Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijackthis log

Unread postby tonybucho74 » July 21st, 2011, 11:31 pm

this is my first time trying this out, im not sure if i have anything bad going on here or not. system is getting slower and i do get a lot of redirects on firefox. trying to also figure out how many programs i should have running on start up.
here is hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:06 PM, on 7/21/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.comcast.net:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Singlesnet] C:\Program Files\Singlesnet\Singlesnet\Singlesnet.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6981 bytes
tonybucho74
Active Member
 
Posts: 4
Joined: July 21st, 2011, 11:23 pm
Advertisement
Register to Remove

Re: hijackthis log

Unread postby deltalima » July 23rd, 2011, 4:33 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijackthis log

Unread postby deltalima » July 23rd, 2011, 4:39 pm

Hi tonybucho74,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijackthis log

Unread postby tonybucho74 » July 25th, 2011, 5:46 pm

OTL Extras logfile created on: 7/25/2011 4:33:44 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\drkman\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 55.69% Memory free
6.21 Gb Paging File | 5.17 Gb Available in Paging File | 83.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 285.12 Gb Free Space | 63.26% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 14.91 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive E: | 3.02 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DRKMAN-PC | User Name: drkman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3610476366-1377273716-697175719-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C8380C3-C91B-44FB-BE72-B3AB8DCAD877}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B399EB9-A725-48A3-B08F-D4FBB223AE57}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{198D4289-89C7-4427-A5AF-70DAF6F2E96D}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{1D6DB107-6AAC-440D-8CA3-1156AF088512}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2085B4CC-3C0F-4DDF-A5F3-B911BC0346B5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3A43D2AF-BC85-439C-B340-86C8B3DD719D}" = protocol=6 | dir=in | app=c:\program files\microsoft games\fable iii\fable3.exe |
"{44D4D1F4-5CBD-4467-B8AB-2EDF64FB81AB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{45882CFF-5406-4009-B4D5-4BE4C613EE87}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{45BC8944-B4A3-4D21-AA1B-7735AB4B58A2}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{4C28D217-BBF3-451F-A0F1-23F3569F3B05}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5443E429-D5C4-4340-BBF7-02CB0D10A3B1}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{579FC047-E49A-4DE5-A240-AFB63987A001}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{67788788-32F6-4A47-BA39-60FF9BF64415}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{7A82AC31-8DC7-4BE7-A2D9-B39DBBD72135}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{84BFBA46-90E4-44C9-B42D-11D979A41A00}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9A15FDF6-59CC-4030-8BA9-519D888F2A4B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9DDBF7CE-872C-471E-84EB-C294D8D373D9}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{AD626F05-07C9-47C7-A891-648829A94894}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{BB9E524A-7964-4AB3-BC69-470E20E4FF8F}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{C4A89FBD-394C-4382-A46D-A8A25C103FC4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{C830B87A-C993-4C1B-867D-E148DDE2ABEC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D20F456B-FE1F-4C61-8872-F83696D04851}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D39D4739-CC47-4AA4-AAE6-F6EA9494BD79}" = protocol=17 | dir=in | app=c:\program files\microsoft games\fable iii\fable3.exe |
"{FA77C60C-ED7A-4346-A158-5C06A447076B}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{25B473C3-2C62-482B-858F-94ED76880F79}" = Patrizier IV
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}" = Rome - Total War
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB4B14C-096B-C8ED-BD0D-10604FF3EF21}" = ATI Catalyst Install Manager
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{C8F7C1E5-0150-11D6-A96C-00D05908F85D}" = USB Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"American Conquest - Divided Nation" = American Conquest - Divided Nation
"Canon MX300 series User Registration" = Canon MX300 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Diablo" = Diablo
"Diablo II" = Diablo II
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ExpressFX" = ExpressFX
"ffdshow_is1" = ffdshow
"FinalMediaPlayer_is1" = Final Media Player 2010
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"N360" = Norton Security Suite
"PROR" = Microsoft Office Professional 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Starcraft" = Starcraft
"Steam App 10500" = Empire: Total War
"UnityWebPlayer" = Unity Web Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3610476366-1377273716-697175719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"NetAssistant" = NetAssistant for Firefox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2011 5:44:04 PM | Computer Name = drkman-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 7/20/2011 5:44:04 PM | Computer Name = drkman-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 7/20/2011 11:27:59 PM | Computer Name = drkman-PC | Source = Perflib | ID = 1010
Description =

Error - 7/20/2011 11:28:01 PM | Computer Name = drkman-PC | Source = Perflib | ID = 1008
Description =

Error - 7/21/2011 9:47:28 PM | Computer Name = drkman-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2011 9:51:15 PM | Computer Name = drkman-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 7/21/2011 9:51:15 PM | Computer Name = drkman-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 7/21/2011 9:51:15 PM | Computer Name = drkman-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 7/22/2011 3:47:42 PM | Computer Name = drkman-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/25/2011 2:58:11 PM | Computer Name = drkman-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/4/2011 4:33:28 PM | Computer Name = drkman-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.3 for the Network Card with network address
00219B0D895C has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent
a DHCPNACK message).

Error - 7/15/2011 2:34:48 PM | Computer Name = drkman-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/15/2011 2:34:48 PM | Computer Name = drkman-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/18/2011 3:31:40 PM | Computer Name = drkman-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/19/2011 3:18:04 PM | Computer Name = drkman-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/19/2011 3:22:15 PM | Computer Name = drkman-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 173.218.255.243 for the Network Card with network
address 00219B0D895C has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/19/2011 3:22:55 PM | Computer Name = drkman-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 00219B0D895C.

Error - 7/20/2011 5:44:15 PM | Computer Name = drkman-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/21/2011 9:51:30 PM | Computer Name = drkman-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/21/2011 10:07:57 PM | Computer Name = drkman-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >



OTL logfile created on: 7/25/2011 4:33:44 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\drkman\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 55.69% Memory free
6.21 Gb Paging File | 5.17 Gb Available in Paging File | 83.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 285.12 Gb Free Space | 63.26% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 14.91 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
Drive E: | 3.02 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DRKMAN-PC | User Name: drkman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\drkman\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\drkman\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\asoehook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110722.031\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110725.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110725.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110701.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (usbcm) -- C:\Windows\System32\drivers\usbcm.sys (Microsystems Corp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www.comcast.net:8100

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www.comcast.net:8100



IE - HKU\S-1-5-21-3610476366-1377273716-697175719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-3610476366-1377273716-697175719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3610476366-1377273716-697175719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3610476366-1377273716-697175719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKU\S-1-5-21-3610476366-1377273716-697175719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www.comcast.net:8100

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: {1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/07/15 13:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_0_8 [2011/07/25 13:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 12:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 12:15:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\drkman\AppData\Roaming\NetAssistant\ [2010/12/06 19:06:38 | 000,000,000 | ---D | M]

[2010/11/22 20:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\drkman\AppData\Roaming\mozilla\Extensions
[2009/10/18 00:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\drkman\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/07/12 16:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\drkman\AppData\Roaming\mozilla\Firefox\Profiles\p1gxx7ff.default\extensions
[2011/07/05 12:13:15 | 000,002,468 | ---- | M] () -- C:\Users\drkman\AppData\Roaming\Mozilla\Firefox\Profiles\p1gxx7ff.default\searchplugins\safesearch.xml
[2010/11/22 20:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/15 13:33:40 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2010/12/06 19:06:38 | 000,000,000 | ---D | M] (Freeze.com NetAssistant) -- C:\USERS\DRKMAN\APPDATA\ROAMING\NETASSISTANT
[2009/10/20 23:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3610476366-1377273716-697175719-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3610476366-1377273716-697175719-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3610476366-1377273716-697175719-1000..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-3610476366-1377273716-697175719-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3610476366-1377273716-697175719-1000..\Run: [Singlesnet] File not found
O4 - HKU\S-1-5-21-3610476366-1377273716-697175719-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\drkman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3610476366-1377273716-697175719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3610476366-1377273716-697175719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3610476366-1377273716-697175719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\drkman\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\drkman\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/08/11 07:17:22 | 001,189,216 | R--- | M] () - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/08/02 08:07:28 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{8ae871dd-f70e-11df-95be-00219b0d895c}\Shell - "" = AutoRun
O33 - MountPoints2\{8ae871dd-f70e-11df-95be-00219b0d895c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{8ae871e7-f70e-11df-95be-00219b0d895c}\Shell - "" = AutoRun
O33 - MountPoints2\{8ae871e7-f70e-11df-95be-00219b0d895c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{97c03bc9-ba29-11de-be45-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97c03bc9-ba29-11de-be45-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010/08/11 07:17:22 | 001,189,216 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/22 15:08:40 | 000,000,000 | R--D | C] -- C:\Users\drkman\Desktop\cannon copy
[2011/07/21 21:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/21 21:41:43 | 000,000,000 | ---D | C] -- C:\Users\drkman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/16 08:14:34 | 000,000,000 | ---D | C] -- C:\Users\drkman\AppData\Local\The Lord of the Rings Online
[2011/07/16 08:07:51 | 000,000,000 | ---D | C] -- C:\Users\drkman\AppData\Local\Turbine
[2011/07/15 23:11:52 | 000,000,000 | ---D | C] -- C:\Users\drkman\AppData\Local\ApplicationHistory
[2011/07/15 23:10:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2011/07/15 22:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2011/07/15 14:20:14 | 000,000,000 | ---D | C] -- C:\Users\drkman\AppData\Local\PMB Files
[2011/07/15 14:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/07/15 14:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/07/15 13:41:24 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/15 13:41:19 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/15 13:41:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/06/26 00:21:42 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/06/26 00:21:42 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/06/26 00:21:40 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/06/26 00:21:40 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/06/26 00:21:40 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/06/26 00:21:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/06/26 00:21:39 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/06/26 00:21:39 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/06/26 00:21:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/06/26 00:21:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011/06/26 00:21:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/06/26 00:21:38 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/06/26 00:21:38 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011/06/26 00:21:38 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011/06/26 00:21:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/06/26 00:21:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/06/26 00:21:37 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011/06/26 00:21:37 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011/06/26 00:21:37 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/06/26 00:21:37 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011/06/26 00:21:36 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/06/26 00:21:36 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/06/26 00:21:36 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/06/26 00:20:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/06/25 18:40:52 | 000,000,000 | ---D | C] -- C:\Users\drkman\AppData\Roaming\Kalypso Media
[2011/06/25 18:38:44 | 000,000,000 | ---D | C] -- C:\Users\drkman\AppData\Roaming\ProtectDISC
[2011/06/25 18:38:34 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/06/25 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2011/06/25 18:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso
[2011/06/25 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso Media
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/25 16:33:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/25 15:56:39 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/25 15:56:39 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/25 14:01:12 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/25 14:01:12 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/25 13:56:58 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/07/25 13:56:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 13:56:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/22 15:11:19 | 000,001,889 | ---- | M] () -- C:\Users\drkman\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader 9.lnk
[2011/07/22 15:10:45 | 000,000,806 | ---- | M] () -- C:\Users\drkman\Desktop\wmplayer - Shortcut.lnk
[2011/07/21 22:58:26 | 000,000,104 | ---- | M] () -- C:\Users\drkman\Desktop\Recycle Bin.lnk
[2011/07/21 22:06:27 | 000,002,525 | ---- | M] () -- C:\Users\drkman\Desktop\HiJackThis.lnk
[2011/07/21 20:46:19 | 000,371,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/16 08:07:55 | 000,000,094 | ---- | M] () -- C:\Users\drkman\AppData\Local\fusioncache.dat
[2011/07/15 13:41:14 | 002,135,116 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/07/12 16:31:10 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/07/04 16:43:16 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/07/04 16:43:16 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/07/04 16:43:16 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/07/02 22:47:06 | 000,001,940 | ---- | M] () -- C:\Users\drkman\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/07/01 20:50:17 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001726.LCS
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/22 15:11:19 | 000,001,889 | ---- | C] () -- C:\Users\drkman\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader 9.lnk
[2011/07/22 15:10:45 | 000,000,806 | ---- | C] () -- C:\Users\drkman\Desktop\wmplayer - Shortcut.lnk
[2011/07/21 22:58:26 | 000,000,104 | ---- | C] () -- C:\Users\drkman\Desktop\Recycle Bin.lnk
[2011/07/21 21:41:43 | 000,002,525 | ---- | C] () -- C:\Users\drkman\Desktop\HiJackThis.lnk
[2011/07/16 08:07:55 | 000,000,094 | ---- | C] () -- C:\Users\drkman\AppData\Local\fusioncache.dat
[2011/06/25 23:40:20 | 008,722,784 | ---- | C] () -- C:\Users\drkman\Desktop\Patrician4.exe
[2011/06/25 18:38:49 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001726.LCS
[2011/06/20 21:34:23 | 000,001,940 | ---- | C] () -- C:\Users\drkman\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/12/06 19:07:20 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/12/06 19:06:43 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/11/30 13:39:52 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/11/30 13:39:52 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/11/30 13:39:52 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/11/23 16:31:09 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2010/11/23 16:30:03 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/11/22 21:36:39 | 000,035,052 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/11/22 21:25:32 | 000,006,483 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2010/11/22 21:22:40 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2010/11/22 19:23:18 | 000,027,043 | ---- | C] () -- C:\Users\drkman\AppData\Roaming\UserTile.png
[2010/11/22 17:28:54 | 000,015,872 | ---- | C] () -- C:\Users\drkman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/13 00:04:23 | 000,000,257 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/07/23 06:42:15 | 000,000,680 | ---- | C] () -- C:\Users\drkman\AppData\Local\d3d9caps.dat
[2010/05/12 14:09:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/11 19:02:34 | 000,594,160 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2010/03/11 19:02:30 | 000,589,960 | ---- | C] () -- C:\Windows\System32\brgrt.dll
[2009/10/21 21:03:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 21:03:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/17 13:31:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/10/16 12:08:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/12 14:26:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/04/12 14:26:49 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/04/12 14:26:49 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/04/12 14:26:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/04/12 14:26:48 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/04/12 14:26:48 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,371,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,613,032 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,107,990 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
tonybucho74
Active Member
 
Posts: 4
Joined: July 21st, 2011, 11:23 pm

Re: hijackthis log

Unread postby deltalima » July 25th, 2011, 5:53 pm

Please post the GMER log when ready and let me know if the computer is used for business.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijackthis log

Unread postby tonybucho74 » July 26th, 2011, 1:50 pm

i cannot post that log because the program causes the whole computer to crash. I had to remove it
tonybucho74
Active Member
 
Posts: 4
Joined: July 21st, 2011, 11:23 pm

Re: hijackthis log

Unread postby deltalima » July 26th, 2011, 2:57 pm

Hi tonybucho74,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Right click the TDSSKiller icon and select: Run as Administrator then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijackthis log

Unread postby tonybucho74 » July 26th, 2011, 6:39 pm

2011/07/26 17:37:01.0711 1148 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/26 17:37:03.0103 1148 ================================================================================
2011/07/26 17:37:03.0103 1148 SystemInfo:
2011/07/26 17:37:03.0103 1148
2011/07/26 17:37:03.0103 1148 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/26 17:37:03.0103 1148 Product type: Workstation
2011/07/26 17:37:03.0103 1148 ComputerName: DRKMAN-PC
2011/07/26 17:37:03.0103 1148 UserName: drkman
2011/07/26 17:37:03.0103 1148 Windows directory: C:\Windows
2011/07/26 17:37:03.0103 1148 System windows directory: C:\Windows
2011/07/26 17:37:03.0103 1148 Processor architecture: Intel x86
2011/07/26 17:37:03.0103 1148 Number of processors: 4
2011/07/26 17:37:03.0103 1148 Page size: 0x1000
2011/07/26 17:37:03.0103 1148 Boot type: Normal boot
2011/07/26 17:37:03.0103 1148 ================================================================================
2011/07/26 17:37:04.0231 1148 Initialize success
2011/07/26 17:37:27.0113 2600 ================================================================================
2011/07/26 17:37:27.0113 2600 Scan started
2011/07/26 17:37:27.0113 2600 Mode: Manual;
2011/07/26 17:37:27.0113 2600 ================================================================================
2011/07/26 17:37:27.0737 2600 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
2011/07/26 17:37:27.0893 2600 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/26 17:37:27.0940 2600 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/26 17:37:27.0971 2600 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/26 17:37:28.0003 2600 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/26 17:37:28.0018 2600 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/26 17:37:28.0096 2600 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/26 17:37:28.0127 2600 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/26 17:37:28.0143 2600 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/26 17:37:28.0174 2600 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/26 17:37:28.0190 2600 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/26 17:37:28.0221 2600 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/26 17:37:28.0237 2600 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/26 17:37:28.0252 2600 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/26 17:37:28.0283 2600 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/26 17:37:28.0299 2600 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/26 17:37:28.0346 2600 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/26 17:37:28.0377 2600 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/26 17:37:28.0798 2600 atikmdag (ba0e84dd556761ae095b58dc165351c3) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/26 17:37:28.0861 2600 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/26 17:37:29.0297 2600 BHDrvx86 (f7ff24bb7714247f27b615b3a7d8b132) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys
2011/07/26 17:37:29.0360 2600 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/26 17:37:29.0407 2600 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/26 17:37:29.0453 2600 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/26 17:37:29.0469 2600 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/26 17:37:29.0500 2600 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/26 17:37:29.0516 2600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/26 17:37:29.0547 2600 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/26 17:37:29.0563 2600 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/26 17:37:29.0578 2600 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/26 17:37:29.0609 2600 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/26 17:37:29.0656 2600 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/26 17:37:29.0672 2600 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/26 17:37:29.0703 2600 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/26 17:37:29.0750 2600 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/26 17:37:29.0765 2600 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/07/26 17:37:29.0797 2600 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/26 17:37:29.0828 2600 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/26 17:37:29.0875 2600 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/26 17:37:29.0937 2600 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/26 17:37:30.0015 2600 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/26 17:37:30.0062 2600 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/26 17:37:30.0093 2600 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/26 17:37:30.0140 2600 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/26 17:37:30.0280 2600 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/26 17:37:30.0327 2600 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/26 17:37:30.0374 2600 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/26 17:37:30.0405 2600 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/26 17:37:30.0452 2600 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/26 17:37:30.0514 2600 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/26 17:37:30.0545 2600 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/26 17:37:30.0592 2600 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/26 17:37:30.0623 2600 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/26 17:37:30.0639 2600 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/26 17:37:30.0670 2600 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/26 17:37:30.0701 2600 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/26 17:37:30.0717 2600 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/26 17:37:30.0764 2600 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/26 17:37:30.0811 2600 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/26 17:37:30.0857 2600 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/26 17:37:30.0889 2600 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/26 17:37:30.0904 2600 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/26 17:37:30.0935 2600 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/26 17:37:30.0998 2600 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/26 17:37:31.0060 2600 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/26 17:37:31.0091 2600 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/26 17:37:31.0107 2600 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/26 17:37:31.0138 2600 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/26 17:37:31.0419 2600 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110722.031\IDSvix86.sys
2011/07/26 17:37:31.0450 2600 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/26 17:37:31.0544 2600 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/26 17:37:31.0591 2600 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/26 17:37:31.0622 2600 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/26 17:37:31.0653 2600 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/26 17:37:31.0700 2600 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/26 17:37:31.0715 2600 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/26 17:37:31.0747 2600 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/26 17:37:31.0762 2600 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/26 17:37:31.0793 2600 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/26 17:37:31.0809 2600 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/26 17:37:31.0840 2600 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/26 17:37:31.0887 2600 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/26 17:37:31.0934 2600 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/26 17:37:32.0090 2600 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/26 17:37:32.0137 2600 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/26 17:37:32.0261 2600 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/26 17:37:32.0293 2600 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/26 17:37:32.0339 2600 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/26 17:37:32.0355 2600 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/26 17:37:32.0402 2600 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/26 17:37:32.0449 2600 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/26 17:37:32.0495 2600 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
2011/07/26 17:37:32.0527 2600 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
2011/07/26 17:37:32.0589 2600 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
2011/07/26 17:37:32.0620 2600 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/07/26 17:37:32.0636 2600 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/07/26 17:37:32.0667 2600 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/26 17:37:32.0714 2600 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/26 17:37:32.0745 2600 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/26 17:37:32.0761 2600 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/26 17:37:32.0776 2600 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/26 17:37:32.0823 2600 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/26 17:37:32.0839 2600 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/26 17:37:32.0870 2600 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/26 17:37:32.0901 2600 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/26 17:37:32.0932 2600 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/26 17:37:32.0948 2600 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/26 17:37:32.0979 2600 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/26 17:37:32.0995 2600 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/26 17:37:33.0010 2600 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/26 17:37:33.0041 2600 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/26 17:37:33.0073 2600 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/26 17:37:33.0088 2600 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/26 17:37:33.0119 2600 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/26 17:37:33.0151 2600 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/26 17:37:33.0166 2600 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/26 17:37:33.0197 2600 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/26 17:37:33.0213 2600 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/26 17:37:33.0229 2600 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/26 17:37:33.0291 2600 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/26 17:37:33.0416 2600 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110725.037\NAVENG.SYS
2011/07/26 17:37:33.0494 2600 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110725.037\NAVEX15.SYS
2011/07/26 17:37:33.0587 2600 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/26 17:37:33.0619 2600 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/26 17:37:33.0650 2600 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/26 17:37:33.0697 2600 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/26 17:37:33.0712 2600 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/26 17:37:33.0728 2600 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/26 17:37:33.0775 2600 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/26 17:37:33.0821 2600 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/26 17:37:33.0884 2600 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/26 17:37:33.0931 2600 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/26 17:37:34.0211 2600 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/26 17:37:34.0243 2600 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/26 17:37:34.0258 2600 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/26 17:37:34.0289 2600 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/26 17:37:34.0305 2600 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/26 17:37:34.0336 2600 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/26 17:37:34.0414 2600 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/26 17:37:34.0445 2600 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/26 17:37:34.0492 2600 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/26 17:37:34.0508 2600 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/26 17:37:34.0539 2600 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/26 17:37:34.0570 2600 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/26 17:37:34.0601 2600 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/26 17:37:34.0648 2600 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/26 17:37:34.0851 2600 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/07/26 17:37:34.0945 2600 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/26 17:37:34.0976 2600 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/26 17:37:35.0023 2600 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/26 17:37:35.0069 2600 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/26 17:37:35.0101 2600 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/26 17:37:35.0132 2600 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/26 17:37:35.0163 2600 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/26 17:37:35.0179 2600 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/26 17:37:35.0225 2600 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/26 17:37:35.0319 2600 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/26 17:37:35.0381 2600 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/26 17:37:35.0397 2600 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/26 17:37:35.0444 2600 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/26 17:37:35.0475 2600 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/26 17:37:35.0506 2600 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/26 17:37:35.0569 2600 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/26 17:37:35.0600 2600 RTL8169 (cb0bd9e10e3e244d312c106dee1bbb93) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/07/26 17:37:35.0631 2600 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/26 17:37:35.0662 2600 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/26 17:37:35.0693 2600 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/26 17:37:35.0709 2600 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/26 17:37:35.0740 2600 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/26 17:37:35.0771 2600 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/26 17:37:35.0787 2600 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/26 17:37:35.0803 2600 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/26 17:37:35.0849 2600 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/26 17:37:35.0865 2600 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/26 17:37:35.0896 2600 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/26 17:37:35.0912 2600 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/26 17:37:35.0943 2600 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/26 17:37:35.0990 2600 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/26 17:37:36.0052 2600 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
2011/07/26 17:37:36.0083 2600 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
2011/07/26 17:37:36.0130 2600 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/26 17:37:36.0146 2600 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/26 17:37:36.0161 2600 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/26 17:37:36.0208 2600 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/26 17:37:36.0239 2600 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/26 17:37:36.0286 2600 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
2011/07/26 17:37:36.0317 2600 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
2011/07/26 17:37:36.0364 2600 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/07/26 17:37:36.0395 2600 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
2011/07/26 17:37:36.0427 2600 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
2011/07/26 17:37:36.0442 2600 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/26 17:37:36.0458 2600 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/26 17:37:36.0536 2600 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/26 17:37:36.0567 2600 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/26 17:37:36.0598 2600 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/26 17:37:36.0692 2600 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/26 17:37:36.0723 2600 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/26 17:37:36.0754 2600 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/26 17:37:36.0785 2600 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/26 17:37:36.0848 2600 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/26 17:37:36.0879 2600 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/26 17:37:36.0926 2600 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/26 17:37:36.0941 2600 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/26 17:37:36.0973 2600 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/26 17:37:37.0019 2600 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/26 17:37:37.0066 2600 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/26 17:37:37.0082 2600 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/26 17:37:37.0129 2600 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/26 17:37:37.0175 2600 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/26 17:37:37.0222 2600 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/26 17:37:37.0253 2600 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/26 17:37:37.0285 2600 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/26 17:37:37.0316 2600 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\Windows\system32\DRIVERS\usbcm.sys
2011/07/26 17:37:37.0363 2600 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/26 17:37:37.0394 2600 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/26 17:37:37.0425 2600 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/26 17:37:37.0441 2600 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/26 17:37:37.0487 2600 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/26 17:37:37.0519 2600 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/26 17:37:37.0534 2600 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/26 17:37:37.0565 2600 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/26 17:37:37.0597 2600 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/26 17:37:37.0612 2600 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/26 17:37:37.0643 2600 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/26 17:37:37.0659 2600 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/26 17:37:37.0675 2600 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/26 17:37:37.0706 2600 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/26 17:37:37.0721 2600 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/26 17:37:37.0753 2600 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/26 17:37:37.0799 2600 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/26 17:37:37.0815 2600 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/26 17:37:37.0831 2600 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/26 17:37:37.0862 2600 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/26 17:37:37.0909 2600 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/26 17:37:37.0987 2600 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/26 17:37:38.0049 2600 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/26 17:37:38.0080 2600 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/26 17:37:38.0111 2600 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/26 17:37:38.0158 2600 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/26 17:37:38.0174 2600 Boot (0x1200) (4d32cd518ef7b2f9ad11de6c6b48f4b3) \Device\Harddisk0\DR0\Partition0
2011/07/26 17:37:38.0174 2600 Boot (0x1200) (b53ae059fb393c7990f906392d1327eb) \Device\Harddisk0\DR0\Partition1
2011/07/26 17:37:38.0189 2600 ================================================================================
2011/07/26 17:37:38.0189 2600 Scan finished
2011/07/26 17:37:38.0189 2600 ================================================================================
2011/07/26 17:37:38.0189 0796 Detected object count: 0
2011/07/26 17:37:38.0189 0796 Actual detected object count: 0
tonybucho74
Active Member
 
Posts: 4
Joined: July 21st, 2011, 11:23 pm

Re: hijackthis log

Unread postby deltalima » July 27th, 2011, 3:29 am

Hi tonybucho74,

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijackthis log

Unread postby deltalima » July 30th, 2011, 11:24 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 98 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware