C3-E9C4D1B00651}
[2011/11/14 13:54:31 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1B6D0FC9-5B36-41D9-981D-16CCF17A095A}
[2011/11/13 19:30:22 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{ECC2F602-0EB4-4843-8E23-84E5F8B2862F}
[2011/11/13 19:30:12 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{4D726FEA-1E8A-402C-A5B1-C497E30C1A43}
[2011/11/12 17:03:14 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{7B648088-B42B-4500-95AF-EE3827FE3E01}
[2011/11/12 17:02:52 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{FC5A6BE1-EABA-4B1F-86F0-79B21D6B4C0A}
[2011/11/11 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{5D812E37-F3AD-42A9-B815-E962BC2E4317}
[2011/11/11 01:42:50 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\Skyrim
[2011/11/11 01:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/11/10 14:44:59 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{08C0477E-4C26-447C-8E57-E2F4F0B6BD27}
[2011/11/10 14:44:43 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1C7104EE-5D71-4F30-A166-6588C54FAB32}
[2011/11/09 14:40:41 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{35692BCB-83C7-42BB-8C6B-EB1CC182410F}
[2011/11/09 14:40:30 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{638DACE3-486A-4AF0-B6D7-E1A084BDF16B}
[2011/11/08 21:57:29 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{92AA301E-BD58-4D81-857D-50D4A9E1D986}
[2011/11/08 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{29A2D9B0-4E8E-474C-9EE9-C3DA3699758C}
[2011/11/07 15:43:50 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{52E94A31-239B-407C-964F-DD70B4781509}
[2011/11/07 15:43:38 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{F2EE1623-48C8-4705-8B62-F757248193E9}
[2011/11/06 15:48:51 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{4253440B-965F-44DB-A26C-01069E3C45DC}
[2011/11/06 15:48:41 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{17FC8FBD-7C99-497F-9A33-5FF77B7C7B29}
[2011/11/05 14:17:39 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{31B44EB8-EBBB-49EB-B138-D6F9D6A7F185}
[2011/11/05 14:17:24 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{168402C8-00BD-4E3A-A682-9BCB1C784E74}
[2011/11/04 15:56:37 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{EE4A2FC4-A3D2-49BE-B7D8-31B11A37176B}
[2011/11/04 15:56:23 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{CA07E41D-1E97-47A8-B15A-2596C6ACE75B}
[2011/11/03 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{9401D812-9CEA-4D17-A5D0-1FC495A71F37}
[2011/11/03 22:10:46 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{3409EBAA-4E3A-4802-841D-35E7D5CAD573}
[2011/11/02 21:17:47 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{6D7F7E03-D3EF-47D8-A914-818C5C2E1E21}
[2011/11/02 21:17:37 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{753955DD-E1CC-4CCD-BDCC-E938F4AC3F63}
[2011/11/02 08:51:43 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{6CB18F6B-E98A-47B5-8470-9370008EB8AA}
[2011/11/02 08:51:18 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{831F8DD2-1A39-4E34-AAF0-43BDB76405F9}
[2011/11/01 14:48:06 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{7D3AFE22-2399-40FF-97FB-53225FB8A74B}
[2011/11/01 14:47:56 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{8FA7A8BF-6DD2-424F-A3C6-2B07BB71DC4C}
[2011/10/31 15:01:20 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{5A4DB069-6AB9-4186-B62F-2B4E44A9D92B}
[2011/10/31 15:00:54 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{491B4233-BFBB-4A56-9876-81CC5586EE11}
[2011/10/31 01:39:32 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\THQ
[2011/10/31 01:35:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/10/31 01:35:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/10/31 01:35:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/10/30 15:53:02 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{ABEC6C42-714A-4B0A-B385-909944A6A8D9}
[2011/10/30 15:52:38 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{94FD7DB3-EA0D-43F5-9214-148DC644D63D}
[2011/10/30 02:16:35 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{C0F38810-430D-4866-9139-61F3DAF789ED}
[2011/10/30 02:16:10 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{FBEB4949-EF2A-4F60-8B5B-D443D9A5245E}
[2011/10/29 15:31:55 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garena
[2011/10/29 15:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2011/10/29 15:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Garena Classic
[2011/10/29 15:16:44 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\ghost_configurator
[2011/10/29 14:15:40 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{1361D495-A5BE-465B-B7BD-9C7B28F39EDF}
[2011/10/29 14:15:18 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{020E706A-2F03-4218-87D6-C3D22D330D23}
[2011/10/28 21:28:54 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{3BEE1372-D3DD-4C4B-BF21-C50450C92682}
[2011/10/28 21:28:40 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{8E54CA52-FF17-41BC-8B98-5CD5FEB07900}
[2011/10/28 08:31:39 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{94AF0177-9614-4B70-AD1C-025A039D32DA}
[2011/10/28 08:31:09 | 000,000,000 | ---D | C] -- C:\Users\113658\AppData\Local\{6101495C-3F61-4F89-825E-3E4521FC9A6C}
[2010/11/28 20:39:30 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/11/26 16:06:13 | 000,000,512 | ---- | M] () -- C:\Users\113658\Desktop\MBR.dat
[2011/11/26 16:02:26 | 000,018,464 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 16:02:26 | 000,018,464 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 15:57:14 | 000,000,483 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/11/26 15:55:33 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/11/26 15:54:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 15:53:44 | 2348,511,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/26 15:51:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1801674531-725345543-306271UA.job
[2011/11/26 14:30:31 | 004,307,453 | R--- | M] (Swearware) -- C:\Users\113658\Desktop\ComboFix.exe
[2011/11/25 23:08:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\113658\Desktop\OTL.exe
[2011/11/25 22:53:27 | 000,002,969 | ---- | M] () -- C:\Users\113658\Desktop\HiJackThis.lnk
[2011/11/25 22:49:03 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\113658\Desktop\tdsskiller.exe
[2011/11/25 22:38:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 21:54:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\113658\Desktop\aswMBR.exe
[2011/11/25 21:44:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/25 21:44:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1801674531-725345543-306271Core.job
[2011/11/25 16:39:27 | 000,653,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/25 16:39:27 | 000,121,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/25 15:25:50 | 000,001,266 | ---- | M] () -- C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/11/24 12:49:01 | 000,003,584 | ---- | M] () -- C:\Users\113658\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/22 01:42:13 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2011/11/19 15:46:00 | 000,002,368 | ---- | M] () -- C:\Users\113658\Desktop\Google Chrome.lnk
[2011/11/18 08:29:52 | 000,440,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/17 08:40:53 | 000,003,212 | RHS- | M] () -- C:\Users\113658\ntuser.pol
[2011/11/17 08:37:35 | 000,000,000 | ---- | M] () -- C:\t1ag.2
[2011/11/08 14:42:22 | 000,000,000 | ---- | M] () -- C:\t1d4.4
[2011/11/06 15:46:21 | 000,000,000 | ---- | M] () -- C:\t190.2
[2011/11/05 14:14:33 | 000,000,000 | ---- | M] () -- C:\t19c.4
[2011/10/29 15:32:00 | 000,000,999 | ---- | M] () -- C:\Users\113658\Desktop\Garena Classic.lnk

========== Files Created - No Company Name ==========

[2011/11/26 16:06:13 | 000,000,512 | ---- | C] () -- C:\Users\113658\Desktop\MBR.dat
[2011/11/25 22:53:27 | 000,002,969 | ---- | C] () -- C:\Users\113658\Desktop\HiJackThis.lnk
[2011/11/25 22:38:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 21:27:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/25 21:27:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/25 21:27:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/25 21:27:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/25 21:27:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/25 15:25:50 | 000,001,266 | ---- | C] () -- C:\Users\113658\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/11/24 12:49:00 | 000,003,584 | ---- | C] () -- C:\Users\113658\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/22 01:42:13 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2011/11/17 08:37:35 | 000,000,000 | ---- | C] () -- C:\t1ag.2
[2011/11/08 14:42:22 | 000,000,000 | ---- | C] () -- C:\t1d4.4
[2011/11/06 15:46:21 | 000,000,000 | ---- | C] () -- C:\t190.2
[2011/11/05 14:14:33 | 000,000,000 | ---- | C] () -- C:\t19c.4
[2011/10/29 15:32:00 | 000,000,999 | ---- | C] () -- C:\Users\113658\Desktop\Garena Classic.lnk
[2011/10/23 17:41:34 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/06/14 00:22:03 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/06/14 00:22:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/05/31 09:27:08 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/05/04 23:05:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/16 22:12:35 | 000,000,028 | ---- | C] () -- C:\Windows\HotFixList.ini
[2011/04/16 19:50:13 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC.dat
[2011/04/16 19:50:13 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/04/16 19:44:32 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/04/16 19:44:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/04/16 19:44:20 | 000,960,940 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011/04/16 19:44:20 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011/04/16 19:38:37 | 000,080,488 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/04/16 10:27:33 | 000,000,483 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011/04/16 10:26:57 | 000,037,907 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/17 10:45:28 | 000,474,070 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2010/11/28 21:15:58 | 000,206,952 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 000,440,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,653,710 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,121,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 08:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

Extras.Txt


OTL Extras logfile created on: 26/11/2011 4:07:53 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\113658\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

2.92 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 51.18% Memory free
5.83 Gb Paging File | 4.09 Gb Available in Paging File | 70.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.00 Gb Total Space | 27.90 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive D: | 266.06 Gb Total Space | 75.93 Gb Free Space | 28.54% Space Free | Partition Type: NTFS

Computer Name: RP113658 | User Name: 113658 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"2967:TCP:10.60.20.0/24:enabled:SymantecTCP" = 2967:TCP:10.60.20.0/24:enabled:SymantecTCP
"2967:UDP:10.60.20.0/24:enabled:SymantecUDP" = 2967:UDP:10.60.20.0/24:enabled:SymantecUDP

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"2967:TCP:10.60.20.0/24:enabled:SymantecTCP" = 2967:TCP:10.60.20.0/24:enabled:SymantecTCP
"2967:UDP:10.60.20.0/24:enabled:SymantecUDP" = 2967:UDP:10.60.20.0/24:enabled:SymantecUDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}" = Microsoft Firewall Client
"{1BDD2D2E-36AD-4A53-BC57-858AF025B0C1}" = UTClient
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B9D2F9-1CE7-4CDA-9D0D-28EB96565D25}" = Client for Microsoft Office SharePoint Portal Server 2003
"{23374ABE-C542-44F1-84B6-2381D0E6E2CE}" = Camera Setup
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{3505E1E2-8127-4681-A3EC-F9B5CAAA07C9}" = Rights Management Add-on for Internet Explorer
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{52937564-8312-4B49-BB13-F7EDBB67EB34}" = MySQL Workbench 5.2 CE
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{607169F0-07F6-4797-99D2-D5E7C4715E20}" = Mega Manager
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6AB21FCD-D00E-496F-9F54-840484EDB03A}_is1" = Wireless Projector 4.1.6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{878A990D-240C-4592-AEFD-98D2253EC873}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBDCD3AF-20E4-4E5E-80E8-B14109FE5DD9}" = QuickSFV
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3870ACA-B46E-43B7-AE31-D18659FD85F0}" = SlimDrivers
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA76E65F-6679-495A-A8A6-42AD6602ED4C}" = EasyFileShare
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Premium Sound Control Panel
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{FA272494-8DEA-43CF-9BFF-652553C04265}" = Symantec Endpoint Protection
"{FB045208-AB1C-406D-A341-A18EBA20C73B}" = UTClient
"{FCF2085E-ABE5-4AA8-B07C-65BBD56DA243}" = Easy Network Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AhnLab Online Security" = AhnLab Online Security
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CCleaner" = CCleaner
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DAEMON Tools Lite" = DAEMON Tools Lite
"FreeArc" = FreeArc 0.666
"Garena Classic 2011" = Garena Classic 2011
"GetAmped2_US" = GetAmped2_US
"ImTOO iPhone Transfer" = ImTOO iPhone Transfer
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MajiroAppカタハネ" = カタハネ
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"matplotlib-py2.6" = Python 2.6 matplotlib-1.0.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Muv-Luv DVD Ver." = Muv-Luv DVD Ver. 1.0
"MyWin Driver_is1" = MyWin Driver 1.2
"Notepad++" = Notepad++
"numpy-py2.6" = Python 2.6 numpy-1.5.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Payday The Heist © OVERKILL Software_is1" = Payday The Heist © OVERKILL Software version 1
"PunkBusterSvc" = PunkBuster Services
"PyScripter_is1" = PyScripter 2.4.1
"Rainmeter" = Rainmeter
"Saints Row The Third_is1" = Saints Row The Third
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 440" = Team Fortress 2
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"xampp" = XAMPP 1.7.4
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"その横顔を見つめてしまう~A profile完全版~_is1" = その横顔を見つめてしまう~A profile完全版~ ver.1.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"SOE-EverQuest II Extended" = EverQuest II Extended

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/11/2011 7:54:15 AM | Computer Name = RP113658.rp.edu.sg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997

Error - 24/11/2011 7:54:16 AM | Computer Name = RP113658.rp.edu.sg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 24/11/2011 7:54:16 AM | Computer Name = RP113658.rp.edu.sg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2996

Error - 24/11/2011 7:54:16 AM | Computer Name = RP113658.rp.edu.sg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2996

Error - 24/11/2011 7:54:17 AM | Computer Name = RP113658.rp.edu.sg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 24/11/2011 7:54:17 AM | Computer Name = RP113658.rp.edu.sg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3994

Error - 24/11/2011 7:54:17 AM | Computer Name = RP113658.rp.edu.sg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3994

Error - 24/11/2011 7:54:18 AM | Computer Name = RP113658.rp.edu.sg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 24/11/2011 7:54:18 AM | Computer Name = RP113658.rp.edu.sg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5008

Error - 24/11/2011 7:54:18 AM | Computer Name = RP113658.rp.edu.sg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008

[ System Events ]
Error - 26/11/2011 2:42:16 AM | Computer Name = RP113658.rp.edu.sg | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 26/11/2011 3:51:07 AM | Computer Name = RP113658.rp.edu.sg | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 26/11/2011 3:51:07 AM | Computer Name = RP113658.rp.edu.sg | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Browser service.

Error - 26/11/2011 3:51:10 AM | Computer Name = RP113658.rp.edu.sg | Source = Service Control Manager | ID = 7000
Description = The Computer Browser service failed to start due to the following
error: %%1053

Error - 26/11/2011 3:54:27 AM | Computer Name = RP113658.rp.edu.sg | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain RP due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 26/11/2011 3:54:51 AM | Computer Name = RP113658.rp.edu.sg | Source = DCOM | ID = 10016
Description =

Error - 26/11/2011 3:55:20 AM | Computer Name = RP113658.rp.edu.sg | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 26/11/2011 3:55:26 AM | Computer Name = RP113658.rp.edu.sg | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 26/11/2011 3:57:49 AM | Computer Name = RP113658.rp.edu.sg | Source = TermService | ID = 1067
Description =

Error - 26/11/2011 3:58:22 AM | Computer Name = RP113658.rp.edu.sg | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I don't see the aswMBR log.

You have three obsolete Java versions.

Java™ 6 Update 26
Java™ 7
Java™ SE Development Kit 7

You should uninstall them and then get the latest from Java.com

Let's clean up System Restore:


We need to cleanup System Restore:

Copy the following:

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

Now let's check for residual damage:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
Dahelper

Dahelper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Ron,

Thanks for the quick reply. Words can't express how grateful I am. I have also included the aswMBR log as well for your reference as well. Thanks again!

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/11/2011 6:43:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/11/2011 10:42:55 AM
Type: Error Category: 0
Event: 1129 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Log: 'System' Date/Time: 26/11/2011 10:42:54 AM
Type: Error Category: 0
Event: 1129 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Log: 'System' Date/Time: 26/11/2011 10:40:56 AM
Type: Error Category: 0
Event: 5719 Source: NETLOGON
This computer was not able to set up a secure session with a domain controller in domain RP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

Log: 'System' Date/Time: 26/11/2011 10:38:19 AM
Type: Error Category: 0
Event: 1067 Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

Log: 'System' Date/Time: 26/11/2011 10:37:51 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/11/2011 10:34:03 AM
Type: Error Category: 0
Event: 1129 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Log: 'System' Date/Time: 26/11/2011 10:34:02 AM
Type: Error Category: 0
Event: 1129 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Log: 'System' Date/Time: 26/11/2011 10:32:55 AM
Type: Error Category: 0
Event: 5719 Source: NETLOGON
This computer was not able to set up a secure session with a domain controller in domain RP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

Log: 'System' Date/Time: 26/11/2011 10:30:09 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/11/2011 10:39:01 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 26/11/2011 10:39:01 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 26/11/2011 10:34:12 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name search.vuze.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/11/2011 10:31:15 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 26/11/2011 10:31:15 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Application log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/11/2011 6:45:17 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/11/2011 10:42:34 AM
Type: Warning Category: 3
Event: 3086 Source: Microsoft-Windows-Search
The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Application, SystemIndex Catalog


Log: 'Application' Date/Time: 26/11/2011 10:38:55 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-839522115-1801674531-725345543-306271:
Process 632 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-839522115-1801674531-725345543-306271
Process 3052 (\Device\HarddiskVolume2\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-839522115-1801674531-725345543-306271\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks


Log: 'Application' Date/Time: 26/11/2011 10:31:11 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-839522115-1801674531-725345543-306271:
Process 644 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-839522115-1801674531-725345543-306271
Process 2712 (\Device\HarddiskVolume2\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-839522115-1801674531-725345543-306271\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks

aswMBR:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-26 15:59:51
-----------------------------
15:59:51.908 OS Version: Windows 6.1.7600
15:59:51.908 Number of processors: 8 586 0x2A07
15:59:51.908 ComputerName: RP113658 UserName: 113658
15:59:52.452 Initialize success
16:03:27.348 AVAST engine defs: 11112501
16:03:40.047 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:03:40.047 Disk 0 Vendor: Hitachi_HTS725050A9A364 PC4OC70E Size: 476940MB BusType: 11
16:03:42.064 Disk 0 MBR read successfully
16:03:42.070 Disk 0 MBR scan
16:03:42.085 Disk 0 Windows 7 default MBR code
16:03:42.095 Disk 0 scanning sectors +976769024
16:03:42.177 Disk 0 scanning C:\Windows\system32\drivers
16:03:51.568 Service scanning
16:03:52.815 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
16:03:52.815 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
16:03:52.862 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
16:03:52.877 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
16:03:53.377 Modules scanning
16:04:02.506 Scan finished successfully
16:06:13.287 Disk 0 MBR has been saved successfully to "C:\Users\113658\Desktop\MBR.dat"
16:06:13.294 The log file has been saved successfully to "C:\Users\113658\Desktop\aswMBR.txt"
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
The locked files in aswMBR are all from Symantec so nothing to worry about.

Your Event Logs look fairly good. It is complaining that it can't find the domain controller but this is normal if it is a something like a company machine used at home.

Symantec appears to be working tho it is causing some problems with registry leakage so you might check with them to see if they have a newer version that has this fixed:

Log: 'Application' Date/Time: 26/11/2011 10:38:55 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-839522115-1801674531-725345543-306271:
Process 632 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-839522115-1801674531-725345543-306271
Process 3052 (\Device\HarddiskVolume2\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-839522115-1801674531-725345543-306271\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks


Log: 'Application' Date/Time: 26/11/2011 10:31:11 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-839522115-1801674531-725345543-306271:
Process 644 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-839522115-1801674531-725345543-306271
Process 2712 (\Device\HarddiskVolume2\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-839522115-1801674531-725345543-306271\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks


I'm not sure why you are getting this error:

Log: 'System' Date/Time: 26/11/2011 10:34:12 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name search.vuze.com timed out after none of the configured DNS servers responded.


but Vuse and uTorrent are P2P programs which I really don't like to see so I don't really mind that it times out in DNS. We see a lot of malware transmitted by P2P programs. Even if the file you are getting was originally clean it may have been stored on an infected PC so if you must use P2P you should always submit the files you get to http://www.virustotal.com and see what they say.


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#7
Dahelper

Dahelper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi, thanks for the reply Ron. I will be sure to keep all this important things in mind. :thumbsup: You can close this thread now and thanks again!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP