Jump to content


Photo

computer freezing for no reason


  • This topic is locked This topic is locked
73 replies to this topic

#1 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 07 February 2012 - 08:48 PM

I got an email saying I was going to get hacked, can someone check for me please

logs enclosed
thank you

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: DELL-530 [administrator]

Protection: Enabled

08/02/2012 01:00:16
mbam-log-2012-02-08 (01-00-16).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251304
Time elapsed: 41 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
-----------------------
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by Chris at 1:43:02 on 2012-02-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1254 [GMT 0:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.visagecomputers.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [GoTrusted] c:\program files\gotrusted.com\gotrusted secure tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DhcpNameServer = 192.168.0.203
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\1zmebzuf.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\symds.sys [2012-2-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\symefa.sys [2012-2-2 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120121.002\BHDrvx86.sys [2012-1-23 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys [2012-2-2 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120207.005\IDSvix86.sys [2012-2-7 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\ironx86.sys [2012-2-2 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys [2012-2-2 345208]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-26 652360]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.0.145\ccsvchst.exe [2012-2-2 138248]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-5 106104]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-26 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-8 40776]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-1-22 80184]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-1-22 181432]
.
=============== Created Last 30 ================
.
2012-02-08 01:00:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-08 00:30:35 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2012-02-08 00:30:16 -------- d-----w- c:\program files\common files\xing shared
2012-02-08 00:30:00 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-02-08 00:29:52 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2012-02-08 00:23:14 -------- d-----w- c:\users\chris\appdata\local\{E0528845-44CA-41C4-B0C4-4D7F8D56594F}
2012-02-08 00:22:49 -------- d-----w- c:\users\chris\appdata\local\{1B4E20A7-D4EF-48F9-BE51-E5E1CBE27ACB}
2012-02-08 00:13:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-08 00:13:38 834800 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2012-02-08 00:13:28 269272 ----a-w- c:\program files\mozilla firefox\updater.exe
2012-02-08 00:13:28 20952 ----a-w- c:\program files\mozilla firefox\plds4.dll
2012-02-08 00:13:28 19928 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2012-02-08 00:13:28 170968 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2012-02-08 00:13:28 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-02-08 00:13:28 16112600 ----a-w- c:\program files\mozilla firefox\xul.dll
2012-02-08 00:13:28 154584 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2012-02-08 00:13:28 105432 ----a-w- c:\program files\mozilla firefox\smime3.dll
2012-02-08 00:13:27 22488 ----a-w- c:\program files\mozilla firefox\plc4.dll
2012-02-07 18:53:00 -------- d-----w- c:\users\chris\appdata\local\{54F03B7A-B2AA-4A1C-9E8C-93E36EE50C40}
2012-02-07 06:52:37 -------- d-----w- c:\users\chris\appdata\local\{56D9AEB0-4E74-4A77-89F6-95B651228B49}
2012-02-07 06:52:27 -------- d-----w- c:\users\chris\appdata\local\{CBD0075F-FA49-4823-96AA-B52A0250AA3D}
2012-02-06 18:52:01 -------- d-----w- c:\users\chris\appdata\local\{CCC1DBF0-19C3-4CBE-93F0-C1AF276591B2}
2012-02-06 18:51:39 -------- d-----w- c:\users\chris\appdata\local\{31996A4D-6C2B-4E39-A007-C8D20D70D815}
2012-02-05 04:53:26 -------- d-----w- c:\users\chris\appdata\local\{38FD4D69-C347-45C4-B681-57019A7E74E0}
2012-02-05 04:53:15 -------- d-----w- c:\users\chris\appdata\local\{1D378909-938F-47FC-A1B5-72D8852F51B1}
2012-02-04 16:31:17 -------- d-----w- c:\users\chris\appdata\local\{25482C31-9C7B-4EDB-9C8B-F607E5C34AFA}
2012-02-04 16:30:59 -------- d-----w- c:\users\chris\appdata\local\{65363472-03D0-49C5-B864-345D2897EA4A}
2012-02-03 16:18:33 -------- d-----w- c:\users\chris\appdata\local\{71ECCB6B-FE5D-4557-8886-0847ECA58320}
2012-02-03 16:18:22 -------- d-----w- c:\users\chris\appdata\local\{B8907991-2F13-44A7-BB02-B81B4E5280ED}
2012-02-03 03:07:48 -------- d-----w- c:\users\chris\appdata\local\{9EA56D90-105D-41A1-A1A3-727FE686EEB9}
2012-02-03 03:07:37 -------- d-----w- c:\users\chris\appdata\local\{B80FED89-FBC1-4B91-9F2B-7AB3BABECE38}
2012-02-02 19:44:37 905336 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symefa.sys
2012-02-02 19:44:37 574584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys
2012-02-02 19:44:37 345208 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys
2012-02-02 19:44:37 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symds.sys
2012-02-02 19:44:37 32888 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys
2012-02-02 19:44:37 318584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symnets.sys
2012-02-02 19:44:37 149624 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ironx86.sys
2012-02-02 19:44:37 132744 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys
2012-02-02 19:44:24 4782 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symvtcer.dat
2012-02-02 19:44:24 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091
2012-02-02 15:07:25 -------- d-----w- c:\users\chris\appdata\local\{084DAFAF-1B46-4EEB-AD1E-D323E4085A6D}
2012-02-02 15:07:14 -------- d-----w- c:\users\chris\appdata\local\{E1B7E9AE-998D-4D2D-BC15-EA1A454AD527}
2012-02-01 16:58:34 -------- d-----w- c:\users\chris\appdata\local\{1879DEEC-C151-4B9C-BCA7-2099F7FE8B7F}
2012-02-01 16:58:23 -------- d-----w- c:\users\chris\appdata\local\{98943390-E338-4980-A12F-BF158D2AA45F}
2012-02-01 03:39:46 -------- d-----w- c:\users\chris\appdata\local\{EF689DE2-5067-4F03-B682-D07A5F94C8CB}
2012-02-01 03:39:35 -------- d-----w- c:\users\chris\appdata\local\{0CEBE423-0F1B-49A0-8F2B-0AA3FECCD30B}
2012-01-31 15:39:22 -------- d-----w- c:\users\chris\appdata\local\{68802E08-8222-45F7-A9C9-A1023428A084}
2012-01-31 15:39:05 -------- d-----w- c:\users\chris\appdata\local\{7EFAAE56-5E92-4349-AE86-879988F25D12}
2012-01-30 13:50:58 -------- d-----w- c:\users\chris\appdata\local\{7FE5DE75-648C-4A13-B042-487EA392F38F}
2012-01-30 13:50:36 -------- d-----w- c:\users\chris\appdata\local\{3E922CBE-648E-4934-AA9D-1DC59F158F03}
2012-01-30 01:50:24 -------- d-----w- c:\users\chris\appdata\local\{87CF905F-B7A2-45C3-AD37-BF315E5F41E7}
2012-01-30 01:50:13 -------- d-----w- c:\users\chris\appdata\local\{4ECA7042-711B-4F7E-83EF-4802BEF0CB26}
2012-01-29 14:06:41 -------- d-----w- c:\users\chris\appdata\roaming\uTorrent
2012-01-29 14:04:56 -------- d-----w- c:\program files\PeerBlock
2012-01-29 13:50:01 -------- d-----w- c:\users\chris\appdata\local\{477FEEAF-920F-4922-94D1-A598E95C02BB}
2012-01-29 13:49:50 -------- d-----w- c:\users\chris\appdata\local\{90F5B955-EFDA-4CE4-8411-17284D06F23C}
2012-01-28 18:51:25 -------- d-----w- c:\users\chris\appdata\local\{D0ACD056-CDDC-49A4-80A5-4E96F59AB6AE}
2012-01-28 18:51:12 -------- d-----w- c:\users\chris\appdata\local\{7B1DE6EF-E177-4F47-8F7C-841B59B78DFD}
2012-01-22 19:19:23 -------- d-----w- c:\users\chris\appdata\roaming\Temp
2012-01-22 19:14:23 -------- d-----w- C:\Temp
2012-01-22 19:02:57 -------- d-----w- c:\users\chris\appdata\local\Samsung
2012-01-22 19:02:52 -------- d-----w- c:\users\chris\appdata\roaming\Samsung
2012-01-22 19:01:55 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-01-22 19:01:54 80184 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-01-22 18:59:38 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-22 18:59:06 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-22 18:59:06 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-01-22 18:59:06 -------- d-----w- c:\program files\MarkAny
2012-01-22 18:58:35 -------- d-----w- c:\programdata\Samsung
2012-01-22 18:58:35 -------- d-----w- c:\program files\Samsung
2012-01-22 18:57:26 -------- d-----w- c:\users\chris\appdata\local\Downloaded Installations
2012-01-17 10:07:32 -------- d-----w- c:\programdata\abelhadigital.com
2012-01-14 07:40:31 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-14 07:40:31 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-14 07:40:30 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-14 07:40:30 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-14 07:40:30 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-14 07:40:30 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 04:49:11 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 04:49:11 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 04:49:09 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 04:49:08 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 04:49:07 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 04:49:06 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 04:49:05 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 04:49:04 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 03:53:04 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-11 03:51:20 -------- d-----w- c:\users\chris\appdata\local\temp
2012-01-10 18:25:42 -------- d-----w- c:\users\chris\appdata\local\{5279DFE8-A1B3-4B68-AF5D-DD540F444925}
2012-01-10 18:25:31 -------- d-----w- c:\users\chris\appdata\local\{A427EE95-452E-4CBF-A1F9-A74621175D23}
2012-01-09 17:40:52 -------- d-----w- c:\users\chris\appdata\local\{4ED886A2-A1F0-4A81-96A5-3EC9128AF36A}
2012-01-09 17:40:41 -------- d-----w- c:\users\chris\appdata\local\{60AE7B18-CEA1-46E8-80E6-112AC2D7859C}
2012-01-09 05:40:29 -------- d-----w- c:\users\chris\appdata\local\{AA316BE9-43CA-4FB5-9048-95CCF3CA0CA1}
2012-01-09 05:40:18 -------- d-----w- c:\users\chris\appdata\local\{E3613885-B772-4EFB-97FF-D1CD0723D797}
.
==================== Find3M ====================
.
2012-02-08 00:29:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-08 00:29:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-02 19:44:42 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-28 14:52:30 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-12-28 14:52:30 47360 ----a-w- c:\users\chris\appdata\roaming\pcouffin.sys
2011-12-26 22:37:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-26 22:04:34 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-26 22:04:34 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-26 21:37:26 98816 ----a-w- c:\windows\system32\mfps.dll
2011-12-23 20:58:28 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 1:43:42.94 ===============
Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Secunia PSI (2.0.0.4003)
CCleaner
Java™ 6 Update 30
Java™ 7 Update 2
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox 10.0. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 08 February 2012 - 06:24 PM

Hello Butters7.

Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 09 February 2012 - 01:41 AM

hi
its still slow and hanging sometimes and not responding

ComboFix 12-02-08.02 - Chris 09/02/2012 6:28.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1925 [GMT 0:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Local\temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\users\Chris\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 06:33 . 2012-02-09 06:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 00:30 . 2012-02-08 00:30 11776 ----a-w- c:\program files\Mozilla Firefox\Plugins\nprjplug.dll
2012-02-08 00:30 . 2012-02-08 00:30 -------- d-----w- c:\program files\Common Files\xing shared
2012-02-08 00:30 . 2012-02-08 00:30 150696 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppl3260.dll
2012-02-08 00:29 . 2012-02-08 00:29 108544 ----a-w- c:\program files\Mozilla Firefox\Plugins\nprpjplug.dll
2012-02-08 00:13 . 2012-01-29 16:13 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-08 00:13 . 2012-01-29 16:13 834800 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2012-02-08 00:13 . 2012-01-29 16:13 269272 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2012-02-08 00:13 . 2012-01-29 16:13 20952 ----a-w- c:\program files\Mozilla Firefox\plds4.dll
2012-02-08 00:13 . 2012-01-29 16:13 19928 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2012-02-08 00:13 . 2012-01-29 16:13 170968 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll
2012-02-08 00:13 . 2012-01-29 16:13 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2012-02-08 00:13 . 2012-01-29 16:13 16112600 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2012-02-08 00:13 . 2012-01-29 16:13 154584 ----a-w- c:\program files\Mozilla Firefox\ssl3.dll
2012-02-08 00:13 . 2012-01-29 16:13 105432 ----a-w- c:\program files\Mozilla Firefox\smime3.dll
2012-02-08 00:13 . 2012-01-29 16:13 22488 ----a-w- c:\program files\Mozilla Firefox\plc4.dll
2012-02-02 19:44 . 2012-02-04 16:14 -------- d-----w- c:\windows\system32\drivers\NIS\1305000.091
2012-01-29 14:06 . 2012-02-08 00:55 -------- d-----w- c:\users\Chris\AppData\Roaming\uTorrent
2012-01-29 14:04 . 2012-01-29 17:58 -------- d-----w- c:\program files\PeerBlock
2012-01-22 19:14 . 2012-02-08 00:27 -------- d-----w- C:\Temp
2012-01-22 19:02 . 2012-01-22 19:02 -------- d-----w- c:\users\Chris\AppData\Local\Samsung
2012-01-22 19:02 . 2012-01-22 19:02 -------- d-----w- c:\users\Chris\AppData\Roaming\Samsung
2012-01-22 19:01 . 2011-12-08 04:22 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-01-22 19:01 . 2011-12-08 04:22 80184 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-01-22 18:59 . 2011-12-23 20:58 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-22 18:59 . 2012-01-22 18:59 -------- d-----w- c:\program files\MarkAny
2012-01-22 18:59 . 2011-12-23 20:58 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-22 18:59 . 2011-12-23 20:58 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-01-22 18:58 . 2012-01-22 19:00 -------- d-----w- c:\program files\Samsung
2012-01-22 18:58 . 2012-01-22 18:59 -------- d-----w- c:\programdata\Samsung
2012-01-22 18:57 . 2012-01-22 18:57 -------- d-----w- c:\users\Chris\AppData\Local\Downloaded Installations
2012-01-17 10:07 . 2012-01-18 06:20 -------- d-----w- c:\programdata\abelhadigital.com
2012-01-14 07:40 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-14 07:40 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-14 07:40 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-14 07:40 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-14 07:40 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-14 07:40 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 04:49 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 04:49 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 04:49 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 04:49 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 04:49 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 04:49 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 04:49 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 04:49 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 03:51 . 2012-02-09 06:36 -------- d-----w- c:\users\Chris\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 00:29 . 2008-10-23 12:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-08 00:29 . 2008-10-23 12:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-02 19:44 . 2011-12-26 21:17 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-28 14:52 . 2011-12-28 14:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-12-28 14:52 . 2011-12-28 14:52 47360 ----a-w- c:\users\Chris\AppData\Roaming\pcouffin.sys
2011-12-26 22:44 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-26 22:37 . 2011-12-26 22:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-26 22:04 . 2011-12-26 22:04 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-26 22:04 . 2011-12-26 22:00 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-26 21:38 . 2011-12-26 21:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-26 21:38 . 2011-12-26 21:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-26 21:38 . 2011-12-26 21:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-26 21:38 . 2011-12-26 21:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-12-26 21:38 . 2011-12-26 21:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-12-26 21:38 . 2011-12-26 21:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-26 21:38 . 2011-12-26 21:38 367104 ----a-w- c:\windows\system32\html.iec
2011-12-26 21:38 . 2011-12-26 21:38 161792 ----a-w- c:\windows\system32\msls31.dll
2011-12-26 21:38 . 2011-12-26 21:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-26 21:38 . 2011-12-26 21:38 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-26 21:38 . 2011-12-26 21:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-12-26 21:38 . 2011-12-26 21:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-12-26 21:38 . 2011-12-26 21:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-26 21:38 . 2011-12-26 21:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-26 21:38 . 2011-12-26 21:38 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-12-26 21:38 . 2011-12-26 21:38 152064 ----a-w- c:\windows\system32\wextract.exe
2011-12-26 21:38 . 2011-12-26 21:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-12-26 21:38 . 2011-12-26 21:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-26 21:38 . 2011-12-26 21:38 11776 ----a-w- c:\windows\system32\mshta.exe
2011-12-26 21:38 . 2011-12-26 21:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-26 21:38 . 2011-12-26 21:38 101888 ----a-w- c:\windows\system32\admparse.dll
2011-12-26 21:37 . 2011-12-26 21:37 98816 ----a-w- c:\windows\system32\mfps.dll
2011-12-26 21:37 . 2011-12-26 21:37 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-12-26 21:37 . 2011-12-26 21:37 586240 ----a-w- c:\windows\system32\stobject.dll
2011-12-26 21:37 . 2011-12-26 21:37 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-12-26 21:37 . 2011-12-26 21:37 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-12-26 21:37 . 2011-12-26 21:37 2873344 ----a-w- c:\windows\system32\mf.dll
2011-12-26 21:37 . 2011-12-26 21:37 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-12-26 21:37 . 2011-12-26 21:37 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-12-26 21:37 . 2011-12-26 21:37 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-12-26 21:37 . 2011-12-26 21:37 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-12-26 21:37 . 2011-12-26 21:37 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-12-26 21:37 . 2011-12-26 21:37 37376 ----a-w- c:\windows\system32\cdd.dll
2011-12-26 21:37 . 2011-12-26 21:37 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-12-26 21:37 . 2011-12-26 21:37 258048 ----a-w- c:\windows\system32\winspool.drv
2011-12-26 21:37 . 2011-12-26 21:37 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-12-23 20:58 . 2011-12-23 20:58 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-12-23 20:58 . 2011-12-23 20:58 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-12-23 20:58 . 2011-12-23 20:58 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-12-23 20:58 . 2011-12-23 20:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 20:58 . 2011-12-23 20:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 20:58 . 2011-12-23 20:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 20:58 . 2011-12-23 20:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 20:58 . 2011-12-23 20:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 20:58 . 2011-12-23 20:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 20:58 . 2011-12-23 20:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 20:58 . 2011-12-23 20:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 20:58 . 2011-12-23 20:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 20:58 . 2011-12-23 20:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 20:58 . 2011-12-23 20:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 20:58 . 2011-12-23 20:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 20:58 . 2011-12-23 20:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 20:58 . 2011-12-23 20:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 20:58 . 2011-12-23 20:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 20:58 . 2011-12-23 20:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 20:58 . 2011-12-23 20:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 20:58 . 2011-12-23 20:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 20:58 . 2011-12-23 20:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 20:58 . 2011-12-23 20:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 20:58 . 2011-12-23 20:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 20:58 . 2011-12-23 20:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 20:58 . 2011-12-23 20:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 20:58 . 2011-12-23 20:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 20:58 . 2011-12-23 20:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-23 20:58 . 2011-02-04 12:38 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2011-12-10 15:24 . 2011-12-26 22:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37 . 2011-12-26 21:21 2043904 ----a-w- c:\windows\system32\win32k.sys
2012-01-29 16:13 . 2012-02-08 00:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"GoTrusted"="c:\program files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe" [2011-08-23 193096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-08 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.visagecomputers.co.uk/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1zmebzuf.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 06:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Secunia\PSI\sua.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-02-09 06:39:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 06:39
.
Pre-Run: 222,901,235,712 bytes free
Post-Run: 222,928,711,680 bytes free
.
- - End Of File - - 1E34C98BC05F591C43F5A4115DED2897

#4 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 09 February 2012 - 04:32 AM

Norton found combofix after I put my AV back on and its quarantined it
when I scanned it before I opened it was clear?

Trojan.ADH.2

also C:\Windows\NIRCMD.exe got quarantined?

Edited by Butters7, 09 February 2012 - 12:37 PM.


#5 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 09 February 2012 - 01:08 PM

ComboFix is a powerful program that uses some rootkit-like techniques. It's unfortunate that Norton is targeting it but the Trojan.ADH.2 detection is a false positive. Norton finds that trojan in many harmless and trusted programs. They are aware of this but doing nothing. http://www.symantec....0727-99&tabid=2
Can you configure Norton to ignore ComboFix?

Some questions for you:
How log has the PC been slow? Did this start suddenly?
Is it only slow when browsing?

You have a number of things that could significantly slow up your PC.

GoTrusted Secure Tunnel will tend to cut your browsing speed roughly in half but I believe will not slow offline use when you are not connected to internet.

Norton is notorious for slowing PC and using excessive resources. I suggest that you uninstall Norton and install free version of Avast instead. Avast has support for VPN. http://www.gotrusted.com/support.php
If you do this you should enable the Windows Firewall.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#6 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 09 February 2012 - 03:08 PM

ComboFix is a powerful program that uses some rootkit-like techniques. It's unfortunate that Norton is targeting it but the Trojan.ADH.2 detection is a false positive. Norton finds that trojan in many harmless and trusted programs. They are aware of this but doing nothing. http://www.symantec....0727-99&tabid=2
Can you configure Norton to ignore ComboFix?

Some questions for you:
How log has the PC been slow? Did this start suddenly?
Is it only slow when browsing?

You have a number of things that could significantly slow up your PC.

GoTrusted Secure Tunnel will tend to cut your browsing speed roughly in half but I believe will not slow offline use when you are not connected to internet.

Norton is notorious for slowing PC and using excessive resources. I suggest that you uninstall Norton and install free version of Avast instead. Avast has support for VPN. http://www.gotrusted.com/support.php
If you do this you should enable the Windows Firewall.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.



its been last few days since got an email saying I would be hacked
I play BJ and the cards when dealt stutter, something is not right- are my logs clear?

MiniToolBox by Farbar Version: 18-01-2012
Ran by Chris (administrator) on 09-02-2012 at 20:07:13
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/09/2012 08:05:41 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 10.0.0.4411 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e0c
Start Time: 01cce6f8bc9660c8
Termination Time: 72

Error: (02/09/2012 05:40:48 PM) (Source: Microsoft-Windows-RestartManager) (User: Chris)Chris
Description: 0SAVAdminService.exeSophos Anti-Virus status reporter03026217846720

Error: (02/09/2012 05:40:48 PM) (Source: Microsoft-Windows-RestartManager) (User: Chris)Chris
Description: 0SavService.exeSophos Anti-Virus03026217856120

Error: (02/09/2012 06:37:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2012 06:32:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2012 00:35:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2012 00:23:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2012 02:06:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2012 07:29:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2012 03:42:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/09/2012 05:04:00 PM) (Source: Service Control Manager) (User: )
Description: Sophos AutoUpdate Service

Error: (02/09/2012 09:09:17 AM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (02/09/2012 06:33:57 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (02/09/2012 06:30:27 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (02/09/2012 06:28:01 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (02/08/2012 02:51:14 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (02/08/2012 00:34:05 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (02/07/2012 07:50:03 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.2 for the Network Card with network address 001EC982BAAF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/07/2012 00:29:33 AM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (02/05/2012 00:21:34 PM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits. The data is the error.


Microsoft Office Sessions:
=========================
Error: (02/09/2012 08:05:41 PM) (Source: Application Hang)(User: )
Description: firefox.exe10.0.0.4411e0c01cce6f8bc9660c872

Error: (02/09/2012 05:40:48 PM) (Source: Microsoft-Windows-RestartManager)(User: Chris)Chris
Description: 0SAVAdminService.exeSophos Anti-Virus status reporter03026217846720

Error: (02/09/2012 05:40:48 PM) (Source: Microsoft-Windows-RestartManager)(User: Chris)Chris
Description: 0SavService.exeSophos Anti-Virus03026217856120

Error: (02/09/2012 06:37:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2012 06:32:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2012 00:35:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2012 00:23:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2012 02:06:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2012 07:29:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2012 03:42:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.183.11)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
CCleaner (Version: 3.14)
ConvertXtoDVD 4.0.9.322 (Version: 4.0.9.322)
D3DX10 (Version: 15.4.2368.0902)
EasyBCD 1.7 (Version: 1.7)
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04] (Version: 1.0)
FileHippo.com Update Checker
GoTrusted Secure Tunnel v2.3.1.5 (Version: 2.3.0015)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.1.5.3)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ 7 Update 2 (Version: 7.0.20)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 10.0 (x86 en-GB) (Version: 10.0)
MSVCRT (Version: 15.4.2862.0708)
Nero 7 Lite 7.10.1.2 (Version: 7.10.1.2)
Norton Internet Security (Version: 19.1.0.28)
Norton Internet Security (Version: 19.5.0.145)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PowerDVD (Version: 7.0.2414.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Samsung Kies (Version: 2.1.1.11124_17)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
SBR Poker 1.0.0 (Version: 1.0.0)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Segoe UI (Version: 15.4.2271.0615)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 3060.45 MB
Available physical RAM: 1477.06 MB
Total Pagefile: 6345.98 MB
Available Pagefile: 4558.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.15 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:288.32 GB) (Free:204.1 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.89 GB) NTFS
4 Drive f: (PHONE CARD) (Removable) (Total:7.44 GB) (Free:5.96 GB) FAT32

========================= Users: ========================================

User accounts for \\DELL-530

Administrator Chris Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#7 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 09 February 2012 - 03:53 PM

Please use the Posted Image button to reply. Please do NOT use the Posted Image button. I do not want to see my own posts quoted!

Please uninstall Norton at least temporarily as I suggested in http://www.spywarein...post__p__762122

Does that make the PC run faster?

You don't want two antivirus running at the same time. Please disable Sophos.

Run this check for rootkit:
Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please use the Posted Image button to reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#8 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 09 February 2012 - 09:04 PM

sorry about that
uninstalling Norton makes no difference to be honest

02:02:18.0778 2500 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
02:02:19.0131 2500 ============================================================
02:02:19.0131 2500 Current date / time: 2012/02/10 02:02:19.0131
02:02:19.0131 2500 SystemInfo:
02:02:19.0131 2500
02:02:19.0131 2500 OS Version: 6.0.6002 ServicePack: 2.0
02:02:19.0131 2500 Product type: Workstation
02:02:19.0131 2500 ComputerName: DELL-530
02:02:19.0131 2500 UserName: Chris
02:02:19.0131 2500 Windows directory: C:\Windows
02:02:19.0132 2500 System windows directory: C:\Windows
02:02:19.0132 2500 Processor architecture: Intel x86
02:02:19.0132 2500 Number of processors: 2
02:02:19.0132 2500 Page size: 0x1000
02:02:19.0132 2500 Boot type: Normal boot
02:02:19.0132 2500 ============================================================
02:02:20.0745 2500 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:02:20.0783 2500 Drive \Device\Harddisk1\DR1 - Size: 0x1DD000000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:02:20.0784 2500 \Device\Harddisk0\DR0:
02:02:20.0784 2500 MBR used
02:02:20.0784 2500 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x240A5800
02:02:20.0784 2500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
02:02:20.0784 2500 \Device\Harddisk1\DR1:
02:02:20.0785 2500 MBR used
02:02:20.0785 2500 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0xF8, BlocksNum 0xEE7F08
02:02:21.0009 2500 Initialize success
02:02:21.0009 2500 ============================================================
02:02:23.0137 2708 ============================================================
02:02:23.0137 2708 Scan started
02:02:23.0137 2708 Mode: Manual;
02:02:23.0137 2708 ============================================================
02:02:25.0785 2708 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:02:25.0789 2708 ACPI - ok
02:02:25.0932 2708 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
02:02:25.0970 2708 adp94xx - ok
02:02:26.0141 2708 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
02:02:26.0178 2708 adpahci - ok
02:02:26.0237 2708 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
02:02:26.0263 2708 adpu160m - ok
02:02:26.0371 2708 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
02:02:26.0402 2708 adpu320 - ok
02:02:26.0666 2708 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
02:02:26.0713 2708 AFD - ok
02:02:26.0797 2708 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
02:02:26.0798 2708 agp440 - ok
02:02:27.0001 2708 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:02:27.0028 2708 aic78xx - ok
02:02:27.0143 2708 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
02:02:27.0143 2708 aliide - ok
02:02:27.0239 2708 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
02:02:27.0239 2708 amdagp - ok
02:02:27.0290 2708 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
02:02:27.0291 2708 amdide - ok
02:02:27.0313 2708 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
02:02:27.0314 2708 AmdK7 - ok
02:02:27.0376 2708 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
02:02:27.0377 2708 AmdK8 - ok
02:02:27.0448 2708 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
02:02:27.0450 2708 arc - ok
02:02:27.0482 2708 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
02:02:27.0484 2708 arcsas - ok
02:02:27.0501 2708 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:02:27.0501 2708 AsyncMac - ok
02:02:27.0579 2708 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
02:02:27.0579 2708 atapi - ok
02:02:27.0617 2708 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
02:02:27.0618 2708 AVGIDSEH - ok
02:02:27.0647 2708 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:02:27.0647 2708 Beep - ok
02:02:27.0910 2708 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
02:02:27.0916 2708 BHDrvx86 - ok
02:02:27.0964 2708 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
02:02:27.0964 2708 blbdrive - ok
02:02:28.0073 2708 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
02:02:28.0112 2708 bowser - ok
02:02:28.0183 2708 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:02:28.0184 2708 BrFiltLo - ok
02:02:28.0257 2708 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:02:28.0258 2708 BrFiltUp - ok
02:02:28.0283 2708 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:02:28.0286 2708 Brserid - ok
02:02:28.0304 2708 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:02:28.0305 2708 BrSerWdm - ok
02:02:28.0318 2708 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:02:28.0319 2708 BrUsbMdm - ok
02:02:28.0353 2708 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:02:28.0353 2708 BrUsbSer - ok
02:02:28.0369 2708 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:02:28.0369 2708 BTHMODEM - ok
02:02:28.0406 2708 catchme - ok
02:02:28.0532 2708 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys
02:02:28.0534 2708 ccSet_NIS - ok
02:02:28.0652 2708 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:02:28.0653 2708 cdfs - ok
02:02:28.0668 2708 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:02:28.0670 2708 cdrom - ok
02:02:28.0790 2708 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
02:02:28.0790 2708 circlass - ok
02:02:28.0826 2708 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:02:28.0828 2708 CLFS - ok
02:02:28.0861 2708 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
02:02:28.0862 2708 cmdide - ok
02:02:28.0876 2708 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
02:02:28.0876 2708 Compbatt - ok
02:02:28.0888 2708 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
02:02:28.0889 2708 crcdisk - ok
02:02:28.0988 2708 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
02:02:28.0988 2708 Crusoe - ok
02:02:29.0029 2708 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
02:02:29.0030 2708 DfsC - ok
02:02:29.0085 2708 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys
02:02:29.0095 2708 dg_ssudbus - ok
02:02:29.0141 2708 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:02:29.0142 2708 disk - ok
02:02:29.0176 2708 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:02:29.0176 2708 drmkaud - ok
02:02:29.0227 2708 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
02:02:29.0236 2708 DXGKrnl - ok
02:02:29.0294 2708 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
02:02:29.0297 2708 e1express - ok
02:02:29.0363 2708 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:02:29.0365 2708 E1G60 - ok
02:02:29.0422 2708 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:02:29.0423 2708 Ecache - ok
02:02:29.0540 2708 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
02:02:29.0543 2708 eeCtrl - ok
02:02:29.0588 2708 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
02:02:29.0612 2708 elxstor - ok
02:02:29.0744 2708 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:02:29.0745 2708 EraserUtilRebootDrv - ok
02:02:29.0852 2708 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
02:02:29.0853 2708 ErrDev - ok
02:02:29.0898 2708 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:02:29.0901 2708 exfat - ok
02:02:29.0919 2708 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:02:29.0922 2708 fastfat - ok
02:02:29.0942 2708 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
02:02:29.0942 2708 fdc - ok
02:02:29.0976 2708 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:02:29.0977 2708 FileInfo - ok
02:02:29.0994 2708 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:02:29.0994 2708 Filetrace - ok
02:02:30.0103 2708 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
02:02:30.0103 2708 flpydisk - ok
02:02:30.0129 2708 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:02:30.0131 2708 FltMgr - ok
02:02:30.0198 2708 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
02:02:30.0199 2708 Fs_Rec - ok
02:02:30.0222 2708 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
02:02:30.0223 2708 gagp30kx - ok
02:02:30.0264 2708 gttap1 (696099dee7610b726f61e26e4ec92aaf) C:\Windows\system32\DRIVERS\gttap1.sys
02:02:30.0265 2708 gttap1 - ok
02:02:30.0300 2708 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
02:02:30.0304 2708 HdAudAddService - ok
02:02:30.0377 2708 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:02:30.0385 2708 HDAudBus - ok
02:02:30.0436 2708 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:02:30.0436 2708 HidBth - ok
02:02:30.0456 2708 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:02:30.0456 2708 HidIr - ok
02:02:30.0493 2708 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:02:30.0494 2708 HidUsb - ok
02:02:30.0514 2708 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
02:02:30.0515 2708 HpCISSs - ok
02:02:30.0550 2708 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
02:02:30.0566 2708 HTTP - ok
02:02:30.0585 2708 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
02:02:30.0586 2708 i2omp - ok
02:02:30.0637 2708 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:02:30.0638 2708 i8042prt - ok
02:02:30.0670 2708 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
02:02:30.0673 2708 iaStorV - ok
02:02:30.0801 2708 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120208.002\IDSvix86.sys
02:02:30.0804 2708 IDSVix86 - ok
02:02:30.0922 2708 igfx (63c56dac467ef814b60ff2aa2286c917) C:\Windows\system32\DRIVERS\igdkmd32.sys
02:02:30.0972 2708 igfx - ok
02:02:31.0003 2708 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:02:31.0003 2708 iirsp - ok
02:02:31.0037 2708 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
02:02:31.0037 2708 intelide - ok
02:02:31.0074 2708 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:02:31.0075 2708 intelppm - ok
02:02:31.0128 2708 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:02:31.0129 2708 IpFilterDriver - ok
02:02:31.0140 2708 IpInIp - ok
02:02:31.0160 2708 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
02:02:31.0161 2708 IPMIDRV - ok
02:02:31.0187 2708 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:02:31.0193 2708 IPNAT - ok
02:02:31.0212 2708 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:02:31.0226 2708 IRENUM - ok
02:02:31.0248 2708 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
02:02:31.0249 2708 isapnp - ok
02:02:31.0286 2708 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:02:31.0288 2708 iScsiPrt - ok
02:02:31.0355 2708 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:02:31.0355 2708 iteatapi - ok
02:02:31.0383 2708 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:02:31.0383 2708 iteraid - ok
02:02:31.0399 2708 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:02:31.0400 2708 kbdclass - ok
02:02:31.0420 2708 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:02:31.0421 2708 kbdhid - ok
02:02:31.0462 2708 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
02:02:31.0466 2708 KSecDD - ok
02:02:31.0497 2708 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:02:31.0498 2708 lltdio - ok
02:02:31.0531 2708 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
02:02:31.0549 2708 LSI_FC - ok
02:02:31.0575 2708 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
02:02:31.0609 2708 LSI_SAS - ok
02:02:31.0632 2708 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
02:02:31.0660 2708 LSI_SCSI - ok
02:02:31.0711 2708 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:02:31.0711 2708 luafv - ok
02:02:31.0740 2708 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
02:02:31.0741 2708 MBAMProtector - ok
02:02:31.0778 2708 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
02:02:31.0778 2708 megasas - ok
02:02:31.0815 2708 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
02:02:31.0821 2708 MegaSR - ok
02:02:31.0867 2708 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:02:31.0868 2708 Modem - ok
02:02:31.0887 2708 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:02:31.0889 2708 monitor - ok
02:02:31.0906 2708 MOSUMAC (e07afaf733d3004f5dc64aa3a47700b1) C:\Windows\system32\DRIVERS\MOSUMAC.SYS
02:02:31.0907 2708 MOSUMAC - ok
02:02:31.0924 2708 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:02:31.0925 2708 mouclass - ok
02:02:31.0936 2708 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:02:31.0936 2708 mouhid - ok
02:02:31.0953 2708 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:02:31.0953 2708 MountMgr - ok
02:02:31.0992 2708 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
02:02:31.0993 2708 mpio - ok
02:02:32.0022 2708 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:02:32.0023 2708 mpsdrv - ok
02:02:32.0047 2708 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:02:32.0047 2708 Mraid35x - ok
02:02:32.0059 2708 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:02:32.0060 2708 MRxDAV - ok
02:02:32.0080 2708 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:02:32.0081 2708 mrxsmb - ok
02:02:32.0135 2708 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:02:32.0161 2708 mrxsmb10 - ok
02:02:32.0172 2708 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:02:32.0174 2708 mrxsmb20 - ok
02:02:32.0235 2708 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
02:02:32.0236 2708 msahci - ok
02:02:32.0254 2708 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
02:02:32.0256 2708 msdsm - ok
02:02:32.0297 2708 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:02:32.0298 2708 Msfs - ok
02:02:32.0315 2708 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:02:32.0316 2708 msisadrv - ok
02:02:32.0370 2708 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:02:32.0371 2708 MSKSSRV - ok
02:02:32.0404 2708 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:02:32.0405 2708 MSPCLOCK - ok
02:02:32.0416 2708 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:02:32.0417 2708 MSPQM - ok
02:02:32.0447 2708 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:02:32.0449 2708 MsRPC - ok
02:02:32.0501 2708 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:02:32.0502 2708 mssmbios - ok
02:02:32.0520 2708 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:02:32.0520 2708 MSTEE - ok
02:02:32.0532 2708 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:02:32.0533 2708 Mup - ok
02:02:32.0605 2708 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:02:32.0609 2708 NativeWifiP - ok
02:02:32.0730 2708 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120209.003\NAVENG.SYS
02:02:32.0762 2708 NAVENG - ok
02:02:32.0829 2708 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120209.003\NAVEX15.SYS
02:02:32.0863 2708 NAVEX15 - ok
02:02:32.0988 2708 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:02:32.0992 2708 NDIS - ok
02:02:33.0007 2708 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:02:33.0008 2708 NdisTapi - ok
02:02:33.0029 2708 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:02:33.0029 2708 Ndisuio - ok
02:02:33.0063 2708 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:02:33.0065 2708 NdisWan - ok
02:02:33.0112 2708 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:02:33.0120 2708 NDProxy - ok
02:02:33.0132 2708 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:02:33.0134 2708 NetBIOS - ok
02:02:33.0181 2708 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
02:02:33.0185 2708 netbt - ok
02:02:33.0248 2708 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:02:33.0249 2708 nfrd960 - ok
02:02:33.0264 2708 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:02:33.0268 2708 Npfs - ok
02:02:33.0290 2708 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:02:33.0291 2708 nsiproxy - ok
02:02:33.0325 2708 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:02:33.0351 2708 Ntfs - ok
02:02:33.0366 2708 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:02:33.0367 2708 ntrigdigi - ok
02:02:33.0407 2708 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:02:33.0409 2708 Null - ok
02:02:33.0430 2708 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
02:02:33.0432 2708 nvraid - ok
02:02:33.0476 2708 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
02:02:33.0477 2708 nvstor - ok
02:02:33.0492 2708 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
02:02:33.0494 2708 nv_agp - ok
02:02:33.0513 2708 NwlnkFlt - ok
02:02:33.0535 2708 NwlnkFwd - ok
02:02:33.0573 2708 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
02:02:33.0574 2708 ohci1394 - ok
02:02:33.0592 2708 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
02:02:33.0599 2708 Parport - ok
02:02:33.0610 2708 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
02:02:33.0611 2708 partmgr - ok
02:02:33.0665 2708 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
02:02:33.0665 2708 Parvdm - ok
02:02:33.0691 2708 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:02:33.0693 2708 pci - ok
02:02:33.0726 2708 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
02:02:33.0726 2708 pciide - ok
02:02:33.0751 2708 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
02:02:33.0754 2708 pcmcia - ok
02:02:33.0784 2708 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
02:02:33.0786 2708 pcouffin - ok
02:02:33.0836 2708 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:02:33.0851 2708 PEAUTH - ok
02:02:33.0888 2708 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:02:33.0889 2708 PptpMiniport - ok
02:02:33.0908 2708 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
02:02:33.0909 2708 Processor - ok
02:02:33.0933 2708 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:02:33.0935 2708 PSched - ok
02:02:34.0022 2708 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
02:02:34.0022 2708 PSI - ok
02:02:34.0069 2708 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
02:02:34.0094 2708 ql2300 - ok
02:02:34.0114 2708 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:02:34.0116 2708 ql40xx - ok
02:02:34.0174 2708 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:02:34.0175 2708 QWAVEdrv - ok
02:02:34.0194 2708 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:02:34.0195 2708 RasAcd - ok
02:02:34.0209 2708 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:02:34.0210 2708 Rasl2tp - ok
02:02:34.0237 2708 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:02:34.0238 2708 RasPppoe - ok
02:02:34.0250 2708 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:02:34.0253 2708 RasSstp - ok
02:02:34.0306 2708 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:02:34.0313 2708 rdbss - ok
02:02:34.0326 2708 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:02:34.0327 2708 RDPCDD - ok
02:02:34.0353 2708 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
02:02:34.0355 2708 rdpdr - ok
02:02:34.0394 2708 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:02:34.0394 2708 RDPENCDD - ok
02:02:34.0440 2708 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
02:02:34.0449 2708 RDPWD - ok
02:02:34.0491 2708 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:02:34.0492 2708 rspndr - ok
02:02:34.0556 2708 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
02:02:34.0556 2708 RTL8169 - ok
02:02:34.0597 2708 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:02:34.0599 2708 sbp2port - ok
02:02:34.0657 2708 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:02:34.0659 2708 secdrv - ok
02:02:34.0694 2708 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
02:02:34.0695 2708 Serenum - ok
02:02:34.0717 2708 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
02:02:34.0728 2708 Serial - ok
02:02:34.0745 2708 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:02:34.0745 2708 sermouse - ok
02:02:34.0770 2708 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
02:02:34.0771 2708 sffdisk - ok
02:02:34.0793 2708 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
02:02:34.0794 2708 sffp_mmc - ok
02:02:34.0812 2708 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
02:02:34.0813 2708 sffp_sd - ok
02:02:34.0830 2708 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:02:34.0830 2708 sfloppy - ok
02:02:34.0859 2708 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
02:02:34.0859 2708 sisagp - ok
02:02:34.0878 2708 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
02:02:34.0878 2708 SiSRaid2 - ok
02:02:34.0897 2708 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
02:02:34.0899 2708 SiSRaid4 - ok
02:02:34.0960 2708 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
02:02:34.0974 2708 Smb - ok
02:02:35.0001 2708 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:02:35.0003 2708 spldr - ok
02:02:35.0112 2708 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\NIS\1305000.091\SRTSP.SYS
02:02:35.0120 2708 SRTSP - ok
02:02:35.0177 2708 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS
02:02:35.0178 2708 SRTSPX - ok
02:02:35.0209 2708 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
02:02:35.0213 2708 srv - ok
02:02:35.0278 2708 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
02:02:35.0295 2708 srv2 - ok
02:02:35.0317 2708 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
02:02:35.0319 2708 srvnet - ok
02:02:35.0392 2708 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys
02:02:35.0395 2708 ssudmdm - ok
02:02:35.0459 2708 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:02:35.0459 2708 swenum - ok
02:02:35.0480 2708 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:02:35.0481 2708 Symc8xx - ok
02:02:35.0634 2708 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS
02:02:35.0636 2708 SymDS - ok
02:02:35.0840 2708 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS
02:02:35.0985 2708 SymEFA - ok
02:02:36.0035 2708 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
02:02:36.0044 2708 SymEvent - ok
02:02:36.0062 2708 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS
02:02:36.0065 2708 SymIRON - ok
02:02:36.0161 2708 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\NIS\1305000.091\SYMTDIV.SYS
02:02:36.0167 2708 SYMTDIv - ok
02:02:36.0200 2708 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:02:36.0201 2708 Sym_hi - ok
02:02:36.0223 2708 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:02:36.0223 2708 Sym_u3 - ok
02:02:36.0314 2708 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
02:02:36.0346 2708 Tcpip - ok
02:02:36.0380 2708 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
02:02:36.0386 2708 Tcpip6 - ok
02:02:36.0589 2708 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
02:02:36.0590 2708 tcpipreg - ok
02:02:36.0705 2708 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:02:36.0705 2708 TDPIPE - ok
02:02:36.0755 2708 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:02:36.0756 2708 TDTCP - ok
02:02:36.0815 2708 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:02:36.0821 2708 tdx - ok
02:02:36.0879 2708 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:02:36.0880 2708 TermDD - ok
02:02:36.0935 2708 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:02:36.0936 2708 tssecsrv - ok
02:02:36.0991 2708 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:02:36.0992 2708 tunmp - ok
02:02:37.0009 2708 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
02:02:37.0010 2708 tunnel - ok
02:02:37.0043 2708 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
02:02:37.0044 2708 uagp35 - ok
02:02:37.0074 2708 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:02:37.0079 2708 udfs - ok
02:02:37.0105 2708 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
02:02:37.0107 2708 uliagpkx - ok
02:02:37.0189 2708 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
02:02:37.0194 2708 uliahci - ok
02:02:37.0214 2708 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:02:37.0216 2708 UlSata - ok
02:02:37.0274 2708 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:02:37.0279 2708 ulsata2 - ok
02:02:37.0298 2708 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:02:37.0299 2708 umbus - ok
02:02:37.0334 2708 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
02:02:37.0336 2708 usbccgp - ok
02:02:37.0383 2708 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:02:37.0385 2708 usbcir - ok
02:02:37.0433 2708 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:02:37.0434 2708 usbehci - ok
02:02:37.0451 2708 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:02:37.0454 2708 usbhub - ok
02:02:37.0471 2708 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
02:02:37.0472 2708 usbohci - ok
02:02:37.0491 2708 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
02:02:37.0492 2708 usbprint - ok
02:02:37.0521 2708 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:02:37.0523 2708 USBSTOR - ok
02:02:37.0561 2708 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
02:02:37.0562 2708 usbuhci - ok
02:02:37.0594 2708 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
02:02:37.0595 2708 vga - ok
02:02:37.0611 2708 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:02:37.0612 2708 VgaSave - ok
02:02:37.0640 2708 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
02:02:37.0641 2708 viaagp - ok
02:02:37.0665 2708 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
02:02:37.0666 2708 ViaC7 - ok
02:02:37.0700 2708 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
02:02:37.0700 2708 viaide - ok
02:02:37.0713 2708 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:02:37.0714 2708 volmgr - ok
02:02:37.0730 2708 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:02:37.0732 2708 volmgrx - ok
02:02:37.0746 2708 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:02:37.0748 2708 volsnap - ok
02:02:37.0816 2708 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
02:02:37.0818 2708 vsmraid - ok
02:02:37.0895 2708 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:02:37.0897 2708 WacomPen - ok
02:02:37.0956 2708 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:02:37.0957 2708 Wanarp - ok
02:02:37.0974 2708 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:02:37.0975 2708 Wanarpv6 - ok
02:02:37.0997 2708 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
02:02:37.0998 2708 Wd - ok
02:02:38.0040 2708 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:02:38.0048 2708 Wdf01000 - ok
02:02:38.0126 2708 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
02:02:38.0127 2708 WmiAcpi - ok
02:02:38.0179 2708 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
02:02:38.0179 2708 WpdUsb - ok
02:02:38.0206 2708 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:02:38.0207 2708 ws2ifsl - ok
02:02:38.0236 2708 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:02:38.0240 2708 WUDFRd - ok
02:02:38.0259 2708 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:02:38.0333 2708 \Device\Harddisk0\DR0 - ok
02:02:38.0346 2708 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
02:02:38.0380 2708 \Device\Harddisk1\DR1 - ok
02:02:38.0407 2708 Boot (0x1200) (3dfd8f055873d9238e5377622da9fb66) \Device\Harddisk0\DR0\Partition0
02:02:38.0434 2708 \Device\Harddisk0\DR0\Partition0 - ok
02:02:38.0478 2708 Boot (0x1200) (c16041381db22404c8fc65dde425fb44) \Device\Harddisk0\DR0\Partition1
02:02:38.0479 2708 \Device\Harddisk0\DR0\Partition1 - ok
02:02:38.0513 2708 Boot (0x1200) (674a1b5f7b968046491387f0186c4ae7) \Device\Harddisk1\DR1\Partition0
02:02:38.0514 2708 \Device\Harddisk1\DR1\Partition0 - ok
02:02:38.0515 2708 ============================================================
02:02:38.0515 2708 Scan finished
02:02:38.0515 2708 ============================================================
02:02:38.0525 3008 Detected object count: 0
02:02:38.0525 3008 Actual detected object count: 0

#9 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 09 February 2012 - 09:57 PM

OK. Nor Norton, not rootkit. Do you use "xing shared"?

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
Folder::
c:\users\chris\appdata\roaming\uTorrent
c:\users\Default\AppData\Local\temp
c:\users\chris\appdata\local\{54F03B7A-B2AA-4A1C-9E8C-93E36EE50C40}
c:\users\chris\appdata\local\{56D9AEB0-4E74-4A77-89F6-95B651228B49}
c:\users\chris\appdata\local\{CBD0075F-FA49-4823-96AA-B52A0250AA3D}
c:\users\chris\appdata\local\{CCC1DBF0-19C3-4CBE-93F0-C1AF276591B2}
c:\users\chris\appdata\local\{31996A4D-6C2B-4E39-A007-C8D20D70D815}
c:\users\chris\appdata\local\{38FD4D69-C347-45C4-B681-57019A7E74E0}
c:\users\chris\appdata\local\{1D378909-938F-47FC-A1B5-72D8852F51B1}
c:\users\chris\appdata\local\{25482C31-9C7B-4EDB-9C8B-F607E5C34AFA}
c:\users\chris\appdata\local\{65363472-03D0-49C5-B864-345D2897EA4A}
c:\users\chris\appdata\local\{71ECCB6B-FE5D-4557-8886-0847ECA58320}
c:\users\chris\appdata\local\{B8907991-2F13-44A7-BB02-B81B4E5280ED}
c:\users\chris\appdata\local\{9EA56D90-105D-41A1-A1A3-727FE686EEB9}
c:\users\chris\appdata\local\{B80FED89-FBC1-4B91-9F2B-7AB3BABECE38}
c:\users\chris\appdata\local\{084DAFAF-1B46-4EEB-AD1E-D323E4085A6D}
c:\users\chris\appdata\local\{E1B7E9AE-998D-4D2D-BC15-EA1A454AD527}
c:\users\chris\appdata\local\{1879DEEC-C151-4B9C-BCA7-2099F7FE8B7F}
c:\users\chris\appdata\local\{98943390-E338-4980-A12F-BF158D2AA45F}
c:\users\chris\appdata\local\{EF689DE2-5067-4F03-B682-D07A5F94C8CB}
c:\users\chris\appdata\local\{0CEBE423-0F1B-49A0-8F2B-0AA3FECCD30B}
c:\users\chris\appdata\local\{68802E08-8222-45F7-A9C9-A1023428A084}
c:\users\chris\appdata\local\{7EFAAE56-5E92-4349-AE86-879988F25D12}
c:\users\chris\appdata\local\{7FE5DE75-648C-4A13-B042-487EA392F38F}
c:\users\chris\appdata\local\{3E922CBE-648E-4934-AA9D-1DC59F158F03}
c:\users\chris\appdata\local\{87CF905F-B7A2-45C3-AD37-BF315E5F41E7}
c:\users\chris\appdata\local\{4ECA7042-711B-4F7E-83EF-4802BEF0CB26}
c:\users\chris\appdata\local\{477FEEAF-920F-4922-94D1-A598E95C02BB}
c:\users\chris\appdata\local\{90F5B955-EFDA-4CE4-8411-17284D06F23C}
c:\users\chris\appdata\local\{D0ACD056-CDDC-49A4-80A5-4E96F59AB6AE}
c:\users\chris\appdata\local\{7B1DE6EF-E177-4F47-8F7C-841B59B78DFD}
c:\users\chris\appdata\roaming\Temp
c:\users\chris\appdata\local\temp
c:\users\chris\appdata\local\{5279DFE8-A1B3-4B68-AF5D-DD540F444925}
c:\users\chris\appdata\local\{A427EE95-452E-4CBF-A1F9-A74621175D23}
c:\users\chris\appdata\local\{4ED886A2-A1F0-4A81-96A5-3EC9128AF36A}
c:\users\chris\appdata\local\{60AE7B18-CEA1-46E8-80E6-112AC2D7859C}
c:\users\chris\appdata\local\{AA316BE9-43CA-4FB5-9048-95CCF3CA0CA1}
c:\users\chris\appdata\local\{E3613885-B772-4EFB-97FF-D1CD0723D797}
C:\Temp
Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#10 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 10 February 2012 - 03:59 AM

I had to re download combofix as Norton quarantined it, downloaded it but Norton blocked said it wasn't safe and removed it?
do I disable Norton and download it?
-
so downloaded it anyway but now it wont work- when I try to open it I get the message 'illegal operation attempted on a registry key marked for deletion'

I have no idea what the xing shared is

Edited by Butters7, 10 February 2012 - 04:23 AM.


#11 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 10 February 2012 - 07:36 AM

okay
I downloaded combofix again and it ran and up popped the log like before
so then I added the script to it like you said and it said it was scanning but after a hour nothing had happened just the prompt and it just froze and gave me a white screen and had to reboot

browser I use keeps auto refreshing for no reason rendering it useless.

Edited by Butters7, 10 February 2012 - 12:06 PM.


#12 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 10 February 2012 - 12:11 PM

All right. Let's use OTL. Later I will have you uninstall ComboFix but I don't want it to remove its backups yet.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and post with your next two replies.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#13 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 11 February 2012 - 05:34 AM

Norton did a quick scan by itself this morning and found combofix and quarantined it again as it claimed it was a trojan again

#14 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 11 February 2012 - 11:36 AM

That's a shame.

I'd like to see the OTL logs, please.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#15 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 11 February 2012 - 04:30 PM

OTL logfile created on: 11/02/2012 21:26:57 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.60% Memory free
6.17 Gb Paging File | 5.32 Gb Available in Paging File | 86.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 199.12 Gb Free Space | 69.06% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.80% Space Free | Partition Type: NTFS
Drive F: | 7.44 Gb Total Space | 5.96 Gb Free Space | 80.12% Space Free | Partition Type: FAT32

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Chris\AppData\Local\temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\1690c0d482ffd8105fc6e573a1d84ed8\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\afb98d0ba0006a3dece48623712f61b1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\bf5ca252df4083e6c48dc3e9f3273cf5\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9565982f271da74fd952906f9b6a88c9\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0d5d26ed41c8fa0c7feb00ef5343299a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d08e6e917f08ef674373576016969a20\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a4a330e92cbd3457b3f00ae367a4bc5f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2807b771372137d41fb8d392a878d0c7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b680bfc9e268e756f86980bb47b7d330\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\acf4f694ab9c0b1802e83e5cd726812f\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1924bdaf130f882ceaf9d7b880602d22\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f477a17590634925c583632d171e2726\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe (Symantec Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120210.035\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120210.035\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120210.002\IDSvix86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120207.003\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1305000.091\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1305000.091\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS (Symantec Corporation)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--)
DRV - (gttap1) -- C:\Windows\System32\drivers\gttap1.sys (GoTrusted)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.visagecomputers.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/12/26 21:34:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/01/31 15:39:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/02/10 17:02:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/08 00:30:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/11 11:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/08 00:30:35 | 000,000,000 | ---D | M]

[2012/02/07 23:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/02/11 11:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1zmebzuf.default\extensions
[2012/02/08 06:36:54 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1zmebzuf.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012/02/08 00:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/11 11:12:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZMEBZUF.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/02/11 11:12:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2012/02/08 00:30:00 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2012/02/08 00:30:35 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2012/02/08 00:29:52 | 000,108,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2012/01/29 14:08:59 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/29 13:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 14:08:59 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/29 14:08:59 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/29 13:50:55 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/01/29 13:50:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/01/29 14:08:59 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/10 11:54:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [GoTrusted] C:\Program Files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe (GoTrusted.com)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 23:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/02/10 12:15:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/10 11:58:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/10 11:55:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/10 11:00:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\NPE
[2012/02/10 09:07:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2012/02/09 17:04:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Sophos
[2012/02/09 17:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/02/09 17:00:45 | 000,000,000 | ---D | C] -- C:\stdtsa
[2012/02/09 06:26:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/09 06:26:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/09 06:26:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/09 06:26:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 01:10:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DF971E01-A0D8-453D-B099-1EE04868FC01}
[2012/02/09 01:10:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{356C3960-9503-4C30-BE31-75DB7319EB7C}
[2012/02/08 13:10:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A30D02A7-5E89-4FD3-9B64-0CCE981AEA86}
[2012/02/08 13:09:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EFA9D157-E6E4-4F71-995F-9B96344EDDCB}
[2012/02/08 00:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/02/08 00:23:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E0528845-44CA-41C4-B0C4-4D7F8D56594F}
[2012/02/08 00:22:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1B4E20A7-D4EF-48F9-BE51-E5E1CBE27ACB}
[2012/02/07 23:11:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2012/02/07 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{54F03B7A-B2AA-4A1C-9E8C-93E36EE50C40}
[2012/02/07 06:52:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{56D9AEB0-4E74-4A77-89F6-95B651228B49}
[2012/02/07 06:52:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CBD0075F-FA49-4823-96AA-B52A0250AA3D}
[2012/02/06 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CCC1DBF0-19C3-4CBE-93F0-C1AF276591B2}
[2012/02/06 18:51:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{31996A4D-6C2B-4E39-A007-C8D20D70D815}
[2012/02/05 04:53:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{38FD4D69-C347-45C4-B681-57019A7E74E0}
[2012/02/05 04:53:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1D378909-938F-47FC-A1B5-72D8852F51B1}
[2012/02/04 16:31:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{25482C31-9C7B-4EDB-9C8B-F607E5C34AFA}
[2012/02/04 16:30:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{65363472-03D0-49C5-B864-345D2897EA4A}
[2012/02/03 16:18:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{71ECCB6B-FE5D-4557-8886-0847ECA58320}
[2012/02/03 16:18:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B8907991-2F13-44A7-BB02-B81B4E5280ED}
[2012/02/03 03:07:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9EA56D90-105D-41A1-A1A3-727FE686EEB9}
[2012/02/03 03:07:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B80FED89-FBC1-4B91-9F2B-7AB3BABECE38}
[2012/02/02 15:07:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{084DAFAF-1B46-4EEB-AD1E-D323E4085A6D}
[2012/02/02 15:07:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E1B7E9AE-998D-4D2D-BC15-EA1A454AD527}
[2012/02/01 16:58:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1879DEEC-C151-4B9C-BCA7-2099F7FE8B7F}
[2012/02/01 16:58:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{98943390-E338-4980-A12F-BF158D2AA45F}
[2012/02/01 03:39:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EF689DE2-5067-4F03-B682-D07A5F94C8CB}
[2012/02/01 03:39:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0CEBE423-0F1B-49A0-8F2B-0AA3FECCD30B}
[2012/01/31 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{68802E08-8222-45F7-A9C9-A1023428A084}
[2012/01/31 15:39:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7EFAAE56-5E92-4349-AE86-879988F25D12}
[2012/01/30 13:50:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7FE5DE75-648C-4A13-B042-487EA392F38F}
[2012/01/30 13:50:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3E922CBE-648E-4934-AA9D-1DC59F158F03}
[2012/01/30 01:50:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{87CF905F-B7A2-45C3-AD37-BF315E5F41E7}
[2012/01/30 01:50:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4ECA7042-711B-4F7E-83EF-4802BEF0CB26}
[2012/01/29 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2012/01/29 14:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2012/01/29 14:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2012/01/29 13:50:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{477FEEAF-920F-4922-94D1-A598E95C02BB}
[2012/01/29 13:49:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{90F5B955-EFDA-4CE4-8411-17284D06F23C}
[2012/01/28 18:51:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D0ACD056-CDDC-49A4-80A5-4E96F59AB6AE}
[2012/01/28 18:51:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7B1DE6EF-E177-4F47-8F7C-841B59B78DFD}
[2012/01/22 19:19:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/01/22 19:14:23 | 000,000,000 | ---D | C] -- C:\Temp
[2012/01/22 19:02:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Samsung
[2012/01/22 19:02:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/01/22 19:02:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\samsung
[2012/01/22 19:01:55 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012/01/22 19:01:54 | 000,080,184 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012/01/22 18:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/01/22 18:59:38 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012/01/22 18:59:06 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012/01/22 18:59:06 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012/01/22 18:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012/01/22 18:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/01/22 18:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/01/22 18:57:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Downloaded Installations
[2012/01/17 10:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2012/01/12 22:03:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/12/28 14:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/02/11 21:25:10 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 21:25:10 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 21:25:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/11 21:25:02 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/11 15:55:59 | 000,014,848 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/11 11:04:16 | 023,380,114 | ---- | M] () -- C:\Users\Chris\Documents\6.pdf
[2012/02/10 23:07:00 | 000,001,728 | ---- | M] () -- C:\Users\Chris\Desktop\PeerBlock.lnk
[2012/02/10 12:45:17 | 000,002,096 | ---- | M] () -- C:\{5263D233-A458-415D-8FA4-1ECE59284CBB}
[2012/02/10 12:36:11 | 000,002,360 | ---- | M] () -- C:\{4478E301-1B19-4DCF-967A-07D04E0A0A07}
[2012/02/10 12:14:06 | 000,002,838 | ---- | M] () -- C:\Users\Chris\Desktop\script.exe
[2012/02/10 11:54:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/09 22:06:17 | 000,508,913 | ---- | M] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/02/09 22:05:58 | 000,163,945 | ---- | M] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/02/09 20:05:38 | 000,396,041 | ---- | M] () -- C:\Users\Chris\Desktop\MiniToolBox.exe
[2012/02/09 09:28:44 | 014,175,473 | ---- | M] () -- C:\Users\Chris\Documents\log66.mcf
[2012/02/09 00:30:04 | 007,473,993 | ---- | M] () -- C:\Users\Chris\Documents\pdf_reports.pdf
[2012/02/08 00:38:53 | 000,001,754 | ---- | M] () -- C:\Users\Chris\Desktop\Update Checker.lnk
[2012/02/08 00:30:25 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/02/08 00:30:00 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/02/08 00:29:49 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/02/08 00:29:49 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/02/08 00:29:44 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/02/08 00:13:46 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/07 23:10:20 | 000,000,870 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/04 16:28:57 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 16:15:29 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/04 16:14:57 | 001,787,086 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/04 16:14:28 | 000,004,782 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\VT20111023.023
[2012/02/02 19:44:42 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/02/02 19:44:42 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/02/02 19:44:42 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/01/27 04:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\isolate.ini
[2012/01/27 02:18:50 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/22 19:33:08 | 009,064,991 | ---- | M] () -- C:\Users\Chris\Desktop\millman_2011-10-13-170517-3953-0-0-0.32.mp3
[2012/01/22 19:32:53 | 015,865,239 | ---- | M] () -- C:\Users\Chris\Desktop\millman_2011-11-29-141951-6701-0-0-0.48.mp3
[2012/01/22 19:14:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/01/22 19:02:43 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/01/22 18:59:45 | 000,001,758 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/01/21 13:14:03 | 000,247,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/18 15:17:16 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/18 15:17:16 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/13 07:12:43 | 000,000,036 | ---- | M] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2012/02/11 11:04:16 | 023,380,114 | ---- | C] () -- C:\Users\Chris\Documents\6.pdf
[2012/02/10 16:59:17 | 3209,875,456 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/10 12:45:17 | 000,002,096 | ---- | C] () -- C:\{5263D233-A458-415D-8FA4-1ECE59284CBB}
[2012/02/10 12:36:11 | 000,002,360 | ---- | C] () -- C:\{4478E301-1B19-4DCF-967A-07D04E0A0A07}
[2012/02/10 12:13:40 | 000,002,838 | ---- | C] () -- C:\Users\Chris\Desktop\script.exe
[2012/02/09 20:04:42 | 000,396,041 | ---- | C] () -- C:\Users\Chris\Desktop\MiniToolBox.exe
[2012/02/09 09:28:38 | 014,175,473 | ---- | C] () -- C:\Users\Chris\Documents\log66.mcf
[2012/02/09 06:26:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/09 06:26:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/09 06:26:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/09 06:26:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/09 06:26:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/09 00:30:03 | 007,473,993 | ---- | C] () -- C:\Users\Chris\Documents\pdf_reports.pdf
[2012/02/08 00:38:53 | 000,001,754 | ---- | C] () -- C:\Users\Chris\Desktop\Update Checker.lnk
[2012/02/08 00:30:25 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/02/07 23:10:19 | 000,000,870 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/07 23:10:19 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/07 23:10:18 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/29 14:04:57 | 000,001,728 | ---- | C] () -- C:\Users\Chris\Desktop\PeerBlock.lnk
[2012/01/27 02:18:50 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/27 02:18:49 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/01/22 19:32:42 | 009,064,991 | ---- | C] () -- C:\Users\Chris\Desktop\millman_2011-10-13-170517-3953-0-0-0.32.mp3
[2012/01/22 19:32:16 | 015,865,239 | ---- | C] () -- C:\Users\Chris\Desktop\millman_2011-11-29-141951-6701-0-0-0.48.mp3
[2012/01/22 19:31:45 | 013,917,124 | ---- | C] () -- C:\Users\Chris\Desktop\winning100127a1.mp3
[2012/01/22 19:31:37 | 014,011,896 | ---- | C] () -- C:\Users\Chris\Desktop\winning100120a.mp3
[2012/01/22 19:31:29 | 013,969,055 | ---- | C] () -- C:\Users\Chris\Desktop\winning100113a.mp3
[2012/01/22 19:14:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/01/22 19:02:43 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/01/22 18:59:45 | 000,001,758 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/01/18 15:20:21 | 059,376,638 | ---- | C] () -- C:\Users\Chris\Desktop\MOV00723.MP4
[2012/01/17 10:07:00 | 002,048,189 | ---- | C] () -- C:\Users\Chris\Documents\HostsMan_Setup.exe
[2012/01/13 08:10:03 | 000,508,913 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 08:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 07:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 14:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 14:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/12/28 07:42:22 | 000,014,848 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/02/04 13:50:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/04 13:50:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/04 13:19:09 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2011/02/04 12:24:09 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2008/10/23 12:54:22 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/23 12:20:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/23 12:05:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,247,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/02/04 13:38:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG10
[2012/01/22 19:02:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/01/22 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/02/11 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2012/01/12 22:04:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2012/02/11 21:24:10 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#16 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 11 February 2012 - 04:31 PM

OTL Extras logfile created on: 11/02/2012 21:26:57 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.60% Memory free
6.17 Gb Paging File | 5.32 Gb Available in Paging File | 86.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 199.12 Gb Free Space | 69.06% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.80% Space Free | Partition Type: NTFS
Drive F: | 7.44 Gb Total Space | 5.96 Gb Free Space | 80.12% Space Free | Partition Type: FAT32

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{66DA123C-20BA-4BF5-807B-56DD045F3DC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7581500E-176F-4EB2-BAF0-C2B422A28AAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF4322E7-A8F4-4CDA-97E0-1F16E3619F58}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F90F0B39-2DFB-46FB-AD77-58B3F1CC027D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A98C711-D518-40A0-8682-2CBDD0F41A4C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{39DDA8C9-459F-4031-B48E-6C18F49A046D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{40D3180F-159E-490F-B7AE-C78FB21B4835}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{6F2BB904-B011-49BA-9FCC-D9B076A725D6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{7F2385FC-8BDB-4F8D-977F-5E7E212778D2}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{8888D5A1-B51B-46D2-90DB-74EB76149035}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E00B87B6-1B74-441A-B6C4-529AD3385CBF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCCDF430-FFC5-41E8-82EB-FB7959EBC450}" = GoTrusted Secure Tunnel v2.3.1.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"EasyBCD" = EasyBCD 1.7
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2180] [2008-10-04]
"FileHippo.com" = FileHippo.com Update Checker
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.1 (x86 en-GB)" = Mozilla Firefox 10.0.1 (x86 en-GB)
"Nero7Lite_is1" = Nero 7 Lite 7.10.1.2
"NIS" = Norton Internet Security
"RealPlayer 15.0" = RealPlayer
"sbrAppId_is1" = SBR Poker 1.0.0
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/02/2012 20:23:33 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 07/02/2012 20:35:40 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 08/02/2012 02:32:04 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 09/02/2012 02:37:13 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 09/02/2012 13:40:48 | Computer Name = DELL-530 | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =

Error - 09/02/2012 13:40:48 | Computer Name = DELL-530 | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =

Error - 09/02/2012 16:05:41 | Computer Name = DELL-530 | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 10.0.0.4411 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e0c Start Time: 01cce6f8bc9660c8 Termination Time: 72

Error - 10/02/2012 05:10:50 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 10/02/2012 07:04:00 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 10/02/2012 07:36:12 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 18/01/2012 07:04:16 | Computer Name = DELL-530 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.0.0.0 for the Network Card with network address
00FF59E3C41B has been denied by the DHCP server 10.197.92.85 (The DHCP Server sent
a DHCPNACK message).

Error - 18/01/2012 07:04:17 | Computer Name = DELL-530 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.0.0.0 for the Network Card with network address
00FF59E3C41B has been denied by the DHCP server 10.197.92.85 (The DHCP Server sent
a DHCPNACK message).

Error - 18/01/2012 10:20:48 | Computer Name = DELL-530 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:19:24 on 18/01/2012 was unexpected.

Error - 18/01/2012 10:20:50 | Computer Name = DELL-530 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001EC982BAAF has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 18/01/2012 10:25:58 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7022
Description =

Error - 19/01/2012 05:16:45 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7011
Description =

Error - 19/01/2012 05:17:15 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7011
Description =

Error - 19/01/2012 05:19:11 | Computer Name = DELL-530 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.197.92.86 for the Network Card with network
address 00FF59E3C41B has been denied by the DHCP server 10.197.92.85 (The DHCP
Server sent a DHCPNACK message).

Error - 20/01/2012 12:14:17 | Computer Name = DELL-530 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.197.92.86 for the Network Card with network
address 00FF59E3C41B has been denied by the DHCP server 10.197.92.85 (The DHCP
Server sent a DHCPNACK message).

Error - 21/01/2012 09:15:38 | Computer Name = DELL-530 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.197.92.86 for the Network Card with network
address 00FF59E3C41B has been denied by the DHCP server 10.197.92.85 (The DHCP
Server sent a DHCPNACK message).


< End of report >

#17 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 11 February 2012 - 07:10 PM

Bring up OTL (don't run it just yet).

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
[2012/02/09 01:10:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DF971E01-A0D8-453D-B099-1EE04868FC01}
[2012/02/09 01:10:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{356C3960-9503-4C30-BE31-75DB7319EB7C}
[2012/02/08 13:10:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A30D02A7-5E89-4FD3-9B64-0CCE981AEA86}
[2012/02/08 13:09:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EFA9D157-E6E4-4F71-995F-9B96344EDDCB}
[2012/02/08 00:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/02/08 00:23:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E0528845-44CA-41C4-B0C4-4D7F8D56594F}
[2012/02/08 00:22:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1B4E20A7-D4EF-48F9-BE51-E5E1CBE27ACB}
[2012/02/07 23:11:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2012/02/07 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{54F03B7A-B2AA-4A1C-9E8C-93E36EE50C40}
[2012/02/07 06:52:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{56D9AEB0-4E74-4A77-89F6-95B651228B49}
[2012/02/07 06:52:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CBD0075F-FA49-4823-96AA-B52A0250AA3D}
[2012/02/06 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CCC1DBF0-19C3-4CBE-93F0-C1AF276591B2}
[2012/02/06 18:51:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{31996A4D-6C2B-4E39-A007-C8D20D70D815}
[2012/02/05 04:53:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{38FD4D69-C347-45C4-B681-57019A7E74E0}
[2012/02/05 04:53:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1D378909-938F-47FC-A1B5-72D8852F51B1}
[2012/02/04 16:31:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{25482C31-9C7B-4EDB-9C8B-F607E5C34AFA}
[2012/02/04 16:30:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{65363472-03D0-49C5-B864-345D2897EA4A}
[2012/02/03 16:18:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{71ECCB6B-FE5D-4557-8886-0847ECA58320}
[2012/02/03 16:18:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B8907991-2F13-44A7-BB02-B81B4E5280ED}
[2012/02/03 03:07:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9EA56D90-105D-41A1-A1A3-727FE686EEB9}
[2012/02/03 03:07:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B80FED89-FBC1-4B91-9F2B-7AB3BABECE38}
[2012/02/02 15:07:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{084DAFAF-1B46-4EEB-AD1E-D323E4085A6D}
[2012/02/02 15:07:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E1B7E9AE-998D-4D2D-BC15-EA1A454AD527}
[2012/02/01 16:58:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1879DEEC-C151-4B9C-BCA7-2099F7FE8B7F}
[2012/02/01 16:58:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{98943390-E338-4980-A12F-BF158D2AA45F}
[2012/02/01 03:39:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EF689DE2-5067-4F03-B682-D07A5F94C8CB}
[2012/02/01 03:39:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0CEBE423-0F1B-49A0-8F2B-0AA3FECCD30B}
[2012/01/31 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{68802E08-8222-45F7-A9C9-A1023428A084}
[2012/01/31 15:39:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7EFAAE56-5E92-4349-AE86-879988F25D12}
[2012/01/30 13:50:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7FE5DE75-648C-4A13-B042-487EA392F38F}
[2012/01/30 13:50:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3E922CBE-648E-4934-AA9D-1DC59F158F03}
[2012/01/30 01:50:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{87CF905F-B7A2-45C3-AD37-BF315E5F41E7}
[2012/01/30 01:50:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4ECA7042-711B-4F7E-83EF-4802BEF0CB26}
[2012/01/29 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2012/01/29 13:50:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{477FEEAF-920F-4922-94D1-A598E95C02BB}
[2012/01/29 13:49:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{90F5B955-EFDA-4CE4-8411-17284D06F23C}
[2012/01/28 18:51:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D0ACD056-CDDC-49A4-80A5-4E96F59AB6AE}
[2012/01/28 18:51:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7B1DE6EF-E177-4F47-8F7C-841B59B78DFD}
[2012/01/22 19:19:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/02/10 12:45:17 | 000,002,096 | ---- | M] () -- C:\{5263D233-A458-415D-8FA4-1ECE59284CBB}
[2012/02/10 12:36:11 | 000,002,360 | ---- | M] () -- C:\{4478E301-1B19-4DCF-967A-07D04E0A0A07}
[2011/02/04 13:38:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG10
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Files
c:\program files\avg
:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Close other windows.
Then click the red 'Run Fix' button (not the blue Run Scan).

Once you see a message box "Fix complete! Click OK to open the fix log."
  • Click the OK button
  • The log will open in Notepad (your default text editor). Save As OTLfix.txt
  • Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
  • If you are asked to reboot the machine choose Yes.
  • A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Post the OTLfix.txt log in your reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#18 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 12 February 2012 - 04:15 AM

All processes killed
========== OTL ==========
C:\Users\Chris\AppData\Local\{DF971E01-A0D8-453D-B099-1EE04868FC01} folder moved successfully.
C:\Users\Chris\AppData\Local\{356C3960-9503-4C30-BE31-75DB7319EB7C} folder moved successfully.
C:\Users\Chris\AppData\Local\{A30D02A7-5E89-4FD3-9B64-0CCE981AEA86} folder moved successfully.
C:\Users\Chris\AppData\Local\{EFA9D157-E6E4-4F71-995F-9B96344EDDCB} folder moved successfully.
C:\Program Files\Common Files\xing shared\mpeg encode folder moved successfully.
C:\Program Files\Common Files\xing shared folder moved successfully.
C:\Users\Chris\AppData\Local\{E0528845-44CA-41C4-B0C4-4D7F8D56594F} folder moved successfully.
C:\Users\Chris\AppData\Local\{1B4E20A7-D4EF-48F9-BE51-E5E1CBE27ACB} folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1zmebzuf.default\minidumps folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1zmebzuf.default\extensions\en-GB@dictionaries.addons.mozilla.org\dictionaries folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1zmebzuf.default\extensions\en-GB@dictionaries.addons.mozilla.org folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1zmebzuf.default\extensions folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1zmebzuf.default\bookmarkbackups folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1zmebzuf.default folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Crash Reports folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla folder moved successfully.
C:\Users\Chris\AppData\Local\{54F03B7A-B2AA-4A1C-9E8C-93E36EE50C40} folder moved successfully.
C:\Users\Chris\AppData\Local\{56D9AEB0-4E74-4A77-89F6-95B651228B49} folder moved successfully.
C:\Users\Chris\AppData\Local\{CBD0075F-FA49-4823-96AA-B52A0250AA3D} folder moved successfully.
C:\Users\Chris\AppData\Local\{CCC1DBF0-19C3-4CBE-93F0-C1AF276591B2} folder moved successfully.
C:\Users\Chris\AppData\Local\{31996A4D-6C2B-4E39-A007-C8D20D70D815} folder moved successfully.
C:\Users\Chris\AppData\Local\{38FD4D69-C347-45C4-B681-57019A7E74E0} folder moved successfully.
C:\Users\Chris\AppData\Local\{1D378909-938F-47FC-A1B5-72D8852F51B1} folder moved successfully.
C:\Users\Chris\AppData\Local\{25482C31-9C7B-4EDB-9C8B-F607E5C34AFA} folder moved successfully.
C:\Users\Chris\AppData\Local\{65363472-03D0-49C5-B864-345D2897EA4A} folder moved successfully.
C:\Users\Chris\AppData\Local\{71ECCB6B-FE5D-4557-8886-0847ECA58320} folder moved successfully.
C:\Users\Chris\AppData\Local\{B8907991-2F13-44A7-BB02-B81B4E5280ED} folder moved successfully.
C:\Users\Chris\AppData\Local\{9EA56D90-105D-41A1-A1A3-727FE686EEB9} folder moved successfully.
C:\Users\Chris\AppData\Local\{B80FED89-FBC1-4B91-9F2B-7AB3BABECE38} folder moved successfully.
C:\Users\Chris\AppData\Local\{084DAFAF-1B46-4EEB-AD1E-D323E4085A6D} folder moved successfully.
C:\Users\Chris\AppData\Local\{E1B7E9AE-998D-4D2D-BC15-EA1A454AD527} folder moved successfully.
C:\Users\Chris\AppData\Local\{1879DEEC-C151-4B9C-BCA7-2099F7FE8B7F} folder moved successfully.
C:\Users\Chris\AppData\Local\{98943390-E338-4980-A12F-BF158D2AA45F} folder moved successfully.
C:\Users\Chris\AppData\Local\{EF689DE2-5067-4F03-B682-D07A5F94C8CB} folder moved successfully.
C:\Users\Chris\AppData\Local\{0CEBE423-0F1B-49A0-8F2B-0AA3FECCD30B} folder moved successfully.
C:\Users\Chris\AppData\Local\{68802E08-8222-45F7-A9C9-A1023428A084} folder moved successfully.
C:\Users\Chris\AppData\Local\{7EFAAE56-5E92-4349-AE86-879988F25D12} folder moved successfully.
C:\Users\Chris\AppData\Local\{7FE5DE75-648C-4A13-B042-487EA392F38F} folder moved successfully.
C:\Users\Chris\AppData\Local\{3E922CBE-648E-4934-AA9D-1DC59F158F03} folder moved successfully.
C:\Users\Chris\AppData\Local\{87CF905F-B7A2-45C3-AD37-BF315E5F41E7} folder moved successfully.
C:\Users\Chris\AppData\Local\{4ECA7042-711B-4F7E-83EF-4802BEF0CB26} folder moved successfully.
C:\Users\Chris\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Chris\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Chris\AppData\Roaming\uTorrent folder moved successfully.
C:\Users\Chris\AppData\Local\{477FEEAF-920F-4922-94D1-A598E95C02BB} folder moved successfully.
C:\Users\Chris\AppData\Local\{90F5B955-EFDA-4CE4-8411-17284D06F23C} folder moved successfully.
C:\Users\Chris\AppData\Local\{D0ACD056-CDDC-49A4-80A5-4E96F59AB6AE} folder moved successfully.
C:\Users\Chris\AppData\Local\{7B1DE6EF-E177-4F47-8F7C-841B59B78DFD} folder moved successfully.
C:\Users\Chris\AppData\Roaming\Temp\Phonebook folder moved successfully.
C:\Users\Chris\AppData\Roaming\Temp folder moved successfully.
C:\{5263D233-A458-415D-8FA4-1ECE59284CBB} moved successfully.
C:\{4478E301-1B19-4DCF-967A-07D04E0A0A07} moved successfully.
C:\Users\Chris\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Chris\AppData\Roaming\AVG10 folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== FILES ==========
File\Folder c:\program files\avg not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 2297227 bytes
->Temporary Internet Files folder emptied: 6175346 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 410377234 bytes
->Flash cache emptied: 6709 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43 bytes
RecycleBin emptied: 5472556913 bytes

Total Files Cleaned = 5,618.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 02122012_090753

Files\Folders moved on Reboot...
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF1149.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF295E.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF2A38.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF2CDE.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF2E55.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF3BA2.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF491E.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF9A56.tmp not found!

Registry entries deleted on Reboot...

#19 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 12 February 2012 - 11:57 AM

Good. Are you still getting the freezing?

If all seems well please do this cleanup:

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Run OTL and click the 'CleanUp' button.

Delete the DDS files and Security Check folder from your Desktop, and anything else we put there.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#20 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 13 February 2012 - 05:15 AM

the browser did go odd again refrsihing for no reason yesterday but if I`m good from any malware thats cool?

can I ask what you did please? was there any malware

cant unintsall combofix as norton has quarintied it

thanks

Edited by Butters7, 13 February 2012 - 05:17 AM.


#21 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 13 February 2012 - 11:34 AM

Please disable Norton, and download a new Combo Fix.
Then immediately do Start > Run and enter 'combofix /uninstall'.

What I did - removed stuff that looked suspicious and abnormal. I believe the PC has no malware now.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#22 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 14 February 2012 - 08:45 AM

thanks
did that
still get firefox not responding, should I change to a different browser?

#23 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 14 February 2012 - 12:40 PM

I believe this is the first time you have mentioned a problem with Firefox?

You can try a clean reinstall.

Totally uninstall Firefox, using the Revo Uninstaller.
Download and run the free version of Revo Uninstaller.
Select Firefox and click 'Uninstall'.
Set Revo to 'Advanced'.
Revo will do this:
Step 1. Create restore point.
Step 2. Run the official Firefox uninstaller.

When the Firefox uninstaller opens, put a check mark in the box that says 'Remove my Firefox personal data'.

Step 3. When uninstaller finishes, click Next in Revo and it will search for remnants. Delete everything found.

You may need to manually delete C:\Program Files\Mozilla Firefox

Then reinstall Firefox from http://www.mozilla.o...US/firefox/new/

You can also try Chrome, which I personally prefer to Firefox.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#24 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 15 February 2012 - 05:38 PM

thanks for all your help

#25 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 15 February 2012 - 05:42 PM

How is the PC running now? Any more problems? Anything odd?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#26 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 15 February 2012 - 05:53 PM

seems fine
when I used revo it found 13 registry items left over, do i delete them or ignore?

#27 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 15 February 2012 - 05:59 PM

Delete all. Revo made a Restore Point so if by any chance delete turns out to have been a mistake, System Restore will undo it.

Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

I'll keep this thread open for a few days...

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#28 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 17 February 2012 - 08:17 AM

Can I use the OTL copy and paste if I ever need to get rid of what was there before and it comes back?

still not sure everything is okay the screen keeps going odd and mouse moving on its own

#29 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 17 February 2012 - 11:45 AM

Preferably only use OTL under direction. It would be very easy to remove something unwisely and OTL keeps no backups. Uninstall it via its CleanUp button and if needed in the future download an up to date copy - it is updated somewhat often.

Is your mouse wired or wireless? Some ideas here: http://www.askdaveta...windows_xp.html

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#30 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 18 February 2012 - 08:53 AM

mouse is wired
keeps moving on its own
have cleaned it and checked it. bit odd

screen keeps jumping too

Edited by Butters7, 18 February 2012 - 11:24 AM.


#31 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 18 February 2012 - 02:11 PM

Make sure you have the latest drivers. Check Windows Update for updated drivers. You might also want to set Windows Update to check automatically for recommended driver updates. http://windows.micro...orking-properly

Make sure the connection to the PC is firmly plugged in, and that the mouse cable is not pulling the mouse.

Control Panel > Mouse. Make sure "Automatically move pointer to the
default button in a dialog box" is not checked.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#32 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 19 February 2012 - 12:08 PM

thanks

#33 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 19 February 2012 - 01:24 PM

Did any of that advice help, or does your mouse still have a mind of its own?
What did you mean by "screen going odd"? See How to create and attach a screenshot.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#34 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 21 February 2012 - 05:44 PM

the mouse is okay
just when I visit some site the screens jumps for a while, am unable to take a snapshot as only happens for a few secs each time

#35 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 21 February 2012 - 05:46 PM

"Some site" - do you mean just one particular site? Does it jump when you surf here at SWI?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#36 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 21 February 2012 - 06:12 PM

the majority of sites, no doesnt jump on here

just was on firefox and no script told me a malicious script tried to hijack access my computer via the mouse click, is that anything to worry about

Edited by Butters7, 21 February 2012 - 06:13 PM.


#37 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 21 February 2012 - 09:39 PM

Scripts here at SWI are a harmless part of the page formatting and button execution.

I don't have anything much to suggest about the screen shaking.
Do Start > Run and enter 'dxdiag.exe'. Run all the tests and let me know what happens.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#38 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 22 February 2012 - 08:12 AM

I ran it and it said no problems found

#39 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 22 February 2012 - 10:56 AM

I have no more suggestions. You may want to register at PC Guide and post your problem there. They are good with hardware problems. If you do that, tell them I sent you and give them a link to this topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#40 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 22 February 2012 - 02:55 PM

dont know if this has anything to do with it but switched my computer off
and it took about 10 times to boot up, it just came up with dell on screen and wouldnt boot, switched it off and kept trying and eventually decided to boot up

#41 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 22 February 2012 - 03:17 PM

Sounds like possible hardware problem - possibly bad power supply or loose power lead. Try PC Guide forum.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#42 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 22 February 2012 - 04:50 PM

no chance it could be boot virus?

#43 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 22 February 2012 - 05:00 PM

We checked for that. http://www.spywarein...post__p__762132

For a double check:
Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat.

Please go to http://www.virustotal.com click on 'Choose file', and send the following file/s for analysis: You will only be able to have one file scanned at a time.

mbr.dat

After you click 'Send file', allow the file to be scanned, and then please post a link to the results page here for me. (Don't copy the page).

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#44 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 23 February 2012 - 06:48 AM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-23 11:45:37
-----------------------------
11:45:37.437 OS Version: Windows 6.0.6002 Service Pack 2
11:45:37.437 Number of processors: 2 586 0xF0B
11:45:37.437 ComputerName: DELL-530 UserName: Chris
11:45:40.807 Initialize success
11:45:59.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
11:45:59.843 Disk 0 Vendor: ST3320613AS DE11 Size: 305245MB BusType: 3
11:45:59.890 Disk 0 MBR read successfully
11:45:59.906 Disk 0 MBR scan
11:45:59.906 Disk 0 Windows VISTA default MBR code
11:45:59.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 295243 MB offset 2048
11:45:59.937 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
11:45:59.984 Disk 0 scanning sectors +625139712
11:46:00.218 Disk 0 scanning C:\Windows\system32\drivers
11:46:09.328 Service scanning
11:46:20.092 Modules scanning
11:46:24.039 Disk 0 trace - called modules:
11:46:24.054 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:46:24.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85482620]
11:46:24.585 3 CLASSPNP.SYS[8a3a48b3] -> nt!IofCallDriver -> [0x83fa2918]
11:46:24.585 5 acpi.sys[89a9d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x84d67b98]
11:46:24.585 Scan finished successfully
11:47:30.058 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
11:47:30.058 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

#45 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 23 February 2012 - 06:49 AM

https://www.virustot...sis/1329997683/

#46 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 23 February 2012 - 11:53 AM

Nothing sinister found there.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#47 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 24 February 2012 - 08:49 AM

thanks, if I get the problem with booting up again Ill post in the relevant section

I have Norton security for a year and also malware anti-bytes, you recommend anything else or those 2 enough?

#48 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 01 March 2012 - 05:38 PM

Glad we could help. :)

[Reopened]
Everyone else please begin a New Topic.

Edited by cnm, 08 March 2012 - 11:34 AM.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#49 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,248 posts

Posted 08 March 2012 - 11:33 AM

Reopened at request of topic owner.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#50 Butters7

Butters7

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 08 March 2012 - 12:14 PM

hi
sorry to be a pain but am having more problems
virus scans take upto 90mins, web pages take way too long to load, mouse keeps ,moving on own its even though its new one
pages keep closing by themselves and I have to reopen them




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button