Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slow and to load and high CPU Usage


  • This topic is locked This topic is locked
14 replies to this topic

#1 Nonic

Nonic

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SYDNEY, AUSTRALIA
  • Local time:06:22 PM

Posted 26 March 2012 - 12:39 AM

Hi
A few months ago I noticed my desk top PC was slow and taking longer than normal to open web pages. When Task Master is
launched I notice the CPU usage goes up to 100% while web pages try to load or a program is launched. Often the download process will "freeze" and the PC is unresponsive while the usage stays at 100%. On ocassions the PC will "crash" while the CPU usage is at 100%. I have no idea what is likely to have caused this problem i.e. whether the problem is a reult of Malware/Rootkit infection or a hardware component [CPU] malfunction. As a starting point I have followed the instructions contained in the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, downloading and running the following:
1 DeFogger program [
CD Emulation programs if any have been disabled]
2 DDS
3 GMER
Scan results for DDS and GMER are attached.
When running GMER not only was the CPU usage constantly at 100% but the scan would "freeze" for a period before continuing. Needless to say it took some time to complete the scan.
If it is of any help basic details of my system are :
Windows XP Professional Service Pack 3
Celeron ® CPU 2.8 GHz. 1.00 GB of RAM
Obviously, I am keen to identify the cause of this problem in order to return the PC to a more functional state. If the cause can be established then I will hopefully be able to avoid a reoccurrence. Any advice to overcome this problem would be gratefully received.
Thank you
Nonic.

Attached Files


Lead Me Not Into Temptation.....I Can Find the Way Myself !!!

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 AM

Posted 28 March 2012 - 06:33 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Nonic

Nonic
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SYDNEY, AUSTRALIA
  • Local time:06:22 PM

Posted 28 March 2012 - 10:24 PM

Hi m0le
Thank you for your reply. I forgot to mention in my original post that my internet security is provided by Norton 360 v 6. I have run several Full System Scans using this program and also MBAM. No infections were found by either programs. That is about my limit in troubleshooting. I look forward to your assistance.

With thanks

Nonic

Lead Me Not Into Temptation.....I Can Find the Way Myself !!!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 AM

Posted 29 March 2012 - 07:11 PM

Let's take a look for rootkit clues with aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Nonic

Nonic
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SYDNEY, AUSTRALIA
  • Local time:06:22 PM

Posted 29 March 2012 - 08:26 PM

Hi mOle
Scan run successfully and log is attached.
With thanks
Nonic

Attached Files


Lead Me Not Into Temptation.....I Can Find the Way Myself !!!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 AM

Posted 30 March 2012 - 08:28 PM

There's nothing nasty there.

Please run OTL, a scanner which can help me look for problems.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 Nonic

Nonic
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SYDNEY, AUSTRALIA
  • Local time:06:22 PM

Posted 31 March 2012 - 03:26 AM

Hi mOle
I downloaded OTL and checked the settings as instructed. After closing all open windows I launched OTL without problems. However, during the scannining process the scan stopped and the window went blank. The blue bar at the top of the window was showing the text "OTL By Old Timer-Version 3.2.39.2 [Not Responding]. Ovelayed on this window was a smaller box with the error message "Bad Image" displayed. After 20 minutes nothing had changed so I tried to take a screen shot of the window and the error message so that I could attach them to this reply. However,as the PC would not respond to any commands I decided to reboot it. I ran OTL again and this time the scan seemed to complete but as soon as it did the task bar and all existing icons on my desk top for Defogger/dds/GMER and aswMBR Logs disappeared. There was no sign of either logs for the OTL scan. After rebooting the PC I noticed all the icons were again displayed on the desk top including one each for OTL.Text and Extras.Text. However,when I opened them there was no content in either of these log files.
I relaunched the OTL scan and this time the scan completed and a Notepad window appeared displaying the content of a OTL.Text file. A copy of the contents of this file is shown below. No Notepad window appeared for the Extras.Text file. Thinking this was unusal I ran the OTL scan again but the result was the same as the previous scan i.e.an OTL.Text file but no Extras.Text file. I don't know how much of this is relevant but I thought it best to provide all the detail for your consideration.
With thanks
Nonic


OTL logfile created on: 31/03/2012 4:25:02 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Laurence\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.49 Mb Total Physical Memory | 527.07 Mb Available Physical Memory | 51.50% Memory free
2.41 Gb Paging File | 2.06 Gb Available in Paging File | 85.56% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.01 Gb Free Space | 37.61% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Laurence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Laurence\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton 360 Premier Edition\Engine\6.1.2.10\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d3048c17\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d40add44\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_66720c5b\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7c55a47f\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_04437350\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll ()
MOD - c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll ()
MOD - c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll ()
MOD - c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll ()
MOD - c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe File not found
SRV - (N360) -- C:\Program Files\Norton 360 Premier Edition\Engine\6.1.2.10\ccSvcHst.exe (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (nhksrv) -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (StarOpen) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120330.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120330.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120330.002\IDSXpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys (Symantec Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0601020.00A\symefa.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0601020.00A\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0601020.00A\srtspx.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0601020.00A\symtdi.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0601020.00A\ironx86.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\WINDOWS\system32\drivers\N360\0601020.00A\ccsetx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0601020.00A\symds.sys (Symantec Corporation)
DRV - (is-2GKP0drv) -- C:\WINDOWS\system32\drivers\17177906.sys (Kaspersky Lab)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (alcan5ln) SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS) -- C:\WINDOWS\system32\drivers\alcan5ln.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (msikbd2k) -- C:\WINDOWS\system32\drivers\Msikbd2k.sys (Netropa Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (EN1207D) -- C:\WINDOWS\system32\drivers\ACC07D.sys (Accton Technology Corp.)
DRV - (SetupNT) -- C:\WINDOWS\system32\SetupNT.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{AAC8D257-EEB0-48ED-86C6-0A146DFAF87C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ALSV5&o=1665&src=crm&q={searchTerms}&locale=&apn_ptnrs=AU&apn_dtid=YYYYYYYYAU&apn_uid=cd2aaf6d-47f3-4c15-998e-96e68d226d06&apn_sauid=E29594D7-C1E4-4094-AA4B-FE72DA649199
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=AU&ver=5
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://au.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..network.proxy.autoconfig_url: "http://www.google.com.au/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 13:55:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/03/20 15:37:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/03/31 15:05:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 15:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/17 14:42:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/31 09:03:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/11 15:39:06 | 000,000,000 | ---D | M]

[2010/01/10 15:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laurence\Application Data\Mozilla\Extensions
[2010/01/10 15:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laurence\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/08/27 18:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laurence\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/11 17:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\qcu6af7f.default\extensions
[2009/07/02 09:22:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\qcu6af7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/11 17:01:58 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\qcu6af7f.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2008/11/18 19:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\qcu6af7f.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2012/03/17 19:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\qfqh1cn3.Laurence\extensions
[2012/03/17 15:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/17 15:03:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/08/22 17:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2012/03/13 15:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 23:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2006/12/12 10:48:22 | 001,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/06/30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2012/01/04 00:10:44 | 000,182,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/08/31 09:03:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/08/31 09:03:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/08/31 09:03:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/08/31 09:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/08/31 09:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/08/31 09:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/08/31 09:03:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/03/13 16:38:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/13 16:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 16:38:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/03/13 16:38:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/03/13 16:06:36 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/03/13 16:06:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/03/13 16:38:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2008/09/21 20:00:49 | 000,000,202 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\6.1.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108855
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoRecentDocsHistory: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: bigpond.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com.au ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com.au ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: superantispyware.com ([www] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab (DjVuCtl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/activedata/nprdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205728687734 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164675666838 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90C832CF-E87C-4600-8387-0995A0D4D24A}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDE300EB-D665-42F9-81F1-1D5974083ABA}: DhcpNameServer = 220.233.0.3 220.233.0.4
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Laurence\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Laurence\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/24 10:31:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a8d4386-9acb-11df-8e5c-00e04c605967}\Shell\AutoRun\command - "" = E:\SYSTEM.EXE
O33 - MountPoints2\{2a8d4386-9acb-11df-8e5c-00e04c605967}\Shell\eXpLorE\CoMmAnD - "" = E:\SYSTEM.EXE
O33 - MountPoints2\{2a8d4386-9acb-11df-8e5c-00e04c605967}\Shell\oPEN\cOMMaNd - "" = E:\SYSTEM.EXE
O33 - MountPoints2\{2a8d4387-9acb-11df-8e5c-00e04c605967}\Shell\AutoRun\command - "" = E:\SYSTEM.EXE
O33 - MountPoints2\{2a8d4387-9acb-11df-8e5c-00e04c605967}\Shell\eXpLorE\CoMmAnD - "" = E:\SYSTEM.EXE
O33 - MountPoints2\{2a8d4387-9acb-11df-8e5c-00e04c605967}\Shell\oPEN\cOMMaNd - "" = E:\SYSTEM.EXE
O33 - MountPoints2\{3b21c016-f233-11dc-ab7f-0008a11a4ea4}\Shell - "" = AutoRun
O33 - MountPoints2\{3b21c016-f233-11dc-ab7f-0008a11a4ea4}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 12:38:46 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Laurence\Desktop\OTL.exe
[2012/03/30 12:05:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Laurence\Desktop\aswMBR.exe
[2012/03/25 11:39:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Laurence\Desktop\dds.scr
[2012/03/24 12:26:18 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symefa.sys
[2012/03/24 12:26:18 | 000,388,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symtdi.sys
[2012/03/24 12:26:18 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symtdiv.sys
[2012/03/24 12:26:18 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symnets.sys
[2012/03/24 12:26:17 | 000,574,584 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0601020.00A\srtsp.sys
[2012/03/24 12:26:17 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symds.sys
[2012/03/24 12:26:17 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0601020.00A\ironx86.sys
[2012/03/24 12:26:17 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0601020.00A\ccsetx86.sys
[2012/03/24 12:26:17 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0601020.00A\srtspx.sys
[2012/03/24 12:25:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0601020.00A
[2012/03/21 13:47:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/03/21 13:46:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/20 15:36:05 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/03/20 15:36:04 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/03/20 15:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/03/20 15:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/03/20 15:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2012/03/20 15:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360 Premier Edition
[2012/03/20 15:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360 Premier Edition
[2012/03/20 15:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/03/17 15:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laurence\Application Data\Auslogics
[2012/03/17 15:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2012/03/17 15:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012/03/17 14:42:42 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/03/17 14:42:41 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/03/17 14:42:41 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/03/17 14:42:41 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/03/05 20:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laurence\My Documents\AUDIO_TS
[2012/03/02 14:58:48 | 000,000,000 | ---D | C] -- C:\RD4B335D2AF9F44185AFC417F8D8D4B473DR

========== Files - Modified Within 30 Days ==========

[2012/03/31 15:05:53 | 000,021,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/31 15:04:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/31 15:04:09 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/31 15:02:08 | 027,629,036 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/03/31 15:01:54 | 2360,578,080 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/03/31 12:38:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laurence\Desktop\OTL.exe
[2012/03/30 12:11:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Laurence\Desktop\MBR.dat
[2012/03/30 12:06:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Laurence\Desktop\aswMBR.exe
[2012/03/29 17:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/27 14:33:03 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2012/03/27 13:59:42 | 000,178,158 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/03/27 13:49:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2012/03/27 13:49:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2012/03/26 08:11:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2012/03/26 08:11:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2012/03/25 11:54:21 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Laurence\Desktop\o2kf0dp4.exe
[2012/03/25 11:39:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Laurence\Desktop\dds.scr
[2012/03/25 11:38:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Laurence\defogger_reenable
[2012/03/25 11:29:42 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Laurence\Desktop\Defogger.exe
[2012/03/24 16:06:23 | 001,165,951 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\Cat.DB
[2012/03/24 16:05:12 | 000,008,727 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\VT20120301.009
[2012/03/24 13:43:39 | 000,294,822 | ---- | M] () -- C:\Documents and Settings\Laurence\My Documents\NRMA membership-tcs.pdf
[2012/03/24 12:26:50 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/03/24 12:26:50 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/03/24 12:26:49 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/03/24 12:26:49 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/03/21 16:57:29 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012/03/21 16:57:17 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/21 13:46:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/20 15:51:55 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\isolate.ini
[2012/03/17 14:41:50 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/03/17 14:41:50 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/03/17 14:41:50 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/03/17 14:41:50 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/17 14:41:49 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/03/17 14:41:49 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/03/15 17:26:04 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 17:04:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/05 21:25:54 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Laurence\default.pls

========== Files Created - No Company Name ==========

[2012/03/30 12:11:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Laurence\Desktop\MBR.dat
[2012/03/27 13:49:04 | 000,000,268 | -H-- | C] () -- C:\sqmdata04.sqm
[2012/03/27 13:49:04 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2012/03/26 08:11:26 | 000,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
[2012/03/26 08:11:26 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2012/03/25 19:20:24 | 1073,274,880 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/25 19:17:54 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/03/25 19:17:54 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2012/03/25 11:54:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Laurence\Desktop\o2kf0dp4.exe
[2012/03/25 11:38:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Laurence\defogger_reenable
[2012/03/25 11:29:41 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Laurence\Desktop\Defogger.exe
[2012/03/24 16:05:12 | 001,165,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\Cat.DB
[2012/03/24 16:05:12 | 000,008,727 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\VT20120301.009
[2012/03/24 13:43:39 | 000,294,822 | ---- | C] () -- C:\Documents and Settings\Laurence\My Documents\NRMA membership-tcs.pdf
[2012/03/24 12:26:18 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symnetv.cat
[2012/03/24 12:26:18 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symnet.cat
[2012/03/24 12:26:18 | 000,001,469 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symnetv.inf
[2012/03/24 12:26:18 | 000,001,441 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symnet.inf
[2012/03/24 12:26:17 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symds.cat
[2012/03/24 12:26:17 | 000,007,468 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\ccsetx86.cat
[2012/03/24 12:26:17 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symefa.cat
[2012/03/24 12:26:17 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\srtspx.cat
[2012/03/24 12:26:17 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\srtsp.cat
[2012/03/24 12:26:17 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\iron.cat
[2012/03/24 12:26:17 | 000,003,434 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symefa.inf
[2012/03/24 12:26:17 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symds.inf
[2012/03/24 12:26:17 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\srtspx.inf
[2012/03/24 12:26:17 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\srtsp.inf
[2012/03/24 12:26:17 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\ccsetx86.inf
[2012/03/24 12:26:17 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\iron.inf
[2012/03/24 12:25:20 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\symvtcer.dat
[2012/03/24 12:25:19 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0601020.00A\isolate.ini
[2012/03/20 15:36:05 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/03/20 15:36:04 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/03/15 11:58:30 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Laurence\Start Menu\Programs\Internet Explorer.lnk
[2012/02/15 19:03:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/14 19:19:07 | 000,631,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/10 15:16:50 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/13 22:21:40 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2011/05/21 13:15:33 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Laurence\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/21 13:09:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/07 15:25:04 | 000,104,156 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/04/07 15:25:04 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/01/02 15:37:31 | 000,522,928 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

========== LOP Check ==========

[2010/06/08 11:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2009/02/21 16:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/01/02 17:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2007/01/09 11:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2007/06/19 14:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/17 15:15:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2007/08/13 09:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/05/13 15:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/03/08 08:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/02/27 17:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2011/01/02 12:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/31 11:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/08/17 21:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/10/07 10:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/08/20 21:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2012/03/17 17:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Auslogics
[2009/02/27 19:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Avanquest
[2012/03/03 13:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Azureus
[2009/09/02 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Blitware
[2011/01/02 17:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Canneverbe Limited
[2008/09/29 21:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/02 15:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\dBpoweramp
[2010/08/30 21:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Desktopicon
[2011/06/09 18:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Free MP3 WMA OGG Converter
[2010/10/14 18:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\FUJIFILM
[2009/05/13 14:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\GetRightToGo
[2009/08/27 16:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\GrabPro
[2009/02/24 19:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\ImgBurn
[2010/09/01 19:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Leadertech
[2009/07/22 16:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\LimeWire
[2008/11/04 20:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\MSNInstaller
[2012/03/19 19:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Orbit
[2010/08/31 15:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\ProgSense
[2009/11/13 20:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Samsung
[2008/01/24 16:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\SlySoft
[2008/02/29 15:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\SolidDocuments
[2009/07/22 16:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\SystemRequirementsLab
[2010/01/10 15:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Thunderbird
[2011/04/15 15:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Tific
[2012/02/24 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Vso
[2009/07/23 16:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurence\Application Data\Windows Search
[2012/03/29 17:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/02/05 02:59:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\Uninstall_CDS.exe:SummaryInformation
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:3211191FC2FD3DC3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1063995
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


Lead Me Not Into Temptation.....I Can Find the Way Myself !!!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 AM

Posted 31 March 2012 - 10:10 AM

Please run TDSSKiller now

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#9 Nonic

Nonic
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SYDNEY, AUSTRALIA
  • Local time:06:22 PM

Posted 31 March 2012 - 05:05 PM

Hi mOle
TDSSKiller downloaded and run without any problem. Please find the Log below.
With thanks
Nonic

07:39:52.0765 2936 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
07:39:54.0906 2936 ============================================================
07:39:54.0906 2936 Current date / time: 2012/04/01 07:39:54.0906
07:39:54.0921 2936 SystemInfo:
07:39:54.0921 2936
07:39:54.0921 2936 OS Version: 5.1.2600 ServicePack: 3.0
07:39:54.0921 2936 Product type: Workstation
07:39:54.0921 2936 ComputerName: PC
07:39:54.0921 2936 UserName: Laurence
07:39:54.0921 2936 Windows directory: C:\WINDOWS
07:39:54.0921 2936 System windows directory: C:\WINDOWS
07:39:54.0937 2936 Processor architecture: Intel x86
07:39:54.0937 2936 Number of processors: 1
07:39:54.0937 2936 Page size: 0x1000
07:39:54.0937 2936 Boot type: Normal boot
07:39:54.0937 2936 ============================================================
07:40:00.0546 2936 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:40:00.0609 2936 \Device\Harddisk0\DR0:
07:40:00.0609 2936 MBR used
07:40:00.0609 2936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
07:40:00.0671 2936 Initialize success
07:40:00.0671 2936 ============================================================
07:40:05.0421 3072 ============================================================
07:40:05.0421 3072 Scan started
07:40:05.0421 3072 Mode: Manual;
07:40:05.0421 3072 ============================================================
07:40:07.0859 3072 Abiosdsk - ok
07:40:08.0312 3072 abp480n5 - ok
07:40:09.0406 3072 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:40:09.0640 3072 ACPI - ok
07:40:10.0375 3072 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:40:10.0421 3072 ACPIEC - ok
07:40:11.0328 3072 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:40:11.0546 3072 AdobeFlashPlayerUpdateSvc - ok
07:40:11.0921 3072 adpu160m - ok
07:40:13.0031 3072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:40:13.0671 3072 aec - ok
07:40:14.0546 3072 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:40:15.0250 3072 AFD - ok
07:40:16.0250 3072 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:40:16.0843 3072 agp440 - ok
07:40:17.0656 3072 Aha154x - ok
07:40:18.0671 3072 aic78u2 - ok
07:40:19.0640 3072 aic78xx - ok
07:40:20.0828 3072 alcan5ln (e8a3f72f644c0b57f8ab894d04b289d7) C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
07:40:20.0984 3072 alcan5ln - ok
07:40:22.0281 3072 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
07:40:22.0781 3072 alcaudsl - ok
07:40:23.0734 3072 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
07:40:24.0359 3072 Alerter - ok
07:40:25.0437 3072 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
07:40:25.0703 3072 ALG - ok
07:40:27.0078 3072 AliIde - ok
07:40:27.0812 3072 amsint - ok
07:40:29.0375 3072 AnyDVD (eb9a88895a822c13aa2bbc9dcd44280f) C:\WINDOWS\system32\Drivers\AnyDVD.sys
07:40:30.0984 3072 AnyDVD - ok
07:40:32.0312 3072 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
07:40:32.0453 3072 AppMgmt - ok
07:40:33.0328 3072 asc - ok
07:40:34.0093 3072 asc3350p - ok
07:40:34.0875 3072 asc3550 - ok
07:40:36.0078 3072 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\ASPI32.sys
07:40:36.0218 3072 ASPI32 - ok
07:40:36.0765 3072 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:40:37.0046 3072 aspnet_state - ok
07:40:37.0843 3072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:40:38.0078 3072 AsyncMac - ok
07:40:38.0625 3072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:40:38.0843 3072 atapi - ok
07:40:39.0218 3072 Atdisk - ok
07:40:39.0781 3072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:40:39.0890 3072 Atmarpc - ok
07:40:40.0640 3072 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
07:40:40.0671 3072 AudioSrv - ok
07:40:41.0734 3072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:40:41.0828 3072 audstub - ok
07:40:42.0890 3072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:40:42.0953 3072 Beep - ok
07:40:43.0750 3072 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
07:40:44.0171 3072 BHDrvx86 - ok
07:40:44.0781 3072 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
07:40:45.0468 3072 BITS - ok
07:40:46.0015 3072 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
07:40:46.0156 3072 Browser - ok
07:40:46.0765 3072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:40:46.0765 3072 cbidf2k - ok
07:40:47.0781 3072 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0601020.00A\ccSetx86.sys
07:40:47.0890 3072 ccSet_N360 - ok
07:40:48.0421 3072 cd20xrnt - ok
07:40:48.0984 3072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:40:49.0046 3072 Cdaudio - ok
07:40:49.0593 3072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:40:49.0812 3072 Cdfs - ok
07:40:50.0265 3072 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
07:40:50.0359 3072 cdrbsdrv - ok
07:40:50.0828 3072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:40:51.0000 3072 Cdrom - ok
07:40:51.0687 3072 Changer - ok
07:40:52.0734 3072 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
07:40:53.0375 3072 CiSvc - ok
07:40:54.0218 3072 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
07:40:54.0890 3072 ClipSrv - ok
07:40:56.0796 3072 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:40:58.0156 3072 clr_optimization_v2.0.50727_32 - ok
07:40:59.0046 3072 CmdIde - ok
07:41:01.0687 3072 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys
07:41:03.0359 3072 cmuda - ok
07:41:05.0156 3072 COMSysApp - ok
07:41:05.0687 3072 Cpqarray - ok
07:41:07.0687 3072 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
07:41:07.0812 3072 CryptSvc - ok
07:41:08.0609 3072 dac2w2k - ok
07:41:09.0031 3072 dac960nt - ok
07:41:09.0765 3072 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:41:10.0000 3072 DcomLaunch - ok
07:41:10.0515 3072 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
07:41:10.0687 3072 Dhcp - ok
07:41:11.0515 3072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:41:11.0656 3072 Disk - ok
07:41:12.0281 3072 dmadmin - ok
07:41:13.0281 3072 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:41:14.0031 3072 dmboot - ok
07:41:15.0375 3072 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
07:41:15.0687 3072 dmio - ok
07:41:16.0531 3072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:41:16.0609 3072 dmload - ok
07:41:17.0375 3072 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
07:41:17.0484 3072 dmserver - ok
07:41:18.0140 3072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:41:18.0562 3072 DMusic - ok
07:41:19.0156 3072 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
07:41:19.0218 3072 Dnscache - ok
07:41:20.0203 3072 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
07:41:20.0375 3072 Dot3svc - ok
07:41:20.0906 3072 dpti2o - ok
07:41:21.0406 3072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:41:21.0656 3072 drmkaud - ok
07:41:22.0312 3072 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
07:41:22.0515 3072 EapHost - ok
07:41:23.0343 3072 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:41:23.0828 3072 eeCtrl - ok
07:41:24.0437 3072 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
07:41:24.0593 3072 ElbyCDFL - ok
07:41:25.0406 3072 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
07:41:25.0437 3072 ElbyCDIO - ok
07:41:25.0984 3072 EN1207D (3ac28dc5c7d4b011fa2209eda87e11da) C:\WINDOWS\system32\DRIVERS\ACC07D.SYS
07:41:26.0062 3072 EN1207D - ok
07:41:26.0468 3072 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:41:26.0718 3072 EraserUtilRebootDrv - ok
07:41:27.0140 3072 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
07:41:27.0375 3072 ERSvc - ok
07:41:27.0843 3072 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:41:27.0953 3072 Eventlog - ok
07:41:28.0718 3072 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
07:41:28.0875 3072 EventSystem - ok
07:41:29.0640 3072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:41:29.0750 3072 Fastfat - ok
07:41:30.0265 3072 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:41:30.0515 3072 FastUserSwitchingCompatibility - ok
07:41:31.0062 3072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:41:31.0078 3072 Fdc - ok
07:41:31.0734 3072 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:41:31.0921 3072 Fips - ok
07:41:32.0421 3072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:41:32.0687 3072 Flpydisk - ok
07:41:33.0250 3072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:41:33.0328 3072 FltMgr - ok
07:41:33.0875 3072 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:41:33.0906 3072 FontCache3.0.0.0 - ok
07:41:34.0406 3072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:41:34.0421 3072 Fs_Rec - ok
07:41:35.0093 3072 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:41:35.0359 3072 Ftdisk - ok
07:41:35.0968 3072 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
07:41:36.0093 3072 gameenum - ok
07:41:36.0578 3072 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
07:41:36.0640 3072 GEARAspiWDM - ok
07:41:37.0843 3072 GoogleDesktopManager (991bec74353f8fe96df3092b4a4c18ae) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
07:41:38.0953 3072 GoogleDesktopManager - ok
07:41:39.0578 3072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:41:39.0812 3072 Gpc - ok
07:41:40.0093 3072 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:41:40.0140 3072 helpsvc - ok
07:41:40.0718 3072 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
07:41:40.0796 3072 HidServ - ok
07:41:41.0281 3072 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:41:41.0500 3072 HidUsb - ok
07:41:42.0093 3072 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
07:41:42.0203 3072 hkmsvc - ok
07:41:42.0640 3072 hpn - ok
07:41:43.0343 3072 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:41:43.0468 3072 HPZid412 - ok
07:41:43.0906 3072 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:41:44.0203 3072 HPZipr12 - ok
07:41:44.0640 3072 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:41:44.0671 3072 HPZius12 - ok
07:41:45.0421 3072 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
07:41:45.0562 3072 HSFHWBS2 - ok
07:41:46.0625 3072 HSF_DP (0ade6a9622ff72599ef2980036112f17) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
07:41:47.0406 3072 HSF_DP - ok
07:41:48.0312 3072 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
07:41:49.0078 3072 HSF_DPV - ok
07:41:49.0781 3072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:41:49.0906 3072 HTTP - ok
07:41:50.0312 3072 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
07:41:50.0343 3072 HTTPFilter - ok
07:41:50.0875 3072 i2omgmt - ok
07:41:51.0296 3072 i2omp - ok
07:41:51.0718 3072 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:41:52.0109 3072 i8042prt - ok
07:41:52.0312 3072 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
07:41:52.0453 3072 IDriverT - ok
07:41:53.0234 3072 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:41:53.0687 3072 idsvc - ok
07:41:54.0359 3072 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120330.002\IDSxpx86.sys
07:41:54.0593 3072 IDSxpx86 - ok
07:41:55.0140 3072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:41:55.0156 3072 Imapi - ok
07:41:55.0765 3072 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
07:41:56.0046 3072 ImapiService - ok
07:41:56.0656 3072 ini910u - ok
07:41:57.0093 3072 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:41:57.0109 3072 IntelIde - ok
07:41:57.0609 3072 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:41:57.0828 3072 intelppm - ok
07:41:58.0312 3072 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:41:58.0328 3072 Ip6Fw - ok
07:41:59.0015 3072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:41:59.0031 3072 IpFilterDriver - ok
07:41:59.0453 3072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:41:59.0468 3072 IpInIp - ok
07:42:00.0140 3072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:42:00.0203 3072 IpNat - ok
07:42:00.0671 3072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:42:00.0703 3072 IPSec - ok
07:42:01.0406 3072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:42:01.0625 3072 IRENUM - ok
07:42:02.0281 3072 is-2GKP0drv (0aa3ad071827118fcc8f37f7a6ab7aa1) C:\WINDOWS\system32\DRIVERS\17177906.sys
07:42:02.0421 3072 is-2GKP0drv - ok
07:42:02.0843 3072 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:42:02.0937 3072 isapnp - ok
07:42:03.0250 3072 JavaQuickStarterService - ok
07:42:03.0781 3072 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:42:03.0812 3072 Kbdclass - ok
07:42:04.0484 3072 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:42:04.0859 3072 kbdhid - ok
07:42:05.0359 3072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:42:05.0640 3072 kmixer - ok
07:42:06.0296 3072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:42:06.0453 3072 KSecDD - ok
07:42:07.0250 3072 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
07:42:07.0328 3072 lanmanserver - ok
07:42:08.0046 3072 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
07:42:08.0328 3072 lanmanworkstation - ok
07:42:08.0921 3072 lbrtfdc - ok
07:42:09.0531 3072 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
07:42:09.0671 3072 LmHosts - ok
07:42:10.0609 3072 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
07:42:11.0234 3072 MDM - ok
07:42:11.0687 3072 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:42:11.0890 3072 mdmxsdk - ok
07:42:12.0500 3072 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
07:42:12.0546 3072 Messenger - ok
07:42:12.0781 3072 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
07:42:12.0828 3072 Microsoft Office Groove Audit Service - ok
07:42:13.0343 3072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:42:13.0359 3072 mnmdd - ok
07:42:13.0921 3072 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
07:42:13.0984 3072 mnmsrvc - ok
07:42:14.0671 3072 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:42:14.0890 3072 Modem - ok
07:42:15.0312 3072 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
07:42:15.0406 3072 MODEMCSA - ok
07:42:15.0796 3072 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:42:15.0828 3072 Mouclass - ok
07:42:16.0328 3072 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:42:16.0375 3072 mouhid - ok
07:42:16.0953 3072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:42:17.0015 3072 MountMgr - ok
07:42:17.0375 3072 mraid35x - ok
07:42:17.0937 3072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:42:18.0031 3072 MRxDAV - ok
07:42:18.0828 3072 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:42:19.0109 3072 MRxSmb - ok
07:42:19.0750 3072 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
07:42:19.0765 3072 MSDTC - ok
07:42:20.0515 3072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:42:20.0546 3072 Msfs - ok
07:42:21.0125 3072 msikbd2k (ee72caa61c3c2f01603f91356e14799b) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
07:42:21.0171 3072 msikbd2k - ok
07:42:21.0609 3072 MSIServer - ok
07:42:22.0046 3072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:42:22.0265 3072 MSKSSRV - ok
07:42:22.0765 3072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:42:22.0906 3072 MSPCLOCK - ok
07:42:24.0078 3072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:42:24.0218 3072 MSPQM - ok
07:42:24.0890 3072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:42:24.0906 3072 mssmbios - ok
07:42:25.0609 3072 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
07:42:25.0656 3072 ms_mpu401 - ok
07:42:26.0312 3072 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:42:26.0437 3072 Mup - ok
07:42:26.0875 3072 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files\Norton 360 Premier Edition\Engine\6.1.2.10\ccSvcHst.exe
07:42:26.0953 3072 N360 - ok
07:42:27.0609 3072 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
07:42:27.0843 3072 napagent - ok
07:42:28.0453 3072 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120330.002\NAVENG.SYS
07:42:28.0593 3072 NAVENG - ok
07:42:30.0062 3072 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120330.002\NAVEX15.SYS
07:42:30.0859 3072 NAVEX15 - ok
07:42:31.0375 3072 NBService (f46070ddada5c396b1f2ebf1c46dbb08) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
07:42:31.0843 3072 NBService - ok
07:42:32.0390 3072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:42:32.0890 3072 NDIS - ok
07:42:33.0656 3072 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:42:33.0796 3072 NdisTapi - ok
07:42:34.0953 3072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:42:35.0078 3072 Ndisuio - ok
07:42:35.0890 3072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:42:35.0968 3072 NdisWan - ok
07:42:36.0468 3072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:42:36.0531 3072 NDProxy - ok
07:42:37.0765 3072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:42:37.0890 3072 NetBIOS - ok
07:42:38.0468 3072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:42:38.0546 3072 NetBT - ok
07:42:39.0343 3072 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:42:43.0890 3072 NetDDE - ok
07:42:44.0187 3072 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:42:44.0187 3072 NetDDEdsdm - ok
07:42:45.0593 3072 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:42:45.0671 3072 Netlogon - ok
07:42:46.0890 3072 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
07:42:47.0375 3072 Netman - ok
07:42:48.0296 3072 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:42:49.0203 3072 NetTcpPortSharing - ok
07:42:49.0750 3072 nhksrv (522215532916836b9ca19ee30658f3c1) C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
07:42:50.0093 3072 nhksrv - ok
07:42:51.0234 3072 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
07:42:51.0375 3072 Nla - ok
07:42:52.0546 3072 NMIndexingService (433049770b810d7c83c5c94cdb3e09d2) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
07:42:53.0828 3072 NMIndexingService - ok
07:42:54.0671 3072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:42:54.0796 3072 Npfs - ok
07:42:56.0859 3072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:42:57.0390 3072 Ntfs - ok
07:42:58.0343 3072 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:42:58.0421 3072 NtLmSsp - ok
07:42:59.0250 3072 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
07:42:59.0984 3072 NtmsSvc - ok
07:43:01.0187 3072 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
07:43:01.0562 3072 NuidFltr - ok
07:43:02.0437 3072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:43:02.0750 3072 Null - ok
07:43:06.0281 3072 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:43:09.0781 3072 nv - ok
07:43:10.0359 3072 NVSvc (0c41c4acfe00d826db479c40c1d9edc8) C:\WINDOWS\system32\nvsvc32.exe
07:43:10.0578 3072 NVSvc - ok
07:43:11.0203 3072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:43:11.0390 3072 NwlnkFlt - ok
07:43:12.0796 3072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:43:12.0859 3072 NwlnkFwd - ok
07:43:13.0296 3072 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:43:13.0781 3072 odserv - ok
07:43:14.0000 3072 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:43:14.0218 3072 ose - ok
07:43:14.0968 3072 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:43:15.0156 3072 Parport - ok
07:43:15.0718 3072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:43:15.0765 3072 PartMgr - ok
07:43:16.0500 3072 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:43:16.0734 3072 ParVdm - ok
07:43:17.0328 3072 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:43:17.0515 3072 PCI - ok
07:43:18.0171 3072 PCIDump - ok
07:43:19.0000 3072 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:43:19.0234 3072 PCIIde - ok
07:43:19.0828 3072 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:43:19.0921 3072 Pcmcia - ok
07:43:20.0718 3072 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
07:43:21.0546 3072 pcouffin - ok
07:43:22.0218 3072 PDCOMP - ok
07:43:23.0250 3072 PDFRAME - ok
07:43:25.0015 3072 PDRELI - ok
07:43:26.0015 3072 PDRFRAME - ok
07:43:26.0875 3072 perc2 - ok
07:43:27.0687 3072 perc2hib - ok
07:43:28.0906 3072 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
07:43:29.0734 3072 pfc - ok
07:43:30.0953 3072 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:43:31.0140 3072 PlugPlay - ok
07:43:32.0421 3072 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
07:43:32.0609 3072 Pml Driver HPZ12 - ok
07:43:34.0062 3072 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
07:43:34.0843 3072 Point32 - ok
07:43:35.0703 3072 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:43:35.0718 3072 PolicyAgent - ok
07:43:36.0500 3072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:43:36.0625 3072 PptpMiniport - ok
07:43:37.0828 3072 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:43:38.0015 3072 ProtectedStorage - ok
07:43:38.0906 3072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:43:39.0140 3072 PSched - ok
07:43:39.0750 3072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:43:39.0890 3072 Ptilink - ok
07:43:40.0437 3072 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:43:40.0671 3072 PxHelp20 - ok
07:43:41.0062 3072 ql1080 - ok
07:43:41.0453 3072 Ql10wnt - ok
07:43:42.0062 3072 ql12160 - ok
07:43:42.0500 3072 ql1240 - ok
07:43:43.0125 3072 ql1280 - ok
07:43:43.0609 3072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:43:43.0656 3072 RasAcd - ok
07:43:44.0328 3072 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
07:43:44.0406 3072 RasAuto - ok
07:43:45.0187 3072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:43:45.0437 3072 Rasl2tp - ok
07:43:46.0000 3072 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
07:43:46.0343 3072 RasMan - ok
07:43:46.0953 3072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:43:47.0046 3072 RasPppoe - ok
07:43:47.0843 3072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:43:48.0015 3072 Raspti - ok
07:43:48.0843 3072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:43:49.0093 3072 Rdbss - ok
07:43:49.0953 3072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:43:50.0015 3072 RDPCDD - ok
07:43:50.0531 3072 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:43:50.0953 3072 rdpdr - ok
07:43:51.0562 3072 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
07:43:51.0656 3072 RDPWD - ok
07:43:52.0312 3072 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
07:43:52.0421 3072 RDSessMgr - ok
07:43:53.0140 3072 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:43:53.0187 3072 redbook - ok
07:43:53.0609 3072 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
07:43:53.0625 3072 RemoteAccess - ok
07:43:54.0203 3072 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
07:43:54.0265 3072 RemoteRegistry - ok
07:43:54.0718 3072 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
07:43:55.0187 3072 RpcLocator - ok
07:43:55.0718 3072 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
07:43:55.0921 3072 RpcSs - ok
07:43:56.0562 3072 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
07:43:56.0703 3072 RSVP - ok
07:43:57.0390 3072 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
07:43:57.0500 3072 RTL8023xp - ok
07:43:57.0968 3072 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
07:43:57.0984 3072 rtl8139 - ok
07:43:58.0687 3072 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
07:43:58.0937 3072 s0016bus - ok
07:43:59.0562 3072 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
07:43:59.0656 3072 s0016mdfl - ok
07:44:00.0187 3072 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
07:44:00.0281 3072 s0016mdm - ok
07:44:00.0953 3072 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
07:44:01.0015 3072 s0016mgmt - ok
07:44:01.0437 3072 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
07:44:01.0453 3072 s0016nd5 - ok
07:44:02.0156 3072 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
07:44:02.0421 3072 s0016obex - ok
07:44:03.0171 3072 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
07:44:03.0265 3072 s0016unic - ok
07:44:03.0671 3072 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:44:03.0671 3072 SamSs - ok
07:44:04.0296 3072 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
07:44:04.0515 3072 SCardSvr - ok
07:44:05.0234 3072 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
07:44:05.0328 3072 Schedule - ok
07:44:05.0812 3072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:44:05.0859 3072 Secdrv - ok
07:44:06.0437 3072 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
07:44:06.0468 3072 seclogon - ok
07:44:06.0906 3072 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
07:44:07.0093 3072 seehcri - ok
07:44:07.0671 3072 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
07:44:07.0734 3072 SENS - ok
07:44:08.0187 3072 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:44:08.0250 3072 serenum - ok
07:44:08.0953 3072 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:44:08.0984 3072 Serial - ok
07:44:09.0421 3072 SetupNT (549ea830a5d9edd9cd14311126c2849b) C:\WINDOWS\system32\SetupNT.sys
07:44:09.0437 3072 SetupNT - ok
07:44:10.0109 3072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:44:10.0328 3072 Sfloppy - ok
07:44:11.0046 3072 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
07:44:11.0234 3072 SharedAccess - ok
07:44:11.0859 3072 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:44:11.0906 3072 ShellHWDetection - ok
07:44:12.0296 3072 Simbad - ok
07:44:12.0671 3072 Sparrow - ok
07:44:13.0265 3072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:44:13.0468 3072 splitter - ok
07:44:13.0890 3072 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
07:44:14.0125 3072 Spooler - ok
07:44:14.0656 3072 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:44:14.0734 3072 sr - ok
07:44:15.0421 3072 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
07:44:15.0671 3072 srservice - ok
07:44:16.0578 3072 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\System32\Drivers\N360\0601020.00A\SRTSP.SYS
07:44:16.0906 3072 SRTSP - ok
07:44:17.0671 3072 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\N360\0601020.00A\SRTSPX.SYS
07:44:17.0890 3072 SRTSPX - ok
07:44:18.0484 3072 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:44:18.0921 3072 Srv - ok
07:44:19.0375 3072 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
07:44:19.0468 3072 SSDPSRV - ok
07:44:20.0015 3072 StarOpen - ok
07:44:20.0656 3072 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
07:44:20.0828 3072 stisvc - ok
07:44:21.0468 3072 StreamDispatcher (0aaf9a073b37eda0f479a6aae76b0fbf) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
07:44:21.0687 3072 StreamDispatcher - ok
07:44:22.0359 3072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:44:22.0437 3072 swenum - ok
07:44:22.0890 3072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:44:22.0984 3072 swmidi - ok
07:44:23.0703 3072 SwPrv - ok
07:44:24.0406 3072 symc810 - ok
07:44:24.0781 3072 symc8xx - ok
07:44:25.0609 3072 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0601020.00A\SYMDS.SYS
07:44:25.0953 3072 SymDS - ok
07:44:27.0093 3072 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0601020.00A\SYMEFA.SYS
07:44:27.0671 3072 SymEFA - ok
07:44:28.0187 3072 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
07:44:28.0640 3072 SymEvent - ok
07:44:29.0343 3072 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0601020.00A\Ironx86.SYS
07:44:29.0406 3072 SymIRON - ok
07:44:30.0265 3072 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\N360\0601020.00A\SYMTDI.SYS
07:44:30.0609 3072 SYMTDI - ok
07:44:31.0140 3072 sym_hi - ok
07:44:31.0546 3072 sym_u3 - ok
07:44:32.0187 3072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:44:32.0265 3072 sysaudio - ok
07:44:32.0671 3072 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
07:44:32.0718 3072 SysmonLog - ok
07:44:33.0390 3072 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
07:44:33.0500 3072 TapiSrv - ok
07:44:34.0281 3072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:44:34.0578 3072 Tcpip - ok
07:44:35.0000 3072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:44:35.0203 3072 TDPIPE - ok
07:44:35.0796 3072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:44:35.0828 3072 TDTCP - ok
07:44:36.0250 3072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:44:36.0484 3072 TermDD - ok
07:44:37.0109 3072 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
07:44:37.0250 3072 TermService - ok
07:44:37.0859 3072 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:44:37.0921 3072 Themes - ok
07:44:38.0343 3072 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
07:44:38.0515 3072 TlntSvr - ok
07:44:39.0046 3072 TosIde - ok
07:44:39.0500 3072 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
07:44:39.0609 3072 TrkWks - ok
07:44:40.0546 3072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:44:40.0718 3072 Udfs - ok
07:44:41.0515 3072 ultra - ok
07:44:42.0406 3072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:44:42.0937 3072 Update - ok
07:44:43.0218 3072 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:44:43.0250 3072 uploadmgr - ok
07:44:43.0796 3072 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
07:44:43.0906 3072 upnphost - ok
07:44:44.0640 3072 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
07:44:44.0671 3072 UPS - ok
07:44:45.0343 3072 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
07:44:45.0578 3072 usbaudio - ok
07:44:46.0000 3072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:44:46.0109 3072 usbccgp - ok
07:44:46.0718 3072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:44:46.0765 3072 usbehci - ok
07:44:47.0281 3072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:44:47.0625 3072 usbhub - ok
07:44:48.0046 3072 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:44:48.0187 3072 usbprint - ok
07:44:48.0765 3072 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:44:48.0796 3072 usbscan - ok
07:44:49.0203 3072 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:44:49.0234 3072 USBSTOR - ok
07:44:49.0796 3072 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:44:49.0812 3072 usbuhci - ok
07:44:50.0250 3072 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
07:44:50.0265 3072 usb_rndisx - ok
07:44:50.0515 3072 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
07:44:50.0562 3072 usnjsvc - ok
07:44:51.0156 3072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:44:51.0171 3072 VgaSave - ok
07:44:51.0531 3072 ViaIde - ok
07:44:52.0093 3072 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:44:52.0359 3072 VolSnap - ok
07:44:52.0875 3072 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
07:44:53.0218 3072 VSS - ok
07:44:53.0656 3072 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
07:44:53.0750 3072 W32Time - ok
07:44:54.0421 3072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:44:54.0609 3072 Wanarp - ok
07:44:55.0218 3072 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
07:44:55.0718 3072 Wdf01000 - ok
07:44:56.0109 3072 WDICA - ok
07:44:56.0718 3072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:44:56.0765 3072 wdmaud - ok
07:44:57.0187 3072 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
07:44:57.0281 3072 WebClient - ok
07:44:58.0203 3072 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:44:58.0671 3072 winachsf - ok
07:44:59.0328 3072 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
07:44:59.0437 3072 winmgmt - ok
07:44:59.0890 3072 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
07:45:00.0296 3072 WLSetupSvc - ok
07:45:00.0687 3072 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
07:45:00.0703 3072 WmdmPmSN - ok
07:45:01.0546 3072 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
07:45:01.0828 3072 Wmi - ok
07:45:02.0453 3072 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:45:02.0750 3072 WmiApSrv - ok
07:45:03.0406 3072 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
07:45:03.0843 3072 WMPNetworkSvc - ok
07:45:04.0312 3072 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
07:45:04.0593 3072 wscsvc - ok
07:45:04.0984 3072 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
07:45:05.0171 3072 wuauserv - ok
07:45:05.0828 3072 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:45:05.0921 3072 WudfPf - ok
07:45:06.0375 3072 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
07:45:06.0531 3072 WudfSvc - ok
07:45:07.0359 3072 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
07:45:07.0656 3072 WZCSVC - ok
07:45:08.0296 3072 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
07:45:08.0359 3072 xmlprov - ok
07:45:08.0468 3072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:45:09.0234 3072 \Device\Harddisk0\DR0 - ok
07:45:09.0265 3072 Boot (0x1200) (65d2859eb2096c59decb06f3500bc8f5) \Device\Harddisk0\DR0\Partition0
07:45:09.0265 3072 \Device\Harddisk0\DR0\Partition0 - ok
07:45:09.0281 3072 ============================================================
07:45:09.0281 3072 Scan finished
07:45:09.0281 3072 ============================================================
07:45:09.0375 3968 Detected object count: 0
07:45:09.0375 3968 Actual detected object count: 0
07:47:27.0125 3788 Deinitialize success
Lead Me Not Into Temptation.....I Can Find the Way Myself !!!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 AM

Posted 31 March 2012 - 05:50 PM

That's clear so we can return to OTL now to clean up some (non-malware) entries.

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - (WDICA) -- File not found
DRV - (StarOpen) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1063995
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Can you now run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#11 Nonic

Nonic
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SYDNEY, AUSTRALIA
  • Local time:06:22 PM

Posted 01 April 2012 - 12:56 AM

Hi mOle
Thank you for your prompt reply. All actions have been completed as per the instructions in your last post. A copy of the OTL and MBAM Logs appear below. With thanks Nonic

========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service StarOpen stopped successfully!
Service StarOpen deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259F616C-A300-44F5-B04A-ED001A26C85C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A1063995 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.39.2 log created on 04012012_094508




Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.31.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Laurence :: PC [administrator]

1/04/2012 10:13:31 AM
mbam-log-2012-04-01 (10-13-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284947
Time elapsed: 4 hour(s), 12 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Lead Me Not Into Temptation.....I Can Find the Way Myself !!!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 AM

Posted 01 April 2012 - 03:14 AM

One more malware scan to go. Please go online and scan with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#13 Nonic

Nonic
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SYDNEY, AUSTRALIA
  • Local time:06:22 PM

Posted 02 April 2012 - 12:34 AM

Hi mOle
ESET OnlineScanner was downloaded without problems yesterday. When I ran it the scan it progressed OK until reaching the 7% mark then it simply stopped. I waited for 1hour 30 mins with the CPU usage constantly on 100%
and the only thing happening was the display of elapsed time. I decided to exit the program and reboot the PC. Unfortunately, on reboot the PC would not progress beyond the Windows Welcome screen. The audio associated with the Welcome screen was really weird - like the record was scratched !! Anyway, back to the Welcome screen- mouse pointer OK but no desk top icons, task bar start button etc. etc. As it was getting late I wanted to turn off the PC and retire for the day. Without the Start button I tried pressing the button on the front of the machine but nothing happened. I then chose [out of frustration] to turn off the power switch at the rear of the machine.
This morning I turned the on the power switch at the rear of the machine and pressed button on the front but the PC would not power up. In fact there was no evidence of any power being received by or to any part of the PC.
I had to leave home for two hours but on my return about mid morning I tried pressing the button on the front of the PC again and this time the machine started up. However, it was very slow in doing so and took a long time to load up - but it got there. The only thing I noticed different was the clock display in the bottom right hand corner was showing incorrect time. I manually adjust the time OK.
After disabling Norton Anti Virus Auto Protect I relaunched ESET OnlineScanner and watched it progress toward the 31% mark when it stopped functioning. After 1 hour 40 minutes there was no movement other than the elapsed time display but the CPU usage was at 100% for this entire time.
I stopped the program, rebooted the PC and relauched
ESET OnlineScanner for a third time. The scan progressed up to the 14% mark. I have now exited the program after it stalled for some time with the CPU usage at 100%. Not being sure of what to do next I thought it appropriate to send a report of the current situation to you for appraisal.
Your advice would be appreciated
Nonic









Lead Me Not Into Temptation.....I Can Find the Way Myself !!!

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 AM

Posted 02 April 2012 - 05:58 PM

There is clearly a hardware problem and often using a resource-heavy scan such as ESET flushes them out. The CPU problem plus the fact that we've never found any evidence of malware points to a more pressing problem.

This topic needs to be moved to a more appropriate forum so you can get some help diagnosing this fault. Here's the XP forum link

I will keep this topic open for five days and then close it as usual. If you need to contact me then please PM me.
Posted Image
m0le is a proud member of UNITE

#15 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:22 AM

Posted 04 April 2012 - 11:38 AM

Topic started in XP forum. . . closing this one.

http://www.bleepingcomputer.com/forums/topic448795.html

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users