Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect problem


  • This topic is locked This topic is locked
28 replies to this topic

#1 jack_rip01

jack_rip01

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 18 November 2011 - 12:36 AM

I found that some of my google search in chrom and firefox get redirected, before finding about this site,i tried to fix it myself
i had used
TDSkiller= noresults
Malwarebytes= trojan removed
Eset,Norton = noresults
combofix = other deletions
reinstall chrome,firefox

all ok for 2 days then again few pages get redirected .

please help me remove this .thanks

here is the DDS.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16512 BrowserJavaVersion: 1.6.0_29
Run by jack rp at 7:46:19 on 2011-11-18
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3070.1963 [GMT 3:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\jack rp\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyServer = 211.115.185.50:8080
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\jack rp\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jacks~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\broadb~1.lnk - c:\program files\broadband download monitor\bdm.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4A312C72-AE0B-4BA8-B179-D68472234843} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5DDCE05C-CEA6-4E65-A924-820ED76840FA} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jack rp\appdata\roaming\mozilla\firefox\profiles\f3kn5gqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.ftp - 109.86.220.228
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 109.86.220.228
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 109.86.220.228
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 109.86.220.228
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 109.86.220.228
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\jack rp\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-11-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-11-16 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20111116.030\IDSvix86.sys [2011-11-17 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-11-16 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys [2011-11-16 331384]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-11-16 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-16 106104]
S2 gupdate1c98ef7e37e4b88;Google Update Service (gupdate1c98ef7e37e4b88);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-11-3 120152]
S3 xVTNameService;xVTNameService;c:\program files\airmagnet inc.\airmedic\xvtnameservice.exe --> c:\program files\airmagnet inc.\airmedic\xVTNameService.exe [?]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2009-2-6 104704]
.
=============== Created Last 30 ================
.
2011-11-17 12:44:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 06:40:28 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-11-16 05:09:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-11-16 05:09:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-16 05:09:08 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-11-16 05:09:08 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-11-16 05:09:08 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-11-16 05:09:08 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-11-16 05:09:08 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-11-16 05:09:08 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-11-16 03:33:45 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
2011-11-16 03:33:45 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-11-16 03:33:44 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
2011-11-16 03:33:44 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-11-16 03:33:44 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-11-16 03:33:44 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys
2011-11-16 03:33:44 136312 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys
2011-11-16 03:33:29 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-11-16 02:51:03 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-16 02:51:03 -------- d-----w- c:\program files\Symantec
2011-11-16 02:50:19 -------- d-----w- c:\windows\system32\drivers\NIS
2011-11-16 02:50:17 -------- d-----w- c:\program files\Norton Internet Security
2011-11-16 02:50:16 -------- d-----w- c:\programdata\Norton
2011-11-16 02:49:49 -------- d-----w- c:\programdata\NortonInstaller
2011-11-16 02:49:49 -------- d-----w- c:\program files\NortonInstaller
2011-11-16 00:50:29 -------- d-----w- c:\users\jack rp\appdata\local\temp
2011-11-15 23:38:07 -------- d-----w- c:\users\jack rp\appdata\roaming\Malwarebytes
2011-11-15 23:37:59 -------- d-----w- c:\programdata\Malwarebytes
2011-11-15 22:26:50 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-11-15 22:22:01 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-15 22:20:37 -------- d-----w- c:\programdata\Hitman Pro
2011-10-22 11:05:08 65536 ----a-w- c:\windows\system32\frapsvid.dll
.
==================== Find3M ====================
.
2011-10-03 02:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 7:54:31.17 ===============

gmer log

merged posts. ~ OB

Edited by Orange Blossom, 18 November 2011 - 03:16 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 AM

Posted 19 November 2011 - 12:46 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jack_rip01

jack_rip01
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 19 November 2011 - 11:18 PM

Hi gringo_pr ,thanks for replying to my post

here is the combofix log

ComboFix 11-11-19.04 - jack rp 20/11/2011 6:28.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3070.2116 [GMT 3:00]
Running from: c:\users\jack rp\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-20 03:34 . 2011-11-20 03:36 -------- d-----w- c:\users\jack rp\AppData\Local\temp
2011-11-20 03:34 . 2011-11-20 03:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-20 03:34 . 2011-11-20 03:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 03:34 . 2011-11-20 03:34 -------- d-----w- c:\users\Avneet\AppData\Local\temp
2011-11-17 12:44 . 2011-11-17 12:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-16 06:40 . 2011-03-31 03:04 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-11-16 05:09 . 2011-11-16 05:09 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-16 05:09 . 2011-11-16 05:09 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-16 05:09 . 2011-11-16 05:09 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-16 05:09 . 2011-11-16 05:09 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-16 05:09 . 2011-11-16 05:09 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-16 05:09 . 2011-11-16 05:09 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-16 05:09 . 2011-11-16 05:09 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-16 05:09 . 2011-11-16 05:09 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-16 02:51 . 2011-11-16 03:33 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-16 02:51 . 2011-11-16 03:33 -------- d-----w- c:\program files\Symantec
2011-11-16 02:50 . 2011-11-16 03:49 -------- d-----w- c:\windows\system32\drivers\NIS
2011-11-16 02:50 . 2011-11-16 02:50 -------- d-----w- c:\program files\Norton Internet Security
2011-11-16 02:50 . 2011-11-16 02:52 -------- d-----w- c:\programdata\Norton
2011-11-16 02:49 . 2011-11-16 02:49 -------- d-----w- c:\program files\NortonInstaller
2011-11-15 23:38 . 2011-11-15 23:38 -------- d-----w- c:\users\jack rp\AppData\Roaming\Malwarebytes
2011-11-15 23:37 . 2011-11-15 23:37 -------- d-----w- c:\programdata\Malwarebytes
2011-11-15 22:26 . 2011-11-15 22:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-11-15 22:22 . 2011-11-15 22:22 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-15 22:20 . 2011-11-15 22:26 -------- d-----w- c:\programdata\Hitman Pro
2011-10-23 07:20 . 2011-10-23 08:00 -------- d-----w- c:\users\jack rp\AppData\Roaming\Notepad++
2011-10-23 07:20 . 2011-10-23 07:20 -------- d-----w- c:\program files\Notepad++
2011-10-22 11:05 . 2011-10-22 11:05 65536 ----a-w- c:\windows\system32\frapsvid.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 02:06 . 2011-05-01 03:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-11-16 05:09 . 2011-11-16 05:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Avneet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\users\jack rp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Broadband Download Monitor.lnk - c:\program files\Broadband Download Monitor\bdm.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 22:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 14:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-11-27 21:32 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-06-01 07:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3900604886-2310378004-3959223237-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 gupdate1c98ef7e37e4b88;Google Update Service (gupdate1c98ef7e37e4b88);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
R3 AmDriver;AmDriver;c:\windows\system32\AMDriver.sys [x]
R3 cpuz130;cpuz130;c:\users\jackS~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\jackS~1\AppData\Local\Temp\ZSO9A4E.tmp [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
R3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
R3 xVTNameService;xVTNameService;c:\program files\AirMagnet Inc.\AirMedic\xVTNameService.exe [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2009-02-06 104704]
R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\zteusbser.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111116.030\IDSvix86.sys [2011-11-15 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-16 106104]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 14:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 22:59]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 22:59]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3900604886-2310378004-3959223237-1000Core.job
- c:\users\jack rp\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 20:42]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3900604886-2310378004-3959223237-1000UA.job
- c:\users\jack rp\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 20:42]
.
2011-11-20 c:\windows\Tasks\User_Feed_Synchronization-{F36930DD-DF9A-40D3-BDED-87637647A2CF}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyServer = 211.115.185.50:8080
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\jack rp\AppData\Roaming\Mozilla\Firefox\Profiles\f3kn5gqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.ftp - 109.86.220.228
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 109.86.220.228
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 109.86.220.228
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 109.86.220.228
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 109.86.220.228
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-20 06:37
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\jackS~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\jackS~1\AppData\Local\Temp\ZSO9A4E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3900604886-2310378004-3959223237-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):78,11,45,b5,a6,70,58,e9,8f,09,e3,73,0d,e4,4d,13,8b,f7,48,5c,31,
f2,04,9e,24,4a,f3,35,be,55,66,0a,25,0a,94,88,36,b0,b6,dc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3900604886-2310378004-3959223237-1000_Classes\CLSID\{ad491d39-f31a-423e-8abd-120c9fe44168}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005b
"Therad"=dword:00000017
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4912)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\system32\DllHost.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Completion time: 2011-11-20 06:40:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 03:40
ComboFix2.txt 2011-11-16 00:50
.
Pre-Run: 167,381,938,176 bytes free
Post-Run: 167,019,139,072 bytes free
.
- - End Of File - - 9161797673813BE87DA63CD5F3610D3B


had got illgegal operation. ..but fixed after restarting.

the redirecting is random for me, when i think it has stopped its back again, redirecting me to random buy/search engine.

thanks.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 AM

Posted 19 November 2011 - 11:58 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jack_rip01

jack_rip01
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 20 November 2011 - 12:32 AM

hey,here is
Tdsskiller log

08:24:59.0657 4476 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
08:25:00.0484 4476 ============================================================
08:25:00.0484 4476 Current date / time: 2011/11/20 08:25:00.0484
08:25:00.0484 4476 SystemInfo:
08:25:00.0484 4476
08:25:00.0484 4476 OS Version: 6.0.6000 ServicePack: 0.0
08:25:00.0484 4476 Product type: Workstation
08:25:00.0484 4476 ComputerName: PX-TEST20
08:25:00.0484 4476 UserName: jack rp
08:25:00.0484 4476 Windows directory: C:\Windows
08:25:00.0484 4476 System windows directory: C:\Windows
08:25:00.0484 4476 Processor architecture: Intel x86
08:25:00.0484 4476 Number of processors: 2
08:25:00.0484 4476 Page size: 0x1000
08:25:00.0484 4476 Boot type: Normal boot
08:25:00.0484 4476 ============================================================
08:25:01.0186 4476 Initialize success
08:25:07.0223 4692 ============================================================
08:25:07.0223 4692 Scan started
08:25:07.0223 4692 Mode: Manual;
08:25:07.0223 4692 ============================================================
08:25:07.0769 4692 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
08:25:07.0769 4692 ACPI - ok
08:25:07.0832 4692 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
08:25:07.0832 4692 adp94xx - ok
08:25:07.0879 4692 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
08:25:07.0879 4692 adpahci - ok
08:25:07.0925 4692 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
08:25:07.0925 4692 adpu160m - ok
08:25:08.0035 4692 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
08:25:08.0035 4692 adpu320 - ok
08:25:08.0097 4692 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
08:25:08.0113 4692 AFD - ok
08:25:08.0206 4692 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
08:25:08.0206 4692 agp440 - ok
08:25:08.0237 4692 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:25:08.0237 4692 aic78xx - ok
08:25:08.0269 4692 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
08:25:08.0269 4692 aliide - ok
08:25:08.0300 4692 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
08:25:08.0300 4692 amdagp - ok
08:25:08.0331 4692 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
08:25:08.0331 4692 amdide - ok
08:25:08.0362 4692 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
08:25:08.0362 4692 AmdK7 - ok
08:25:08.0456 4692 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
08:25:08.0456 4692 AmdK8 - ok
08:25:08.0471 4692 AmDriver - ok
08:25:08.0518 4692 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
08:25:08.0518 4692 arc - ok
08:25:08.0549 4692 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
08:25:08.0549 4692 arcsas - ok
08:25:08.0581 4692 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
08:25:08.0581 4692 AsyncMac - ok
08:25:08.0674 4692 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
08:25:08.0674 4692 atapi - ok
08:25:08.0721 4692 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
08:25:08.0721 4692 BCM43XV - ok
08:25:08.0830 4692 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
08:25:08.0830 4692 Beep - ok
08:25:08.0986 4692 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
08:25:09.0002 4692 BHDrvx86 - ok
08:25:09.0095 4692 blbdrive - ok
08:25:09.0142 4692 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
08:25:09.0142 4692 bowser - ok
08:25:09.0158 4692 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:25:09.0173 4692 BrFiltLo - ok
08:25:09.0205 4692 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:25:09.0205 4692 BrFiltUp - ok
08:25:09.0236 4692 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:25:09.0236 4692 Brserid - ok
08:25:09.0283 4692 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:25:09.0283 4692 BrSerWdm - ok
08:25:09.0361 4692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:25:09.0361 4692 BrUsbMdm - ok
08:25:09.0376 4692 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:25:09.0376 4692 BrUsbSer - ok
08:25:09.0407 4692 BthEnum (064fbc56921051de1075495d628b815f) C:\Windows\system32\DRIVERS\BthEnum.sys
08:25:09.0407 4692 BthEnum - ok
08:25:09.0423 4692 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
08:25:09.0439 4692 BTHMODEM - ok
08:25:09.0470 4692 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
08:25:09.0470 4692 BthPan - ok
08:25:09.0501 4692 BTHPORT (b24757d9154cca035e1bbd3db92966d7) C:\Windows\system32\Drivers\BTHport.sys
08:25:09.0517 4692 BTHPORT - ok
08:25:09.0610 4692 BTHUSB (d42cf5f0c7635b3f1578810fe34d9e41) C:\Windows\system32\Drivers\BTHUSB.sys
08:25:09.0610 4692 BTHUSB - ok
08:25:09.0657 4692 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
08:25:09.0657 4692 btwaudio - ok
08:25:09.0688 4692 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
08:25:09.0688 4692 btwavdt - ok
08:25:09.0735 4692 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
08:25:09.0735 4692 btwrchid - ok
08:25:09.0766 4692 catchme - ok
08:25:09.0844 4692 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
08:25:09.0844 4692 cdfs - ok
08:25:09.0891 4692 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
08:25:09.0891 4692 cdrom - ok
08:25:09.0922 4692 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
08:25:09.0922 4692 circlass - ok
08:25:09.0953 4692 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
08:25:09.0953 4692 CLFS - ok
08:25:10.0063 4692 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
08:25:10.0063 4692 CmBatt - ok
08:25:10.0094 4692 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
08:25:10.0094 4692 cmdide - ok
08:25:10.0109 4692 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
08:25:10.0109 4692 Compbatt - ok
08:25:10.0187 4692 cpuz130 - ok
08:25:10.0281 4692 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
08:25:10.0281 4692 crcdisk - ok
08:25:10.0297 4692 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
08:25:10.0297 4692 Crusoe - ok
08:25:10.0312 4692 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
08:25:10.0328 4692 DfsC - ok
08:25:10.0359 4692 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
08:25:10.0390 4692 disk - ok
08:25:10.0484 4692 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
08:25:10.0484 4692 drmkaud - ok
08:25:10.0531 4692 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
08:25:10.0531 4692 DXGKrnl - ok
08:25:10.0624 4692 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
08:25:10.0624 4692 E100B - ok
08:25:10.0640 4692 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:25:10.0640 4692 E1G60 - ok
08:25:10.0687 4692 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
08:25:10.0687 4692 Ecache - ok
08:25:10.0811 4692 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:25:10.0811 4692 eeCtrl - ok
08:25:10.0905 4692 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
08:25:10.0905 4692 elxstor - ok
08:25:10.0952 4692 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
08:25:10.0967 4692 ENTECH - ok
08:25:11.0077 4692 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:25:11.0077 4692 EraserUtilRebootDrv - ok
08:25:11.0217 4692 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
08:25:11.0217 4692 fastfat - ok
08:25:11.0233 4692 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
08:25:11.0233 4692 fdc - ok
08:25:11.0264 4692 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
08:25:11.0279 4692 FileInfo - ok
08:25:11.0295 4692 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
08:25:11.0295 4692 Filetrace - ok
08:25:11.0404 4692 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
08:25:11.0404 4692 flpydisk - ok
08:25:11.0435 4692 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
08:25:11.0435 4692 FltMgr - ok
08:25:11.0467 4692 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
08:25:11.0467 4692 Fs_Rec - ok
08:25:11.0498 4692 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
08:25:11.0498 4692 gagp30kx - ok
08:25:11.0560 4692 GarenaPEngine - ok
08:25:11.0685 4692 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
08:25:11.0685 4692 HdAudAddService - ok
08:25:11.0716 4692 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:25:11.0716 4692 HDAudBus - ok
08:25:11.0747 4692 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\DRIVERS\hidbth.sys
08:25:11.0747 4692 HidBth - ok
08:25:11.0779 4692 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
08:25:11.0779 4692 HidIr - ok
08:25:11.0888 4692 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
08:25:11.0888 4692 HidUsb - ok
08:25:11.0919 4692 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
08:25:11.0919 4692 HpCISSs - ok
08:25:11.0950 4692 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:25:11.0966 4692 HpqKbFiltr - ok
08:25:12.0059 4692 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
08:25:12.0059 4692 HpqRemHid - ok
08:25:12.0106 4692 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
08:25:12.0122 4692 HSFHWAZL - ok
08:25:12.0169 4692 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
08:25:12.0169 4692 HSF_DPV - ok
08:25:12.0262 4692 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
08:25:12.0262 4692 HTTP - ok
08:25:12.0278 4692 hwdatacard - ok
08:25:12.0309 4692 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
08:25:12.0309 4692 i2omp - ok
08:25:12.0325 4692 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
08:25:12.0325 4692 i8042prt - ok
08:25:12.0387 4692 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:25:12.0403 4692 ialm - ok
08:25:12.0496 4692 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
08:25:12.0496 4692 iaStor - ok
08:25:12.0527 4692 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
08:25:12.0543 4692 iaStorV - ok
08:25:12.0668 4692 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111116.030\IDSvix86.sys
08:25:12.0668 4692 IDSVix86 - ok
08:25:12.0761 4692 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:25:12.0761 4692 iirsp - ok
08:25:12.0855 4692 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
08:25:12.0886 4692 IntcAzAudAddService - ok
08:25:12.0980 4692 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
08:25:12.0980 4692 intelide - ok
08:25:13.0011 4692 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
08:25:13.0011 4692 intelppm - ok
08:25:13.0042 4692 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:25:13.0042 4692 IpFilterDriver - ok
08:25:13.0073 4692 IpInIp - ok
08:25:13.0089 4692 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
08:25:13.0089 4692 IPMIDRV - ok
08:25:13.0183 4692 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
08:25:13.0183 4692 IPNAT - ok
08:25:13.0214 4692 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
08:25:13.0214 4692 IRENUM - ok
08:25:13.0229 4692 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
08:25:13.0229 4692 isapnp - ok
08:25:13.0261 4692 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
08:25:13.0261 4692 iScsiPrt - ok
08:25:13.0292 4692 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
08:25:13.0292 4692 iteatapi - ok
08:25:13.0370 4692 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
08:25:13.0370 4692 iteraid - ok
08:25:13.0385 4692 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
08:25:13.0385 4692 kbdclass - ok
08:25:13.0417 4692 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
08:25:13.0417 4692 kbdhid - ok
08:25:13.0448 4692 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
08:25:13.0463 4692 KSecDD - ok
08:25:13.0573 4692 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
08:25:13.0573 4692 lltdio - ok
08:25:13.0619 4692 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
08:25:13.0619 4692 LSI_FC - ok
08:25:13.0651 4692 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
08:25:13.0651 4692 LSI_SAS - ok
08:25:13.0666 4692 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
08:25:13.0666 4692 LSI_SCSI - ok
08:25:13.0775 4692 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
08:25:13.0775 4692 luafv - ok
08:25:13.0791 4692 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
08:25:13.0791 4692 megasas - ok
08:25:13.0822 4692 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
08:25:13.0822 4692 Modem - ok
08:25:13.0838 4692 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
08:25:13.0838 4692 monitor - ok
08:25:13.0869 4692 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
08:25:13.0869 4692 mouclass - ok
08:25:13.0963 4692 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
08:25:13.0963 4692 mouhid - ok
08:25:13.0994 4692 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
08:25:13.0994 4692 MountMgr - ok
08:25:14.0025 4692 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
08:25:14.0025 4692 mpio - ok
08:25:14.0056 4692 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
08:25:14.0056 4692 mpsdrv - ok
08:25:14.0150 4692 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
08:25:14.0150 4692 Mraid35x - ok
08:25:14.0181 4692 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
08:25:14.0181 4692 MRxDAV - ok
08:25:14.0197 4692 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:25:14.0197 4692 mrxsmb - ok
08:25:14.0212 4692 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:25:14.0212 4692 mrxsmb10 - ok
08:25:14.0228 4692 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:25:14.0228 4692 mrxsmb20 - ok
08:25:14.0243 4692 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
08:25:14.0243 4692 msahci - ok
08:25:14.0275 4692 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
08:25:14.0275 4692 msdsm - ok
08:25:14.0368 4692 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
08:25:14.0368 4692 Msfs - ok
08:25:14.0384 4692 msisadrv (2c3f1983cd3629573cb9e9658247847a) C:\Windows\system32\drivers\msisadrv.sys
08:25:14.0384 4692 msisadrv - ok
08:25:14.0431 4692 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
08:25:14.0431 4692 MSKSSRV - ok
08:25:14.0446 4692 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
08:25:14.0446 4692 MSPCLOCK - ok
08:25:14.0462 4692 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
08:25:14.0462 4692 MSPQM - ok
08:25:14.0493 4692 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
08:25:14.0493 4692 MsRPC - ok
08:25:14.0571 4692 mssmbios (1f6f7159c75e4b27d138b5225808860f) C:\Windows\system32\DRIVERS\mssmbios.sys
08:25:14.0571 4692 mssmbios - ok
08:25:14.0587 4692 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
08:25:14.0602 4692 MSTEE - ok
08:25:14.0618 4692 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
08:25:14.0618 4692 Mup - ok
08:25:14.0649 4692 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
08:25:14.0649 4692 NativeWifiP - ok
08:25:14.0774 4692 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111117.002\NAVENG.SYS
08:25:14.0774 4692 NAVENG - ok
08:25:14.0867 4692 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111117.002\NAVEX15.SYS
08:25:14.0883 4692 NAVEX15 - ok
08:25:15.0039 4692 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
08:25:15.0055 4692 NDIS - ok
08:25:15.0148 4692 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
08:25:15.0148 4692 NdisTapi - ok
08:25:15.0179 4692 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
08:25:15.0179 4692 Ndisuio - ok
08:25:15.0195 4692 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
08:25:15.0195 4692 NdisWan - ok
08:25:15.0211 4692 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
08:25:15.0211 4692 NDProxy - ok
08:25:15.0242 4692 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
08:25:15.0242 4692 NetBIOS - ok
08:25:15.0335 4692 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
08:25:15.0335 4692 netbt - ok
08:25:15.0413 4692 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
08:25:15.0429 4692 NETw3v32 - ok
08:25:15.0616 4692 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
08:25:15.0647 4692 NETw4v32 - ok
08:25:15.0725 4692 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
08:25:15.0725 4692 nfrd960 - ok
08:25:15.0772 4692 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
08:25:15.0772 4692 Npfs - ok
08:25:15.0803 4692 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
08:25:15.0803 4692 nsiproxy - ok
08:25:15.0819 4692 NSNDIS5 - ok
08:25:15.0850 4692 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
08:25:15.0866 4692 Ntfs - ok
08:25:15.0944 4692 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
08:25:15.0944 4692 ntrigdigi - ok
08:25:15.0959 4692 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
08:25:15.0975 4692 Null - ok
08:25:16.0178 4692 nvlddmkm (442eac1b12acf1bad6f1224167e034c8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:25:16.0225 4692 nvlddmkm - ok
08:25:16.0318 4692 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
08:25:16.0318 4692 nvraid - ok
08:25:16.0334 4692 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
08:25:16.0334 4692 nvstor - ok
08:25:16.0365 4692 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
08:25:16.0365 4692 nv_agp - ok
08:25:16.0381 4692 NwlnkFlt - ok
08:25:16.0396 4692 NwlnkFwd - ok
08:25:16.0412 4692 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
08:25:16.0412 4692 ohci1394 - ok
08:25:16.0521 4692 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
08:25:16.0521 4692 Parport - ok
08:25:16.0552 4692 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
08:25:16.0552 4692 partmgr - ok
08:25:16.0568 4692 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
08:25:16.0568 4692 Parvdm - ok
08:25:16.0583 4692 pci (5bedd5e1416da009c4f24adf8da13773) C:\Windows\system32\drivers\pci.sys
08:25:16.0599 4692 pci - ok
08:25:16.0615 4692 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
08:25:16.0615 4692 pciide - ok
08:25:16.0630 4692 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
08:25:16.0630 4692 pcmcia - ok
08:25:16.0739 4692 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
08:25:16.0755 4692 PEAUTH - ok
08:25:16.0880 4692 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
08:25:16.0880 4692 PptpMiniport - ok
08:25:16.0895 4692 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
08:25:16.0895 4692 Processor - ok
08:25:16.0942 4692 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
08:25:16.0942 4692 PSched - ok
08:25:16.0989 4692 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
08:25:16.0989 4692 ql2300 - ok
08:25:17.0083 4692 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
08:25:17.0083 4692 ql40xx - ok
08:25:17.0114 4692 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
08:25:17.0114 4692 QWAVEdrv - ok
08:25:17.0129 4692 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
08:25:17.0145 4692 RasAcd - ok
08:25:17.0161 4692 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:25:17.0161 4692 Rasl2tp - ok
08:25:17.0239 4692 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
08:25:17.0239 4692 RasPppoe - ok
08:25:17.0270 4692 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
08:25:17.0270 4692 rdbss - ok
08:25:17.0285 4692 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:25:17.0285 4692 RDPCDD - ok
08:25:17.0317 4692 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
08:25:17.0317 4692 rdpdr - ok
08:25:17.0332 4692 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
08:25:17.0332 4692 RDPENCDD - ok
08:25:17.0457 4692 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
08:25:17.0457 4692 RDPWD - ok
08:25:17.0504 4692 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
08:25:17.0504 4692 RFCOMM - ok
08:25:17.0535 4692 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
08:25:17.0535 4692 rimmptsk - ok
08:25:17.0629 4692 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
08:25:17.0629 4692 rimsptsk - ok
08:25:17.0644 4692 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
08:25:17.0644 4692 rismxdp - ok
08:25:17.0675 4692 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
08:25:17.0675 4692 rspndr - ok
08:25:17.0707 4692 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
08:25:17.0707 4692 RTL8169 - ok
08:25:17.0738 4692 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
08:25:17.0738 4692 sbp2port - ok
08:25:17.0847 4692 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
08:25:17.0847 4692 SCDEmu - ok
08:25:17.0909 4692 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
08:25:17.0909 4692 sdbus - ok
08:25:17.0941 4692 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:25:17.0941 4692 secdrv - ok
08:25:18.0065 4692 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
08:25:18.0065 4692 Serenum - ok
08:25:18.0081 4692 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
08:25:18.0081 4692 Serial - ok
08:25:18.0112 4692 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
08:25:18.0112 4692 sermouse - ok
08:25:18.0159 4692 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
08:25:18.0175 4692 sffdisk - ok
08:25:18.0268 4692 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
08:25:18.0268 4692 sffp_mmc - ok
08:25:18.0315 4692 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:25:18.0315 4692 sffp_sd - ok
08:25:18.0331 4692 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
08:25:18.0331 4692 sfloppy - ok
08:25:18.0455 4692 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
08:25:18.0455 4692 sisagp - ok
08:25:18.0471 4692 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
08:25:18.0487 4692 SiSRaid2 - ok
08:25:18.0502 4692 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
08:25:18.0502 4692 SiSRaid4 - ok
08:25:18.0533 4692 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
08:25:18.0533 4692 Smb - ok
08:25:18.0580 4692 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
08:25:18.0596 4692 smserial - ok
08:25:18.0705 4692 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
08:25:18.0705 4692 spldr - ok
08:25:18.0767 4692 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
08:25:18.0767 4692 SRTSP - ok
08:25:18.0877 4692 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
08:25:18.0877 4692 SRTSPX - ok
08:25:18.0939 4692 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
08:25:18.0955 4692 srv - ok
08:25:19.0033 4692 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
08:25:19.0033 4692 srv2 - ok
08:25:19.0064 4692 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
08:25:19.0064 4692 srvnet - ok
08:25:19.0126 4692 swenum (92894dd7fdd62af808b1409b73af9c73) C:\Windows\system32\DRIVERS\swenum.sys
08:25:19.0126 4692 swenum - ok
08:25:19.0251 4692 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
08:25:19.0251 4692 Symc8xx - ok
08:25:19.0313 4692 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS
08:25:19.0329 4692 SymDS - ok
08:25:19.0454 4692 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
08:25:19.0454 4692 SymEFA - ok
08:25:19.0547 4692 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
08:25:19.0547 4692 SymEvent - ok
08:25:19.0563 4692 SymIM (8d49cdbb93c3e58e1bfc39fb29444c0a) C:\Windows\system32\DRIVERS\SymIMv.sys
08:25:19.0579 4692 SymIM - ok
08:25:19.0579 4692 SymIMMP - ok
08:25:19.0641 4692 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
08:25:19.0641 4692 SymIRON - ok
08:25:19.0766 4692 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS
08:25:19.0781 4692 SYMTDIv - ok
08:25:19.0875 4692 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
08:25:19.0875 4692 Sym_hi - ok
08:25:19.0891 4692 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
08:25:19.0891 4692 Sym_u3 - ok
08:25:19.0937 4692 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
08:25:19.0937 4692 SynTP - ok
08:25:20.0062 4692 tap0901 (c516b5cffb7c307fcb7df87d7d7fa200) C:\Windows\system32\DRIVERS\tap0901.sys
08:25:20.0062 4692 tap0901 - ok
08:25:20.0109 4692 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
08:25:20.0109 4692 taphss - ok
08:25:20.0156 4692 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
08:25:20.0171 4692 Tcpip - ok
08:25:20.0359 4692 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
08:25:20.0359 4692 Tcpip6 - ok
08:25:20.0468 4692 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
08:25:20.0468 4692 tcpipreg - ok
08:25:20.0483 4692 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
08:25:20.0483 4692 TDPIPE - ok
08:25:20.0499 4692 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
08:25:20.0499 4692 TDTCP - ok
08:25:20.0530 4692 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
08:25:20.0530 4692 tdx - ok
08:25:20.0546 4692 TermDD (85908da29af0ab835048107ad2ad07d1) C:\Windows\system32\DRIVERS\termdd.sys
08:25:20.0546 4692 TermDD - ok
08:25:20.0686 4692 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:25:20.0686 4692 tssecsrv - ok
08:25:20.0702 4692 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
08:25:20.0702 4692 tunmp - ok
08:25:20.0717 4692 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
08:25:20.0717 4692 tunnel - ok
08:25:20.0749 4692 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
08:25:20.0749 4692 uagp35 - ok
08:25:20.0780 4692 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
08:25:20.0780 4692 udfs - ok
08:25:20.0873 4692 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
08:25:20.0873 4692 uliagpkx - ok
08:25:20.0889 4692 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
08:25:20.0889 4692 uliahci - ok
08:25:20.0920 4692 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
08:25:20.0920 4692 UlSata - ok
08:25:20.0951 4692 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
08:25:20.0951 4692 ulsata2 - ok
08:25:20.0967 4692 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
08:25:20.0983 4692 umbus - ok
08:25:21.0061 4692 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys
08:25:21.0076 4692 usbccgp - ok
08:25:21.0107 4692 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
08:25:21.0107 4692 usbcir - ok
08:25:21.0123 4692 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
08:25:21.0123 4692 usbehci - ok
08:25:21.0154 4692 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
08:25:21.0185 4692 usbhub - ok
08:25:21.0263 4692 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
08:25:21.0263 4692 usbohci - ok
08:25:21.0279 4692 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
08:25:21.0295 4692 usbprint - ok
08:25:21.0326 4692 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:25:21.0341 4692 USBSTOR - ok
08:25:21.0357 4692 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
08:25:21.0357 4692 usbuhci - ok
08:25:21.0451 4692 usbvideo (46f3a2912ef88cd8e87d4f9b304cd949) C:\Windows\system32\Drivers\usbvideo.sys
08:25:21.0451 4692 usbvideo - ok
08:25:21.0497 4692 USB_NDIS_51 (ec60e98c94701f4f26a0772ff1e89972) C:\Windows\system32\DRIVERS\bcmndis.sys
08:25:21.0497 4692 USB_NDIS_51 - ok
08:25:21.0544 4692 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
08:25:21.0544 4692 vga - ok
08:25:21.0575 4692 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
08:25:21.0575 4692 VgaSave - ok
08:25:21.0669 4692 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
08:25:21.0669 4692 viaagp - ok
08:25:21.0700 4692 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
08:25:21.0700 4692 ViaC7 - ok
08:25:21.0747 4692 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
08:25:21.0747 4692 viaide - ok
08:25:21.0763 4692 volmgr (d9e9490c960624c416fbde080deeb7fe) C:\Windows\system32\drivers\volmgr.sys
08:25:21.0778 4692 volmgr - ok
08:25:21.0809 4692 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
08:25:21.0809 4692 volmgrx - ok
08:25:21.0903 4692 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
08:25:21.0903 4692 volsnap - ok
08:25:21.0934 4692 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
08:25:21.0934 4692 vsmraid - ok
08:25:21.0981 4692 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
08:25:21.0981 4692 WacomPen - ok
08:25:22.0012 4692 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
08:25:22.0012 4692 Wanarp - ok
08:25:22.0012 4692 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
08:25:22.0012 4692 Wanarpv6 - ok
08:25:22.0028 4692 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
08:25:22.0028 4692 Wd - ok
08:25:22.0137 4692 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
08:25:22.0153 4692 Wdf01000 - ok
08:25:22.0293 4692 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
08:25:22.0293 4692 winachsf - ok
08:25:22.0449 4692 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:25:22.0449 4692 WmiAcpi - ok
08:25:22.0511 4692 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
08:25:22.0511 4692 WpdUsb - ok
08:25:22.0527 4692 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
08:25:22.0527 4692 ws2ifsl - ok
08:25:22.0667 4692 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:25:22.0667 4692 WUDFRd - ok
08:25:22.0714 4692 ztemtusbser (20f4f87625edddb97b48da66ace7dc8d) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
08:25:22.0730 4692 ztemtusbser - ok
08:25:22.0730 4692 zteusbser - ok
08:25:22.0761 4692 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
08:25:22.0777 4692 \Device\Harddisk0\DR0 - ok
08:25:22.0792 4692 Boot (0x1200) (66513a821fb1db7b9cc74b88002cee1c) \Device\Harddisk0\DR0\Partition0
08:25:22.0792 4692 \Device\Harddisk0\DR0\Partition0 - ok
08:25:22.0792 4692 Boot (0x1200) (f6d66a68d06e0a476e48d95b6622e23e) \Device\Harddisk0\DR0\Partition1
08:25:22.0792 4692 \Device\Harddisk0\DR0\Partition1 - ok
08:25:22.0792 4692 ============================================================
08:25:22.0792 4692 Scan finished
08:25:22.0792 4692 ============================================================
08:25:22.0808 5740 Detected object count: 0
08:25:22.0808 5740 Actual detected object count: 0
08:25:59.0951 3096 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 AM

Posted 20 November 2011 - 01:17 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jack_rip01

jack_rip01
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 20 November 2011 - 01:32 AM

hey, here is aswMbr log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-20 09:29:55
-----------------------------
09:29:55.660 OS Version: Windows 6.0.6000
09:29:55.660 Number of processors: 2 586 0x1706
09:29:55.676 ComputerName: PX-TEST20 UserName:
09:29:56.674 Initialize success
09:29:59.301 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:29:59.301 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
09:29:59.332 Disk 0 MBR read successfully
09:29:59.332 Disk 0 MBR scan
09:29:59.332 Disk 0 unknown MBR code
09:29:59.332 Disk 0 scanning sectors +488388608
09:29:59.410 Disk 0 scanning C:\Windows\system32\drivers
09:30:04.356 Service scanning
09:30:05.666 Modules scanning
09:30:12.468 Disk 0 trace - called modules:
09:30:12.483 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
09:30:12.483 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85484748]
09:30:12.499 3 ntoskrnl.exe[824a802f] -> nt!IofCallDriver -> [0x8543f770]
09:30:12.499 5 acpi.sys[8047632a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85441030]
09:30:12.499 Scan finished successfully
09:30:31.702 Disk 0 MBR has been saved successfully to "C:\Users\jack rp\Desktop\MBR.dat"
09:30:31.702 The log file has been saved successfully to "C:\Users\jack rp\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 AM

Posted 20 November 2011 - 01:52 AM

Hello


I would like to know if you have another computer to comunicate with me if this one becomes unbootable



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jack_rip01

jack_rip01
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 20 November 2011 - 01:55 AM

hey,
nope, i dont have.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 AM

Posted 20 November 2011 - 09:49 PM

Try this please. You will also need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download dumpit to your USB
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jack_rip01

jack_rip01
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 20 November 2011 - 10:11 PM

hey i do not have another computer to do this
also the one im using, its cd rom does not work :(

is there a way to try same thing with xPuD LiveUSB ?

thanks

Edited by jack_rip01, 20 November 2011 - 10:41 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 AM

Posted 20 November 2011 - 10:48 PM

Try this please. You will need a USB drive.

(the instructions say to use another computer but you may use this one)

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jack_rip01

jack_rip01
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 21 November 2011 - 12:23 AM

hey
here is the mbr file

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 AM

Posted 21 November 2011 - 12:34 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jack_rip01

jack_rip01
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 21 November 2011 - 12:56 AM

hey here is the OTL log

OTL logfile created on: 21/11/2011 08:45:23 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jack rp\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.23% Memory free
6.17 Gb Paging File | 5.33 Gb Available in Paging File | 86.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.72 Gb Total Space | 150.65 Gb Free Space | 67.94% Space Free | Partition Type: NTFS
Drive D: | 11.16 Gb Total Space | 2.40 Gb Free Space | 21.51% Space Free | Partition Type: NTFS

Computer Name: PX-TEST20 | User Name: jack rp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\jack rp\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\System32\btwhidcs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (xVTNameService) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (WefiEngSvc) -- C:\Program Files\WeFi\WefiEngSvc.exe (WeFi)
SRV - (FLEXnet Licenrp Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicenrpService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111117.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111117.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111116.030\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (taphss) -- C:\WINDOWS\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ztemtusbser) -- C:\WINDOWS\System32\drivers\CT_ZTEMT_U_USBSER.sys (ZTEMT Incorporated)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (tap0901) -- C:\WINDOWS\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel® -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NETw3v32) Intel® -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (USB_NDIS_51) -- C:\WINDOWS\System32\drivers\bcmndis.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 211.115.185.50:8080

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..network.proxy.backup.ftp: "109.86.220.228"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "109.86.220.228"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "109.86.220.228"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "109.86.220.228"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "109.86.220.228"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "109.86.220.228"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "109.86.220.228"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "109.86.220.228"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "109.86.220.228"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jack rp\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jack rp\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/17 03:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/11/16 10:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_3_6 [2011/11/21 08:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 08:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/16 08:09:09 | 000,000,000 | ---D | M]

[2009/03/08 04:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jack rp\AppData\Roaming\mozilla\Extensions
[2011/11/16 09:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jack rp\AppData\Roaming\mozilla\Firefox\Profiles\f3kn5gqx.default\extensions
[2010/07/29 14:27:31 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\jack rp\AppData\Roaming\mozilla\Firefox\Profiles\f3kn5gqx.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/09/05 10:28:48 | 000,002,378 | ---- | M] () -- C:\Users\jack rp\AppData\Roaming\Mozilla\Firefox\Profiles\f3kn5gqx.default\searchplugins\cisco-docs.xml
[2009/07/20 21:33:50 | 000,000,930 | ---- | M] () -- C:\Users\jack rp\AppData\Roaming\Mozilla\Firefox\Profiles\f3kn5gqx.default\searchplugins\facebook.xml
[2010/12/22 21:05:33 | 000,012,703 | ---- | M] () -- C:\Users\jack rp\AppData\Roaming\Mozilla\Firefox\Profiles\f3kn5gqx.default\searchplugins\imdb.xml
[2011/11/16 10:36:35 | 000,002,466 | ---- | M] () -- C:\Users\jack rp\AppData\Roaming\Mozilla\Firefox\Profiles\f3kn5gqx.default\searchplugins\safesearch.xml
[2010/08/18 01:39:47 | 000,001,597 | ---- | M] () -- C:\Users\jack rp\AppData\Roaming\Mozilla\Firefox\Profiles\f3kn5gqx.default\searchplugins\the-pirate-bay.xml
[2009/08/28 20:42:57 | 000,002,471 | ---- | M] () -- C:\Users\jack rp\AppData\Roaming\Mozilla\Firefox\Profiles\f3kn5gqx.default\searchplugins\torrentz-search.xml
[2009/03/28 19:29:40 | 000,000,945 | ---- | M] () -- C:\Users\jack rp\AppData\Roaming\Mozilla\Firefox\Profiles\f3kn5gqx.default\searchplugins\youtube-video-search.xml
[2011/11/17 08:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/17 08:52:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/21 08:20:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN_2011_7_3_6
[2011/11/16 10:27:47 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2011/11/16 08:09:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/16 08:09:07 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/16 08:09:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/16 08:09:07 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/16 08:09:07 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/16 08:09:07 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! UK & Ireland (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://uk-sayt.ff.search.yahoo.com/gossip-uk-sayt?output=fxjson&command={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jack rp\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jack rp\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jack rp\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Late Night = C:\Users\jack rp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\

O1 HOSTS File: ([2011/11/20 06:36:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Users\jack rp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Broadband Download Monitor.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3900604886-2310378004-3959223237-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A312C72-AE0B-4BA8-B179-D68472234843}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DDCE05C-CEA6-4E65-A924-820ED76840FA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 18:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 08:43:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jack rp\Desktop\OTL.exe
[2011/11/21 07:09:06 | 004,406,784 | ---- | C] (Geza Kovacs) -- C:\Users\jack rp\Desktop\unetbootin-xpud-windows-387.exe
[2011/11/20 10:10:19 | 000,000,000 | ---D | C] -- C:\Users\jack rp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Beta Cracked
[2011/11/20 10:10:13 | 000,000,000 | ---D | C] -- C:\Users\jack rp\AppData\Roaming\.minecraft
[2011/11/20 09:27:10 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\jack rp\Desktop\aswMBR.exe
[2011/11/20 08:27:52 | 000,000,000 | ---D | C] -- C:\Users\jack rp\Desktop\New Folder
[2011/11/20 06:40:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/20 06:40:22 | 000,000,000 | ---D | C] -- C:\Users\jack rp\AppData\Local\temp
[2011/11/20 06:39:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/20 06:26:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/20 06:26:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/20 06:26:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/11/20 06:26:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/20 06:26:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/20 06:19:08 | 004,302,402 | R--- | C] (Swearware) -- C:\Users\jack rp\Desktop\ComboFix.exe
[2011/11/19 11:43:20 | 000,000,000 | ---D | C] -- C:\Users\jack rp\Desktop\nov-2011
[2011/11/17 15:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/17 08:52:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/17 08:52:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/17 08:52:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/16 09:40:28 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2011/11/16 06:33:45 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/11/16 06:33:45 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/11/16 06:33:44 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys
[2011/11/16 06:33:44 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/11/16 06:33:44 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys
[2011/11/16 06:33:44 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\ironx86.sys
[2011/11/16 06:33:44 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/11/16 06:33:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1206000.01D
[2011/11/16 05:51:03 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/16 05:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/11/16 05:50:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/11/16 05:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/11/16 05:50:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/11/16 05:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/16 05:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/16 05:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/16 04:26:35 | 000,000,000 | ---D | C] -- C:\Users\jack rp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/16 03:20:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/16 03:20:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/16 03:20:17 | 000,000,000 | R--D | C] -- C:\Users\jack rp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/16 02:38:07 | 000,000,000 | ---D | C] -- C:\Users\jack rp\AppData\Roaming\Malwarebytes
[2011/11/16 02:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/16 01:26:50 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/11/16 01:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/10/23 10:20:24 | 000,000,000 | ---D | C] -- C:\Users\jack rp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/10/23 10:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/10/23 10:20:22 | 000,000,000 | ---D | C] -- C:\Users\jack rp\AppData\Roaming\Notepad++
[2011/10/23 10:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/10/22 14:05:08 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2009/03/16 07:59:56 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 08:47:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/21 08:45:25 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F36930DD-DF9A-40D3-BDED-87637647A2CF}.job
[2011/11/21 08:43:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jack rp\Desktop\OTL.exe
[2011/11/21 08:24:19 | 000,118,130 | ---- | M] () -- C:\Users\jack rp\AppData\Roaming\nvModes.001
[2011/11/21 08:24:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3900604886-2310378004-3959223237-1000UA.job
[2011/11/21 08:20:43 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/11/21 08:19:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 08:19:44 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 08:19:44 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 08:19:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 08:19:36 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 08:12:45 | 000,004,956 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/21 08:04:40 | 000,634,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/21 08:04:40 | 000,113,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 07:38:52 | 067,108,864 | ---- | M] () -- C:\Users\jack rp\Desktop\xpud-0.9.2.iso
[2011/11/21 07:15:10 | 004,406,784 | ---- | M] (Geza Kovacs) -- C:\Users\jack rp\Desktop\unetbootin-xpud-windows-387.exe
[2011/11/20 10:10:19 | 000,000,979 | ---- | M] () -- C:\Users\jack rp\Desktop\Start Minecraft Beta Cracked.lnk
[2011/11/20 09:30:31 | 000,000,512 | ---- | M] () -- C:\Users\jack rp\Desktop\MBR.dat
[2011/11/20 09:27:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\jack rp\Desktop\aswMBR.exe
[2011/11/20 08:43:16 | 000,021,629 | ---- | M] () -- C:\Users\jack rp\Desktop\redirect.jpg
[2011/11/20 06:36:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/20 06:20:11 | 004,302,402 | R--- | M] (Swearware) -- C:\Users\jack rp\Desktop\ComboFix.exe
[2011/11/19 04:24:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3900604886-2310378004-3959223237-1000Core.job
[2011/11/19 00:09:07 | 000,118,130 | ---- | M] () -- C:\Users\jack rp\AppData\Roaming\nvModes.dat
[2011/11/18 06:56:21 | 000,012,791 | ---- | M] () -- C:\Users\jack rp\AppData\Roaming\UserTile.png
[2011/11/17 20:04:49 | 000,109,056 | ---- | M] () -- C:\Users\jack rp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/16 09:40:01 | 001,004,326 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/11/16 06:48:59 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/11/16 06:33:46 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/16 06:33:46 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/16 06:33:46 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/16 04:27:25 | 000,002,106 | ---- | M] () -- C:\Users\jack rp\Desktop\Google Chrome.lnk
[2011/11/16 01:26:50 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/11/16 01:22:01 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/10/22 14:05:08 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/21 07:20:42 | 067,108,864 | ---- | C] () -- C:\Users\jack rp\Desktop\xpud-0.9.2.iso
[2011/11/20 10:10:19 | 000,000,979 | ---- | C] () -- C:\Users\jack rp\Desktop\Start Minecraft Beta Cracked.lnk
[2011/11/20 09:30:31 | 000,000,512 | ---- | C] () -- C:\Users\jack rp\Desktop\MBR.dat
[2011/11/20 08:43:16 | 000,021,629 | ---- | C] () -- C:\Users\jack rp\Desktop\redirect.jpg
[2011/11/20 06:26:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/20 06:26:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/20 06:26:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/20 06:26:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/20 06:26:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/18 06:56:21 | 000,012,791 | ---- | C] () -- C:\Users\jack rp\AppData\Roaming\UserTile.png
[2011/11/16 08:09:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/16 06:47:45 | 001,004,326 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/11/16 06:33:45 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/11/16 06:33:45 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.cat
[2011/11/16 06:33:45 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.inf
[2011/11/16 06:33:45 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.inf
[2011/11/16 06:33:44 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.cat
[2011/11/16 06:33:44 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.cat
[2011/11/16 06:33:44 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/11/16 06:33:44 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/11/16 06:33:44 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.inf
[2011/11/16 06:33:44 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.inf
[2011/11/16 06:33:44 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/11/16 06:33:44 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/11/16 06:33:44 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.inf
[2011/11/16 06:33:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.cat
[2011/11/16 06:33:29 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/11/16 05:51:03 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/16 05:51:03 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/16 05:50:57 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/11/16 04:26:37 | 000,002,106 | ---- | C] () -- C:\Users\jack rp\Desktop\Google Chrome.lnk
[2011/11/16 01:22:01 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/11/03 18:19:20 | 040,876,170 | ---- | C] () -- C:\Users\jack rp\Desktop\CCNA_640-802 MAIN BOOK.pdf
[2011/06/16 01:09:38 | 000,000,926 | ---- | C] () -- C:\Windows\AirLite.INI
[2011/05/06 03:30:19 | 000,000,258 | -H-- | C] () -- C:\ProgramData\tmaster8.net
[2011/01/27 17:29:46 | 000,000,010 | ---- | C] () -- C:\Windows\Wininit.ini
[2011/01/27 17:29:42 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL
[2011/01/27 17:29:42 | 000,009,136 | ---- | C] () -- C:\Windows\INETWH16.DLL
[2011/01/27 17:29:42 | 000,004,528 | ---- | C] () -- C:\Windows\SETBROWS.EXE
[2011/01/08 18:04:16 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2011/01/08 18:04:11 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/08 18:04:11 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/24 19:04:11 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/24 02:16:21 | 000,000,528 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010/01/24 01:25:38 | 000,000,015 | -HS- | C] () -- C:\Users\jack rp\AppData\Roaming\regFN
[2010/01/21 22:46:37 | 000,000,098 | ---- | C] () -- C:\Users\jack rp\AppData\Local\fusioncache.dat
[2009/11/17 21:41:55 | 000,000,059 | ---- | C] () -- C:\Windows\System32\telnet.exe IP
[2009/07/17 13:54:13 | 000,000,075 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/06/29 19:22:53 | 000,000,990 | -HS- | C] () -- C:\Users\jack rp\AppData\Roaming\systemfl.$dk
[2009/05/06 19:56:53 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/05/05 16:31:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/16 07:59:57 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe
[2009/03/16 07:59:56 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll
[2009/03/16 07:59:56 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll
[2009/03/16 07:59:56 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll
[2009/03/08 04:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/02/23 17:57:43 | 000,000,680 | ---- | C] () -- C:\Users\jack rp\AppData\Local\d3d9caps.dat
[2009/02/14 19:39:13 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/01/26 12:18:27 | 000,001,866 | ---- | C] () -- C:\Users\jack rp\AppData\Roaming\wklnhst.dat
[2009/01/15 09:36:13 | 000,109,056 | ---- | C] () -- C:\Users\jack rp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/12 00:11:00 | 000,118,130 | ---- | C] () -- C:\Users\jack rp\AppData\Roaming\nvModes.001
[2009/01/11 16:38:58 | 000,118,130 | ---- | C] () -- C:\Users\jack rp\AppData\Roaming\nvModes.dat
[2008/05/25 12:00:14 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/05/25 12:00:14 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/05/25 11:59:44 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/25 11:51:12 | 000,004,956 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/05 22:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 15:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 15:47:37 | 001,770,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 15:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 13:33:01 | 000,634,574 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 13:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 13:33:01 | 000,113,060 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 13:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 13:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 13:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 11:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 11:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 10:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 10:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 10:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 10:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 23:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users