Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE Ransomware, SafeModes=BSOD, HitmanPro a NoGo


  • This topic is locked This topic is locked
45 replies to this topic

#1 rinkman

rinkman

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 18 June 2013 - 02:21 PM

Hello,

 

I regret having to post about another ICE infection, but I think I've tried all the typical solutions. I'm running XP, 32 bit. With XP, I don't have the Repair Computer option in the Advance Options Menu. All three Safe Mode options produce a BSOD, with the same error...STOP: 0x0000007B (0xF789E524, 0xC0000034, 0x00000000, 0x00000000).

 

I've tried booting from a USB with HitmanPro 3.7, and while it seems to bypass the MBR, Windows starts and the ICE ransomware virus page appears as expected but the HitmanPro dialog box never appears. (I thought it odd though, that even though I downloaded the 32 bit version from Surfright, when the program created the bootable USB drive, it loaded two HitmanPro files: HitmanPro.exe and HitmanPro_x64.exe, as well as the Kickstarter.exe file. I tried deleting the HitmanPro_x64 and re-booting, but that didn't work.)

 

I've also booted from a DVD with Kaspersky and ran the scan a couple of times. It detected several Trojans, and said they were deleted, but that has not resolved the issue.

 

I read through Gringo's thread with Marcel85 (http://www.bleepingcomputer.com/forums/t/493133/infected-wdoj-ransomware-getting-repeated-blue-screens/ ) which seems very similar to my problem; I created the Reatogo boot CD and booted from that, and got the Reatogo desktop. I completed the Run Scan, but stopped short of using 'Run Fix' with the same code that Gringo posted.

 

Being connected or disconnected from the internet doesn't seem to make a difference. I'm at a loss. Any suggestions?



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:41 AM

Posted 18 June 2013 - 08:30 PM

Hello, we have posted your issue for our techs that handle these non booters. please be patient.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rinkman

rinkman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 19 June 2013 - 12:47 AM

Ok, standing by....

Thanks,



#4 readymade524

readymade524

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 19 June 2013 - 09:59 AM

Kaspersky Rescue Disc has a command line utility that I've used many times to get rid of ransomware.

 

Boot to the disc, open the terminal, type in "windowsunlocker" without the quotes, then follow the prompts. I think the first option is the one you want.

 

I can't remember if I used this on Windows XP or not, but it should still work.



#5 rinkman

rinkman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 19 June 2013 - 12:27 PM

Thanks readymade, but I did try that and no luck. Unforunately I don't know how I could copy and paste the report from the infected computer and post it here, but the report that's returned says everything was opened ok, and the shell is okay. I shut down the infected computer, do a normal reboot and the ransomware is still there. I don't know where it's living, but it has found a very good place to hide.



#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 24 June 2013 - 04:03 PM

Hello, rinkman.
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
     
     
    Step
     
    Try this please.  You will need a USB drive.
     
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Copy/paste the following command and press enter:
  •  
    dd if=/dev/sda of=mbr.txt bs=512 count=1
     
  • When done a file, mbr.txt, will be created on your USB drive. Please attach that file to your reply. 
  •  
     
    Please note - all text entries are case sensitive
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #7 boopme

    boopme

      To Insanity and Beyond


    • Global Moderator
    • 73,416 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:NJ USA
    • Local time:04:41 AM

    Posted 24 June 2013 - 08:24 PM

    Hello, just letting you know I moved this topic to here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.


    How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

    #8 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:41 AM

    Posted 28 June 2013 - 08:15 AM

    Hi, do you still need help?



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #9 rinkman

    rinkman
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Local time:04:41 AM

    Posted 28 June 2013 - 12:03 PM

    Yes, definitely :) I'll need a several minutes to set up my computer here at work and conduct the steps above......

    Attached is the mbr.text file.Attached File  mbr.txt   512bytes   7 downloads

    Edited by rinkman, 28 June 2013 - 12:39 PM.


    #10 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:41 AM

    Posted 28 June 2013 - 01:16 PM

    Hello, rinkman.
     
    Step
     
    Your MBR looks OK so we've ruled out one source.
     
  • Please download http://noahdfear.net/downloads/driver.sh to your xPud USB from your working computer.
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt
  •  
    Please note - all text entries are case sensitive
     
    Copy and paste the report.txt for my review
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #11 rinkman

    rinkman
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Local time:04:41 AM

    Posted 28 June 2013 - 01:56 PM

    I tried opening the file, but only the date/time of the report appeared, thus I've attached the file: Attached File  report.txt   29bytes   1 downloads

    #12 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:41 AM

    Posted 28 June 2013 - 04:01 PM

    OK, please delete your copy of drivers.sh and replace it with the one attached here and please try to run it again.

     

    -etavares

     

    EDIT>  can't attach it as drivers.sh, please rename from driver.txt to driver.sh once you save it.

    Attached Files


    Edited by etavares, 28 June 2013 - 04:03 PM.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #13 rinkman

    rinkman
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Local time:04:41 AM

    Posted 28 June 2013 - 04:36 PM

    Done. I didn't delete the previous report.txt file. I assume it was overwritten? Attached File  report.txt   43.7KB   3 downloads

    #14 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:41 AM

    Posted 29 June 2013 - 12:17 PM

    OK, that looks OK.  I wanted to check for rootkits before we stop the ransomware from booting.  Now, you mentioned you have OTLPE installed and ran a scan?  Can you please post that log here?

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #15 rinkman

    rinkman
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Local time:04:41 AM

    Posted 29 June 2013 - 04:26 PM

    Here you go....

     

    OTL logfile created on: 6/29/2013 7:20:46 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 349.53 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
    Drive D: | 3.72 Gb Total Space | 3.66 Gb Free Space | 98.33% Space Free | Partition Type: FAT32
    Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
     
    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet003
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - File not found [On_Demand] --  -- (stllssvr)
    SRV - File not found [Auto] --  -- (RoxLiveShare9)
    SRV - File not found [Auto] --  -- (Roxio Upnp Server 9)
    SRV - File not found [On_Demand] --  -- (Roxio UPnP Renderer 9)
    SRV - File not found [On_Demand] --  -- (AppMgmt)
    SRV - [2013/06/11 19:45:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
    SRV - [2013/02/20 08:38:08 | 000,093,984 | ---- | M] (Conduit) [Auto] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
    SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2012/06/19 15:12:28 | 000,645,088 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
    DRV - File not found [Kernel | System] --  -- (PCIDump)
    DRV - File not found [Kernel | System] --  -- (lbrtfdc)
    DRV - File not found [Kernel | System] --  -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand] --  -- (esgiguard)
    DRV - File not found [Kernel | System] --  -- (Changer)
    DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
    DRV - [2013/05/21 23:47:38 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130618.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2013/05/21 23:47:38 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130618.003\NAVENG.SYS -- (NAVENG)
    DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symds.sys -- (SymDS)
    DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\Drivers\N360\1404000.028\SRTSP.SYS -- (SRTSP)
    DRV - [2013/04/24 20:43:56 | 000,396,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\N360\1404000.028\SYMTDI.SYS -- (SYMTDI)
    DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360)
    DRV - [2013/03/04 21:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\1404000.028\Ironx86.SYS -- (SymIRON)
    DRV - [2013/03/04 21:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\1404000.028\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2013/01/19 13:25:16 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2013/01/18 17:43:10 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130615.001\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2013/01/18 02:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/08/08 23:43:08 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/06/19 14:59:13 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
    DRV - [2011/02/14 03:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2007/12/18 01:17:52 | 000,033,792 | R--- | M] (TASCAM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tscusb2a.sys -- (TASCAM_US144_WDM)
    DRV - [2007/12/18 01:17:52 | 000,018,944 | R--- | M] (TASCAM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tscusb2m.sys -- (TASCAM_US144_MIDI)
    DRV - [2007/12/18 01:17:50 | 000,360,448 | R--- | M] (TASCAM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tascusb2.sys -- (TASCAM_US122144)
    DRV - [2007/07/16 20:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/10/12 02:29:54 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
     
    IE - HKU\Ray_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
    IE - HKU\Ray_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\Ray_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    IE - HKU\Ray_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/06/18 16:19:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2013/01/19 13:30:00 | 000,000,000 | ---D | M]
     
     
    O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
    O3 - HKU\Ray_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKLM..\Run: [UserFaultCheck]  File not found
    O4 - HKU\.DEFAULT..\Run: [SearchProtect]  File not found
    O4 - HKU\Ray_ON_C..\Run: [BYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Ray_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://dc1-vpn-1.ncstate.net/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1331488209687 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1331488613765 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://dc1-vpn-2.ncstate.net/CACHE/stc/5/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKU\Ray_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/03/10 17:11:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{1546a921-6b74-11e1-9475-ba67e43ae0f0}\Shell - "" = AutoRun
    O33 - MountPoints2\{1546a921-6b74-11e1-9475-ba67e43ae0f0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1546a921-6b74-11e1-9475-ba67e43ae0f0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{2df256f9-e773-11e1-94d7-001d099e60d0}\Shell - "" = AutoRun
    O33 - MountPoints2\{2df256f9-e773-11e1-94d7-001d099e60d0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2df256f9-e773-11e1-94d7-001d099e60d0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{2df256fc-e773-11e1-94d7-001d099e60d0}\Shell - "" = AutoRun
    O33 - MountPoints2\{2df256fc-e773-11e1-94d7-001d099e60d0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2df256fc-e773-11e1-94d7-001d099e60d0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
    O33 - MountPoints2\{44d4f79a-43ab-11e2-9521-001d099e60d0}\Shell - "" = AutoRun
    O33 - MountPoints2\{44d4f79a-43ab-11e2-9521-001d099e60d0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{44d4f79a-43ab-11e2-9521-001d099e60d0}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/06/17 20:15:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
    [2013/06/07 12:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Start Menu\Programs\ADDS Desktop Apps
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/06/19 13:36:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/06/19 13:34:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\TidyNetwork Update.job
    [2013/06/19 13:31:41 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
    [2013/06/19 13:31:36 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
    [2013/06/19 13:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
    [2013/06/19 13:31:06 | 000,630,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\Cat.DB
    [2013/06/18 18:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-963894560-839522115-1004UA.job
    [2013/06/18 18:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/06/18 18:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
    [2013/06/17 00:12:01 | 001,097,661 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\2433f433
    [2013/06/17 00:12:01 | 001,097,634 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\2433f433
    [2013/06/17 00:12:01 | 001,097,626 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2433f433
    [2013/06/16 20:44:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-963894560-839522115-1004Core.job
    [2013/06/16 17:55:00 | 000,195,744 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2013/06/14 06:12:42 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
    [2013/06/12 02:22:03 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
    [2013/06/11 19:45:02 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/06/11 19:45:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/06/08 18:14:28 | 000,021,577 | ---- | M] () -- C:\Documents and Settings\Ray\.hemsFavorites.dat
    [2013/06/07 12:58:20 | 000,001,818 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\ADDS HEMS Tool.lnk
    [2013/06/05 21:48:32 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/06/05 21:48:31 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Google Chrome.lnk
    [2013/06/04 02:36:13 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\isolate.ini
    [2013/06/03 17:19:01 | 000,001,724 | -H-- | M] () -- C:\Documents and Settings\Ray\My Documents\Default.rdp
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/06/17 00:12:01 | 001,097,661 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\2433f433
    [2013/06/17 00:12:01 | 001,097,634 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\2433f433
    [2013/06/17 00:12:01 | 001,097,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2433f433
    [2013/03/05 12:34:12 | 000,033,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uninstaller.exe
    [2013/01/22 15:54:37 | 000,749,456 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\rx_image.Cache
    [2013/01/22 15:16:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2013/01/09 19:43:46 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
    [2013/01/09 19:43:35 | 000,018,252 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sound.mp3
    [2013/01/09 19:43:30 | 000,114,890 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
    [2012/12/11 13:27:56 | 004,132,864 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi
    [2012/04/13 10:23:15 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/05 23:10:21 | 003,235,066 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-963894560-839522115-1004-0.dat
    [2012/04/05 23:10:20 | 000,215,718 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/04/05 18:42:51 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2012/03/25 06:55:14 | 000,021,577 | ---- | C] () -- C:\Documents and Settings\Ray\.hemsFavorites.dat
    [2012/03/14 14:13:09 | 000,147,616 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
    [2012/03/14 14:13:08 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
    [2012/03/12 15:38:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/03/12 12:53:22 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/10 17:12:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2012/03/10 17:09:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2012/03/10 11:19:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2012/03/10 11:18:47 | 000,199,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/07/26 00:48:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/07/26 00:48:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2008/07/26 00:48:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/07/26 00:48:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2008/07/26 00:48:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/07/26 00:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/07/26 00:48:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2008/07/26 00:48:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2008/07/26 00:48:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/06/11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/06/11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/06/05 07:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2006/08/15 15:54:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/07/15 14:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
    [2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2005/03/22 14:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/03/22 14:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 06:00:00 | 000,484,572 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 06:00:00 | 000,080,842 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
     
    ========== LOP Check ==========
     
    [2012/07/01 13:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Amazon
    [2012/03/12 22:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\DriverCure
    [2012/03/12 23:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ParetoLogic
    [2013/03/05 13:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\PriceGong
    [2012/12/26 23:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Publish Providers
    [2013/03/05 12:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\SearchProtect
    [2013/01/05 01:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Sony
    [2013/01/05 01:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Sony Creative Software Inc
    [2012/03/12 22:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\SpeedyPC Software
    [2012/06/04 19:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
    [2013/01/17 19:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2013/01/05 01:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2012/03/12 22:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
    [2013/06/14 06:12:42 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Pro.job
    [2013/06/18 18:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Registration3.job
    [2013/06/19 13:31:41 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job
    [2013/06/12 02:22:03 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Update Version3.job
    [2013/06/19 13:34:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\TidyNetwork Update.job
     
    ========== Purity Check ==========
     
     
    < End of report >
     






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users