site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > [Trojan] DNS Changer detected by my internet provider

Search Topic:
 Uniqs:
1634		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies


Mac

@cgocable.net

[Trojan] DNS Changer detected by my internet provider

My internet provider detected DNS changer on my system. Malware Bytes successfully blocks svchost from accessing malicious websites. My next post will be the logs of my scans as this site will not let me post it all in one post.
Thanks,
Mac
to forum · permalink · 2011-11-29 10:16:19 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

Upload..as attachment if need be

I'll be happy to open..but without logs we cannot assist
follow all the steps for our forum carefully:

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Our FAQ will tell you what programs we need and how to attempt to get them to run .

It will also show what logs need to be attached to your post - as well as where to locate them

Post back when completed, we'll be waiting

»Security Cleanup FAQ »How to post for assistance

If you could also download and run TDSS Killer (#4), posting the log in your next reply

We'll need the entire log, even if you 'think/see' nothing detected.

»Security Cleanup FAQ »Rootkit Detection Applications

to forum · permalink · 2011-11-29 12:46:02 ·


Mac

@cgocable.net

Okay so here are my attachments
Thanks,
Mac

to forum · permalink · 2011-11-29 13:10:35 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to Mac

MBAM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8261

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

28/11/2011 11:04:00 PM
mbam-log-2011-11-28 (23-04-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 280602
Time elapsed: 1 hour(s), 55 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2011-11-29 13:14:32 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to Mac

OTL

OTL logfile created on: 28/11/2011 11:09:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mac\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 33.15% Memory free
4.20 Gb Paging File | 2.40 Gb Available in Paging File | 57.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 37.50 Gb Free Space | 37.60% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.57 Gb Free Space | 55.71% Space Free | Partition Type: NTFS

Computer Name: MAC-PC | User Name: Mac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/11/28 23:08:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mac\Downloads\OTL.exe
PRC - [2011/11/22 19:41:50 | 002,659,256 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2011/11/22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2011/11/22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2011/11/14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/10 12:34:22 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/06/11 20:48:29 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2007/02/08 00:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/08 00:11:00 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/01/12 13:52:12 | 000,435,696 | ---- | M] (Dell) -- C:\Program Files\Dell AIO Printer 946\DLCImon.exe
PRC - [2006/12/08 00:17:44 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcicoms.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/10/13 11:31:34 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/04/28 09:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2010/04/12 17:46:46 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/10/16 02:38:48 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll
MOD - [2009/10/16 02:37:45 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll
MOD - [2009/10/16 02:37:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
MOD - [2009/10/16 02:37:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
MOD - [2009/10/16 02:36:01 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
MOD - [2009/10/16 02:35:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
MOD - [2009/10/16 02:35:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
MOD - [2009/10/16 02:34:15 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2009/10/16 02:33:25 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2006/11/27 18:09:16 | 000,065,536 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2006/11/03 17:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 17:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006/10/24 23:44:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/09/06 04:26:48 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell AIO Printer 946\DLCIcfg.dll
MOD - [2005/12/20 13:26:00 | 000,118,784 | ---- | M] () -- C:\Program Files\Dell AIO Printer 946\dlcidrec.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/11/22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/11/22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/11/14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/09/28 14:46:47 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/03 07:33:17 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/08 00:11:00 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006/12/08 00:17:44 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcicoms.exe -- (dlci_device)
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/11/28 20:45:11 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E79D8AD-7F46-4425-9F14-4588559D5CAF}\MpKsl0088720b.sys -- (MpKsl0088720b)
DRV - [2011/11/23 13:28:17 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/23 13:27:10 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111128.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/23 13:27:10 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/23 13:27:10 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/23 13:27:10 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111128.021\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/11/22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/11/22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/11/22 17:18:14 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111128.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/11/14 19:31:30 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/10/07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/10/07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2007/03/11 23:49:54 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/08 00:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/20 14:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 14:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 14:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/11 18:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/10/24 23:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.google.ca/ig/dell?hl=en&clie···=3070612
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.ca/ig/dell?hl=en&clie···=3070612
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.thehungersite.com"
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.18

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Mac\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mac\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mac\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/10 12:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/11/27 18:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_3_6 [2011/11/28 21:03:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2011/11/27 18:00:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 10:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/14 08:25:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/23 10:05:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/03/14 08:25:21 | 000,000,000 | ---D | M]

[2008/08/30 20:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mac\AppData\Roaming\Mozilla\Extensions
[2011/04/06 09:19:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\gs20ox86.default\extensions
[2009/09/02 11:04:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\gs20ox86.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/13 23:06:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\gs20ox86.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/07/30 15:44:19 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\gs20ox86.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/02/15 17:31:10 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\gs20ox86.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/03/21 15:12:45 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\gs20ox86.default\extensions\yyginstantplay@yoyogames.com
[2007/09/20 13:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/30 20:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2010/02/15 17:30:36 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2008/07/30 15:33:32 | 000,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/07/30 15:33:32 | 000,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mac\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Mac\AppData\Local\Google\Chrome\Application\15.0.874.121\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mac\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Gadget Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mac\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Cloud Reader = C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj\1.0.0.0_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLCICATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCItime.DLL ()
O4 - HKLM..\Run: [dlcimon.exe] C:\Program Files\Dell AIO Printer 946\dlcimon.exe (Dell)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] c:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - »favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 213.109.67.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2975D7E7-6405-4EAD-9C5D-17E5C3469E63}: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 213.109.67.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86A2DB6F-4FBE-40B9-B60C-793EA9B12A0A}: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mac\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mac\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f42eca0a-8411-11dc-992c-00188bd02da7}\Shell - "" = AutoRun
O33 - MountPoints2\{f42eca0a-8411-11dc-992c-00188bd02da7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/11/28 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/28 19:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/27 17:59:52 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2011/11/27 17:59:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/11/27 17:59:42 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/11/27 17:59:42 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/11/27 17:56:02 | 000,253,096 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/11/27 17:56:02 | 000,105,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/11/27 17:55:37 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2011/11/27 17:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/11/27 17:55:14 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/11/27 17:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2011/11/27 17:45:09 | 000,660,992 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/11/27 17:45:09 | 000,341,656 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/11/27 17:45:02 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/11/27 17:45:02 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/11/27 17:44:56 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2011/11/27 17:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/11/27 17:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/27 17:43:39 | 000,000,000 | ---D | C] -- C:\Users\Mac\AppData\Roaming\TestApp
[2011/11/27 09:08:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/11/27 09:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/27 08:55:13 | 000,000,000 | ---D | C] -- C:\Users\Mac\AppData\Local\ElevatedDiagnostics
[2011/11/27 08:51:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/11/27 08:51:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2011/11/27 08:19:59 | 000,000,000 | ---D | C] -- C:\Users\Mac\AppData\Local\NPE
[2011/11/25 12:32:29 | 000,000,000 | ---D | C] -- C:\Users\Mac\AppData\Roaming\Malwarebytes
[2011/11/25 12:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/25 12:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 12:32:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/25 12:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/23 14:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/23 13:28:14 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
[2011/11/23 13:28:14 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/11/23 13:28:14 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/11/23 13:28:13 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/11/23 13:28:13 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
[2011/11/23 13:28:13 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/11/23 13:28:12 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/11/23 13:27:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/11/23 10:14:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/11/23 10:14:50 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/23 10:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/11/23 10:14:11 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/11/23 10:13:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/11/23 10:12:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/11/23 10:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/11/05 22:17:07 | 000,000,000 | ---D | C] -- C:\Users\Mac\Documents\My Kindle Content
[2011/11/05 22:16:46 | 000,000,000 | ---D | C] -- C:\Users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/11/05 22:16:34 | 000,000,000 | ---D | C] -- C:\Users\Mac\AppData\Local\Amazon
[2007/09/01 16:29:01 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCIhcp.dll
[2006/12/08 00:17:46 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlciih.exe
[2006/12/08 00:17:44 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcicoms.exe
[2006/12/08 00:17:44 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcicfg.exe
[2006/10/11 17:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcipmui.dll
[2006/10/11 16:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlciserv.dll
[2006/10/11 16:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcicomm.dll
[2006/10/11 16:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcilmpm.dll
[2006/10/11 16:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlciiesc.dll
[2006/10/11 16:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcipplc.dll
[2006/10/11 16:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcicomc.dll
[2006/10/11 16:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlciprox.dll
[2006/10/11 16:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlciinpa.dll
[2006/10/11 16:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlciusb1.dll
[2006/10/11 16:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcihbn3.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/11/28 23:02:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/28 23:01:04 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 23:01:04 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 22:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-669409844-555380144-3623885976-1003UA.job
[2011/11/28 21:06:20 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/28 21:06:20 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/28 21:03:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/28 21:00:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/28 21:00:43 | 2145,849,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/28 20:59:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/28 19:42:19 | 000,002,519 | ---- | M] () -- C:\Users\Mac\Desktop\HiJackThis.lnk
[2011/11/28 15:27:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-669409844-555380144-3623885976-1003Core.job
[2011/11/27 17:55:38 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2011/11/27 17:47:11 | 001,876,476 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/27 17:43:46 | 000,001,339 | ---- | M] () -- C:\Users\Mac\Desktop\sdsetup.exe.lnk
[2011/11/27 09:04:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/27 09:04:24 | 001,876,476 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/27 08:47:46 | 002,883,584 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/11/27 08:47:45 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2011/11/27 08:47:45 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2011/11/26 18:27:13 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Mac.job
[2011/11/25 12:32:15 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/24 13:31:13 | 000,002,142 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/11/24 13:30:04 | 279,469,213 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/23 13:28:17 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/11/23 13:28:17 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/23 13:28:17 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/11/22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2011/11/22 19:41:28 | 000,017,848 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2011/11/22 19:38:10 | 000,105,792 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/11/22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/11/14 16:07:06 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/11/14 16:07:04 | 002,246,608 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/11/14 16:07:04 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/11/14 16:06:54 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/11/14 15:12:24 | 000,162,584 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/11/28 19:41:40 | 000,002,519 | ---- | C] () -- C:\Users\Mac\Desktop\HiJackThis.lnk
[2011/11/27 17:59:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/11/27 17:59:46 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2011/11/27 17:59:46 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/11/27 17:59:46 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/11/27 17:59:46 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/11/27 17:55:38 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2011/11/27 17:45:11 | 001,876,476 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/27 17:43:46 | 000,001,339 | ---- | C] () -- C:\Users\Mac\Desktop\sdsetup.exe.lnk
[2011/11/27 09:04:43 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/27 09:04:09 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/27 08:47:07 | 002,883,584 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/11/27 08:47:07 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2011/11/27 08:47:07 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2011/11/25 12:32:15 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/24 13:29:22 | 001,876,476 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/23 13:28:14 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/11/23 13:28:14 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
[2011/11/23 13:28:14 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
[2011/11/23 13:28:14 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/11/23 13:28:14 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
[2011/11/23 13:28:13 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
[2011/11/23 13:28:13 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/11/23 13:28:13 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/11/23 13:28:13 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
[2011/11/23 13:28:13 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/11/23 13:28:13 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/11/23 13:28:12 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/11/23 13:28:12 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
[2011/11/23 13:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
[2011/11/23 13:27:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/11/23 10:14:50 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/11/23 10:14:50 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/11/23 10:14:34 | 000,002,142 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2008/01/01 19:07:53 | 000,000,355 | ---- | C] () -- C:\Windows\Sonic3K.INI
[2007/11/02 17:40:01 | 000,000,680 | ---- | C] () -- C:\Users\Mac\AppData\Local\d3d9caps.dat
[2007/10/19 19:56:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/09/20 13:06:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/01 16:31:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/09/01 16:31:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/09/01 16:29:01 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLCIinst.dll
[2007/09/01 16:19:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcicoin.dll
[2007/07/02 18:44:11 | 000,040,960 | ---- | C] () -- C:\Users\Mac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/12 04:29:00 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/06/12 04:29:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/06/12 04:29:00 | 000,138,101 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/06/12 04:28:41 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/06/12 04:28:30 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/06/11 20:48:49 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/06/11 20:48:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007/06/11 20:36:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/12/07 00:25:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlciinsr.dll
[2006/12/07 00:25:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcicur.dll
[2006/12/07 00:24:50 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlcijswr.dll
[2006/12/07 00:20:30 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlciinsb.dll
[2006/12/07 00:20:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcicub.dll
[2006/12/07 00:20:06 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcicu.dll
[2006/12/07 00:20:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlciins.dll
[2006/12/07 00:18:44 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlciutil.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,422,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,670,050 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,126,048 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006/09/26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006/09/08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/09/06 04:26:48 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlcicfg.dll
[2005/12/02 15:53:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcicnv4.dll
[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcivs.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/02/15 17:30:51 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\Foxit
[2011/11/27 17:43:39 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\TestApp
[2008/09/04 13:13:29 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\Thunderbird
[2011/11/28 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\uTorrent
[2008/06/11 21:06:43 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/11/28 20:59:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 76 bytes -> C:\Users\Mac\Documents\outlook contact:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Mac\Documents\outlook calendar:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Mac\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Mac\Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Mac\Documents\fceu:Roxio EMC Stream
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2011-11-29 13:15:14 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

EXTRAS

OTL Extras logfile created on: 28/11/2011 11:09:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mac\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 33.15% Memory free
4.20 Gb Paging File | 2.40 Gb Available in Paging File | 57.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 37.50 Gb Free Space | 37.60% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.57 Gb Free Space | 55.71% Space Free | Partition Type: NTFS

Computer Name: MAC-PC | User Name: Mac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-669409844-555380144-3623885976-1003]
"EnableNotificationsRef" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{4EF21CE8-6C79-4AC0-9B3C-5A87BC9A30B3}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{24841D16-2FE9-490C-B63A-D8551095AD85}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B6E2126-4438-4CF1-BDDE-3C4355092860}" = Pradis Do Not Remove
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{493BAF04-DA99-9257-B343-E17BB5E687A3}" = ATI Catalyst Control Center Ex
"{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = Lord of the Rings: The Fellowship of the Ring
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v2.6.0
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}" = Myst IV - Revelation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III: Exile
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DCC0638F-E481-4B2C-AF06-24961FC46127}" = Pradis: NIV with NIV Application Commentary on John
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"1947ed9c549f680a9ed3f1fdbb9337a4" = Myst V End Of Ages
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ask Toolbar_is1" = Foxit Toolbar
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Browser Defender_is1" = Browser Defender 4.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell AIO Printer 946" = Dell AIO Printer 946
"Dell Fax Solutions" = Dell PC Fax
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Foxit Reader" = Foxit Reader
"Golden Axe_is1" = Golden Axe
"Google Desktop" = Google Desktop
"InstallShield_{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = Lord of the Rings: The Fellowship of the Ring
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MOUL" = Myst Online: Uru Live (remove only)
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"N360" = Norton 360
"NSS" = Norton Security Scan
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Sonic & Knuckles" = Sonic & Knuckles Killer !
"Sonic & Knuckles Collection Documentation" = Sonic & Knuckles Collection Documentation
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"Steam App 211" = Source SDK
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uru - Ages Beyond Myst" = Uru - Ages Beyond Myst
"uTorrent" = µTorrent
"Windows Live Toolbar" = Windows Live Toolbar

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome
"InstallShield_{DCC0638F-E481-4B2C-AF06-24961FC46127}" = Pradis: NIV with NIV Application Commentary on John

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 15/01/2011 3:26:31 PM | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Faulting application ePSXe.exe, version 0.0.0.0, time stamp 0x483816fa,
faulting module zlib1.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0xc0000135, fault offset 0x00008fc7, process id 0x84c, application start time
0x01cbb4ea1c0e3070.

Error - 17/01/2011 9:25:27 PM | Computer Name = Mac-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Mac\Downloads\desmume-0.9.6-win64-654\DeSmuME_x64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 29/01/2011 5:17:04 PM | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Faulting application Nss.exe, version 3.0.1.8, time stamp 0x4d21b476,
faulting module SYMHTML.DLL, version 5.1.0.1, time stamp 0x4c2b0a59, exception
code 0xc0000005, fault offset 0x0002d880, process id 0xd48, application start time
0x01cbbff9de035790.

Error - 16/02/2011 5:28:27 PM | Computer Name = Mac-PC | Source = EventSystem | ID = 4621
Description =

Error - 17/02/2011 10:36:31 AM | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Faulting application DSAgnt.exe, version 3.0.0.187, time stamp 0x455665f5,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000096, fault offset 0x01e500c6, process id 0xd1c, application start time 0x01cbceae348780b0.

Error - 02/03/2011 10:59:29 PM | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Faulting application NESTCL95.EXE, version 0.0.0.0, time stamp 0x34255ca6,
faulting module NESTCL95.EXE, version 0.0.0.0, time stamp 0x34255ca6, exception
code 0xc0000005, fault offset 0x00013ece, process id 0x1544, application start time
0x01cbd94effb9a8a8.

Error - 01/04/2011 9:44:50 PM | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4d894efc,
faulting module chrome.dll, version 10.0.648.204, time stamp 0x4d894ebc, exception
code 0x80000003, fault offset 0x000e9e6c, process id 0x1610, application start time
0x01cbf0d39e3ba5d0.

Error - 29/05/2011 8:51:02 AM | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Faulting application RoxWatchTray9.exe, version 9.0.1.64, time stamp
0x454e39e6, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0xa68, application start time
0x01cc1dfee6654160.

Error - 01/08/2011 10:36:01 PM | Computer Name = Mac-PC | Source = ESENT | ID = 481
Description = wuaueng.dll (1192) SUS20ClientDataStore: An attempt to read from the
file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 7688192
(0x0000000000755000) for 4096 (0x00001000) bytes failed after 7 seconds with system
error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation
will fail with error -1022 (0xfffffc02). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 12/08/2011 8:00:36 AM | Computer Name = Mac-PC | Source = EventSystem | ID = 4609
Description =

[ Broadcom Wireless LAN Events ]
Error - 13/10/2011 2:12:14 AM | Computer Name = Mac-PC | Source = WLAN-Tray | ID = 0
Description = 02:12:14, Thu, Oct 13, 11 Error - Unable to gain access to user store

Error - 13/10/2011 11:41:03 PM | Computer Name = Mac-PC | Source = WLAN-Tray | ID = 0
Description = 23:41:03, Thu, Oct 13, 11 Error - Unable to gain access to user store

Error - 14/10/2011 10:58:52 PM | Computer Name = Mac-PC | Source = WLAN-Tray | ID = 0
Description = 22:58:51, Fri, Oct 14, 11 Error - Unable to gain access to user store

Error - 05/11/2011 11:35:02 PM | Computer Name = Mac-PC | Source = WLAN-Tray | ID = 0
Description = 23:35:02, Sat, Nov 05, 11 Error - Unable to gain access to user store

Error - 07/11/2011 8:42:00 PM | Computer Name = Mac-PC | Source = WLAN-Tray | ID = 0
Description = 19:42:00, Mon, Nov 07, 11 Error - Unable to gain access to user store

Error - 11/11/2011 12:19:56 AM | Computer Name = Mac-PC | Source = WLAN-Tray | ID = 0
Description = 23:19:56, Thu, Nov 10, 11 Error - Unable to gain access to user store

Error - 17/11/2011 12:09:22 AM | Computer Name = Mac-PC | Source = WLAN-Tray | ID = 0
Description = 23:09:22, Wed, Nov 16, 11 Error - Unable to gain access to user store

Error - 18/11/2011 8:16:19 PM | Computer Name = Mac-PC | Source = WLAN-Tray | ID = 0
Description = 19:16:19, Fri, Nov 18, 11 Error - Unable to gain access to user store

Error - 20/11/2011 11:08:25 PM | Computer Name = Mac-PC | Source = WLAN-Tray | ID = 0
Description = 22:08:25, Sun, Nov 20, 11 Error - Unable to gain access to user store

Error - 22/11/2011 4:33:46 PM | Computer Name = Mac-PC | Source = WLAN-Tray | ID = 0
Description = 15:33:46, Tue, Nov 22, 11 Error - Unable to gain access to user store

[ Media Center Events ]
Error - 23/10/2007 3:58:43 PM | Computer Name = Mac-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2007 12:51:18 AM | Computer Name = Mac-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 15/11/2007 4:49:17 PM | Computer Name = Mac-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 25/11/2007 6:50:51 PM | Computer Name = Mac-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 01/04/2008 11:28:34 PM | Computer Name = Mac-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 16/04/2008 10:15:44 AM | Computer Name = Mac-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 28/01/2008 11:52:06 AM | Computer Name = Mac-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29/07/2008 4:03:38 PM | Computer Name = Mac-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 556
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/11/2011 11:04:14 PM | Computer Name = Mac-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 28/11/2011 11:04:18 PM | Computer Name = Mac-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 28/11/2011 11:04:23 PM | Computer Name = Mac-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 28/11/2011 11:04:27 PM | Computer Name = Mac-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 28/11/2011 11:04:32 PM | Computer Name = Mac-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 28/11/2011 11:04:37 PM | Computer Name = Mac-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 28/11/2011 11:04:41 PM | Computer Name = Mac-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 28/11/2011 11:04:46 PM | Computer Name = Mac-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 28/11/2011 11:04:50 PM | Computer Name = Mac-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 28/11/2011 11:04:59 PM | Computer Name = Mac-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2011-11-29 13:16:13 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to Mac

Checkup

Results of screen317's Security Check version 0.99.28
Windows Vista x86 (UAC is enabled)
[color=red]Out of date service pack!![/color]
Internet Explorer 7 [color=red]Out of date![/color]
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
Norton 360
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
Java(TM) SE Runtime Environment 6
Adobe Flash Player 9 [color=red]Flash Player out of date![/color]
Adobe Flash Player ( 10.0.32.18) [color=red]Flash Player out of Date![/color]
Mozilla Firefox ((3.0.19)) [color=red]Firefox out of Date![/color]
Mozilla Thunderbird (2.0.0) [color=red]Thunderbird out of Date![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````End of Log````````````
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2011-11-29 13:17:13 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to Mac

ESET

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=aaf6a1c516c1234788b16c742cf2884e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-29 07:43:24
# local_time=2011-11-29 02:43:24 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777173 100 84 0 73118951 0 0
# compatibility_mode=5892 16776550 100 95 132794310 159150383 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=136546
# found=0
# cleaned=0
# scan_time=9748
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2011-11-29 13:18:17 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to Mac

TDSS

12:56:11.0838 5420 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
12:56:11.0978 5420 ============================================================
12:56:11.0978 5420 Current date / time: 2011/11/29 12:56:11.0978
12:56:11.0978 5420 SystemInfo:
12:56:11.0978 5420
12:56:11.0978 5420 OS Version: 6.0.6000 ServicePack: 0.0
12:56:11.0978 5420 Product type: Workstation
12:56:11.0978 5420 ComputerName: MAC-PC
12:56:11.0979 5420 UserName: Mac
12:56:11.0979 5420 Windows directory: C:\Windows
12:56:11.0979 5420 System windows directory: C:\Windows
12:56:11.0979 5420 Processor architecture: Intel x86
12:56:11.0979 5420 Number of processors: 2
12:56:11.0979 5420 Page size: 0x1000
12:56:11.0979 5420 Boot type: Normal boot
12:56:11.0979 5420 ============================================================
12:56:13.0809 5420 Initialize success
12:56:16.0004 7536 ============================================================
12:56:16.0005 7536 Scan started
12:56:16.0005 7536 Mode: Manual;
12:56:16.0005 7536 ============================================================
12:56:17.0663 7536 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
12:56:17.0753 7536 ACPI - ok
12:56:18.0106 7536 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:56:18.0174 7536 adp94xx - ok
12:56:18.0827 7536 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:56:18.0850 7536 adpahci - ok
12:56:19.0445 7536 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:56:19.0456 7536 adpu160m - ok
12:56:19.0769 7536 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:56:19.0776 7536 adpu320 - ok
12:56:19.0893 7536 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
12:56:19.0909 7536 AFD - ok
12:56:19.0979 7536 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
12:56:19.0983 7536 agp440 - ok
12:56:20.0114 7536 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:56:20.0117 7536 aic78xx - ok
12:56:20.0364 7536 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
12:56:20.0366 7536 aliide - ok
12:56:20.0883 7536 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
12:56:20.0936 7536 amdagp - ok
12:56:21.0251 7536 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
12:56:21.0292 7536 amdide - ok
12:56:21.0838 7536 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:56:21.0840 7536 AmdK7 - ok
12:56:22.0027 7536 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
12:56:22.0416 7536 AmdK8 - ok
12:56:22.0481 7536 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:56:22.0485 7536 arc - ok
12:56:22.0526 7536 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:56:22.0529 7536 arcsas - ok
12:56:22.0561 7536 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
12:56:22.0564 7536 AsyncMac - ok
12:56:22.0683 7536 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
12:56:22.0685 7536 atapi - ok
12:56:23.0666 7536 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
12:56:23.0676 7536 BCM43XX - ok
12:56:24.0264 7536 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
12:56:24.0310 7536 bcm4sbxp - ok
12:56:24.0524 7536 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
12:56:24.0571 7536 Beep - ok
12:56:25.0592 7536 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
12:56:25.0626 7536 BHDrvx86 - ok
12:56:25.0914 7536 blbdrive - ok
12:56:26.0227 7536 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
12:56:26.0230 7536 bowser - ok
12:56:26.0704 7536 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:56:26.0707 7536 BrFiltLo - ok
12:56:26.0800 7536 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:56:26.0803 7536 BrFiltUp - ok
12:56:27.0001 7536 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:56:27.0045 7536 Brserid - ok
12:56:27.0303 7536 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:56:27.0306 7536 BrSerWdm - ok
12:56:27.0873 7536 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:56:27.0876 7536 BrUsbMdm - ok
12:56:28.0444 7536 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:56:28.0494 7536 BrUsbSer - ok
12:56:28.0669 7536 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
12:56:28.0716 7536 BthEnum - ok
12:56:28.0782 7536 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:56:28.0785 7536 BTHMODEM - ok
12:56:28.0831 7536 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
12:56:28.0834 7536 BthPan - ok
12:56:29.0088 7536 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
12:56:29.0188 7536 BTHPORT - ok
12:56:29.0255 7536 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
12:56:29.0303 7536 BTHUSB - ok
12:56:29.0423 7536 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
12:56:29.0476 7536 btwaudio - ok
12:56:29.0534 7536 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
12:56:29.0536 7536 btwavdt - ok
12:56:29.0839 7536 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
12:56:29.0841 7536 btwrchid - ok
12:56:29.0900 7536 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
12:56:29.0952 7536 cdfs - ok
12:56:30.0020 7536 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
12:56:30.0022 7536 cdrom - ok
12:56:30.0054 7536 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:56:30.0056 7536 circlass - ok
12:56:30.0609 7536 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
12:56:30.0710 7536 CLFS - ok
12:56:30.0785 7536 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
12:56:30.0838 7536 CmBatt - ok
12:56:31.0002 7536 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
12:56:31.0054 7536 cmdide - ok
12:56:31.0074 7536 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
12:56:31.0076 7536 Compbatt - ok
12:56:31.0098 7536 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:56:31.0101 7536 crcdisk - ok
12:56:31.0135 7536 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:56:31.0138 7536 Crusoe - ok
12:56:31.0218 7536 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
12:56:31.0222 7536 DfsC - ok
12:56:31.0937 7536 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
12:56:31.0940 7536 disk - ok
12:56:32.0152 7536 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
12:56:32.0155 7536 drmkaud - ok
12:56:32.0346 7536 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
12:56:32.0355 7536 DSproct - ok
12:56:32.0402 7536 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys
12:56:32.0405 7536 dsunidrv - ok
12:56:32.0812 7536 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
12:56:32.0824 7536 DXGKrnl - ok
12:56:32.0928 7536 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
12:56:32.0950 7536 e1express - ok
12:56:33.0006 7536 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:56:33.0010 7536 E1G60 - ok
12:56:33.0095 7536 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
12:56:33.0098 7536 Ecache - ok
12:56:33.0364 7536 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:56:33.0387 7536 eeCtrl - ok
12:56:33.0997 7536 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:56:34.0065 7536 elxstor - ok
12:56:34.0281 7536 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:56:34.0298 7536 EraserUtilRebootDrv - ok
12:56:34.0586 7536 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
12:56:34.0593 7536 fastfat - ok
12:56:34.0658 7536 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:56:34.0661 7536 fdc - ok
12:56:34.0764 7536 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
12:56:34.0767 7536 FileInfo - ok
12:56:34.0803 7536 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
12:56:34.0816 7536 Filetrace - ok
12:56:34.0853 7536 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:56:34.0856 7536 flpydisk - ok
12:56:34.0970 7536 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
12:56:34.0978 7536 FltMgr - ok
12:56:35.0083 7536 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
12:56:35.0100 7536 Fs_Rec - ok
12:56:35.0129 7536 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:56:35.0132 7536 gagp30kx - ok
12:56:35.0187 7536 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:56:35.0189 7536 GEARAspiWDM - ok
12:56:35.0429 7536 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:56:35.0476 7536 HdAudAddService - ok
12:56:35.0586 7536 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:56:35.0588 7536 HDAudBus - ok
12:56:35.0637 7536 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:56:35.0639 7536 HidBth - ok
12:56:35.0673 7536 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:56:35.0677 7536 HidIr - ok
12:56:35.0730 7536 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
12:56:35.0732 7536 HidUsb - ok
12:56:35.0789 7536 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:56:35.0791 7536 HpCISSs - ok
12:56:35.0865 7536 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:56:35.0875 7536 HSF_DPV - ok
12:56:35.0971 7536 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:56:35.0976 7536 HSXHWAZL - ok
12:56:36.0065 7536 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
12:56:36.0070 7536 HTTP - ok
12:56:36.0125 7536 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:56:36.0127 7536 i2omp - ok
12:56:36.0210 7536 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
12:56:36.0213 7536 i8042prt - ok
12:56:36.0252 7536 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:56:36.0258 7536 iaStorV - ok
12:56:36.0517 7536 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111128.030\IDSvix86.sys
12:56:36.0526 7536 IDSVix86 - ok
12:56:36.0672 7536 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:56:36.0674 7536 iirsp - ok
12:56:36.0775 7536 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
12:56:36.0777 7536 intelide - ok
12:56:36.0817 7536 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
12:56:36.0820 7536 intelppm - ok
12:56:36.0847 7536 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:56:36.0849 7536 IpFilterDriver - ok
12:56:36.0883 7536 IpInIp - ok
12:56:36.0963 7536 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:56:36.0998 7536 IPMIDRV - ok
12:56:37.0367 7536 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
12:56:37.0369 7536 IPNAT - ok
12:56:37.0390 7536 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
12:56:37.0392 7536 IRENUM - ok
12:56:37.0446 7536 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
12:56:37.0447 7536 isapnp - ok
12:56:37.0495 7536 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
12:56:37.0497 7536 iScsiPrt - ok
12:56:37.0537 7536 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:56:37.0540 7536 iteatapi - ok
12:56:37.0589 7536 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:56:37.0590 7536 iteraid - ok
12:56:37.0667 7536 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
12:56:37.0669 7536 kbdclass - ok
12:56:37.0742 7536 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
12:56:37.0743 7536 kbdhid - ok
12:56:37.0818 7536 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
12:56:37.0824 7536 KSecDD - ok
12:56:37.0894 7536 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
12:56:37.0896 7536 lltdio - ok
12:56:37.0984 7536 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:56:37.0987 7536 LSI_FC - ok
12:56:38.0019 7536 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:56:38.0022 7536 LSI_SAS - ok
12:56:38.0077 7536 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:56:38.0079 7536 LSI_SCSI - ok
12:56:38.0115 7536 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
12:56:38.0119 7536 luafv - ok
12:56:38.0260 7536 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
12:56:38.0263 7536 MBAMProtector - ok
12:56:38.0349 7536 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:56:38.0353 7536 mdmxsdk - ok
12:56:38.0441 7536 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:56:38.0445 7536 megasas - ok
12:56:38.0537 7536 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
12:56:38.0542 7536 Modem - ok
12:56:38.0613 7536 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
12:56:38.0616 7536 monitor - ok
12:56:38.0691 7536 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
12:56:38.0694 7536 mouclass - ok
12:56:38.0719 7536 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
12:56:38.0722 7536 mouhid - ok
12:56:38.0749 7536 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
12:56:38.0753 7536 MountMgr - ok
12:56:38.0881 7536 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
12:56:38.0887 7536 MpFilter - ok
12:56:39.0028 7536 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:56:39.0032 7536 mpio - ok
12:56:39.0152 7536 MpKsl0088720b - ok
12:56:39.0166 7536 MpKsl8c09d7c0 - ok
12:56:39.0335 7536 MpKslf2545499 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A902C40-F926-473A-8A46-F81400F4C627}\MpKslf2545499.sys
12:56:39.0337 7536 MpKslf2545499 - ok
12:56:39.0563 7536 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:56:39.0566 7536 MpNWMon - ok
12:56:39.0635 7536 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
12:56:39.0640 7536 mpsdrv - ok
12:56:39.0707 7536 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:56:39.0711 7536 Mraid35x - ok
12:56:39.0805 7536 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
12:56:39.0811 7536 MRxDAV - ok
12:56:39.0905 7536 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:56:39.0909 7536 mrxsmb - ok
12:56:40.0056 7536 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:56:40.0062 7536 mrxsmb10 - ok
12:56:40.0116 7536 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:56:40.0120 7536 mrxsmb20 - ok
12:56:40.0158 7536 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
12:56:40.0162 7536 msahci - ok
12:56:40.0199 7536 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:56:40.0202 7536 msdsm - ok
12:56:40.0244 7536 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
12:56:40.0247 7536 Msfs - ok
12:56:40.0290 7536 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
12:56:40.0294 7536 msisadrv - ok
12:56:40.0367 7536 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
12:56:40.0369 7536 MSKSSRV - ok
12:56:40.0469 7536 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
12:56:40.0473 7536 MSPCLOCK - ok
12:56:40.0534 7536 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
12:56:40.0537 7536 MSPQM - ok
12:56:40.0593 7536 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
12:56:40.0605 7536 MsRPC - ok
12:56:40.0670 7536 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
12:56:40.0673 7536 mssmbios - ok
12:56:40.0785 7536 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
12:56:40.0788 7536 MSTEE - ok
12:56:40.0831 7536 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
12:56:40.0835 7536 Mup - ok
12:56:41.0008 7536 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
12:56:41.0015 7536 NativeWifiP - ok
12:56:41.0214 7536 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111128.036\NAVENG.SYS
12:56:41.0219 7536 NAVENG - ok
12:56:41.0357 7536 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111128.036\NAVEX15.SYS
12:56:41.0435 7536 NAVEX15 - ok
12:56:41.0586 7536 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
12:56:41.0606 7536 NDIS - ok
12:56:41.0662 7536 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
12:56:41.0663 7536 NdisTapi - ok
12:56:41.0679 7536 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
12:56:41.0681 7536 Ndisuio - ok
12:56:41.0721 7536 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
12:56:41.0725 7536 NdisWan - ok
12:56:41.0782 7536 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
12:56:41.0784 7536 NDProxy - ok
12:56:41.0814 7536 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
12:56:41.0816 7536 NetBIOS - ok
12:56:41.0846 7536 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
12:56:41.0851 7536 netbt - ok
12:56:41.0923 7536 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:56:41.0924 7536 nfrd960 - ok
12:56:41.0963 7536 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
12:56:41.0965 7536 Npfs - ok
12:56:41.0993 7536 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
12:56:41.0996 7536 nsiproxy - ok
12:56:42.0097 7536 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
12:56:42.0130 7536 Ntfs - ok
12:56:42.0166 7536 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:56:42.0168 7536 ntrigdigi - ok
12:56:42.0190 7536 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
12:56:42.0192 7536 Null - ok
12:56:42.0244 7536 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:56:42.0246 7536 nvraid - ok
12:56:42.0280 7536 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:56:42.0281 7536 nvstor - ok
12:56:42.0338 7536 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
12:56:42.0342 7536 nv_agp - ok
12:56:42.0356 7536 NwlnkFlt - ok
12:56:42.0457 7536 NwlnkFwd - ok
12:56:42.0612 7536 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
12:56:42.0615 7536 ohci1394 - ok
12:56:42.0671 7536 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:56:42.0675 7536 Parport - ok
12:56:42.0730 7536 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
12:56:42.0733 7536 partmgr - ok
12:56:42.0768 7536 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:56:42.0770 7536 Parvdm - ok
12:56:42.0808 7536 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
12:56:42.0812 7536 pci - ok
12:56:42.0857 7536 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\DRIVERS\pciide.sys
12:56:42.0859 7536 pciide - ok
12:56:42.0889 7536 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:56:42.0893 7536 pcmcia - ok
12:56:42.0971 7536 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
12:56:42.0974 7536 PCTBD - ok
12:56:43.0066 7536 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
12:56:43.0073 7536 PCTCore - ok
12:56:43.0115 7536 pctDS (af08ec0f2093867ab955e24121ee7002) C:\Windows\system32\drivers\pctDS.sys
12:56:43.0122 7536 pctDS - ok
12:56:43.0183 7536 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\Windows\system32\drivers\pctEFA.sys
12:56:43.0195 7536 pctEFA - ok
12:56:43.0361 7536 pctgntdi (44fd6a1042c766df69bc6ba55780019d) C:\Windows\System32\drivers\pctgntdi.sys
12:56:43.0367 7536 pctgntdi - ok
12:56:43.0448 7536 pctplsg (b5d22f79943e156bf8fabf1e4888820c) C:\Windows\System32\drivers\pctplsg.sys
12:56:43.0451 7536 pctplsg - ok
12:56:43.0514 7536 PCTSD (86b9af53e46d0618d230608aed82622f) C:\Windows\system32\Drivers\PCTSD.sys
12:56:43.0521 7536 PCTSD - ok
12:56:43.0597 7536 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:56:43.0642 7536 PEAUTH - ok
12:56:43.0814 7536 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
12:56:43.0818 7536 PptpMiniport - ok
12:56:43.0851 7536 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:56:43.0854 7536 Processor - ok
12:56:43.0983 7536 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
12:56:43.0985 7536 PSched - ok
12:56:44.0055 7536 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
12:56:44.0056 7536 PxHelp20 - ok
12:56:44.0174 7536 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:56:44.0219 7536 ql2300 - ok
12:56:44.0287 7536 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:56:44.0289 7536 ql40xx - ok
12:56:44.0319 7536 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
12:56:44.0322 7536 QWAVEdrv - ok
12:56:44.0436 7536 R300 (8766b8f65459c37e20d525645e30e466) C:\Windows\system32\DRIVERS\atikmdag.sys
12:56:44.0455 7536 R300 - ok
12:56:44.0557 7536 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
12:56:44.0559 7536 RasAcd - ok
12:56:44.0618 7536 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:56:44.0622 7536 Rasl2tp - ok
12:56:44.0652 7536 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
12:56:44.0655 7536 RasPppoe - ok
12:56:44.0694 7536 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
12:56:44.0700 7536 rdbss - ok
12:56:44.0723 7536 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:56:44.0725 7536 RDPCDD - ok
12:56:44.0766 7536 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
12:56:44.0770 7536 rdpdr - ok
12:56:44.0812 7536 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
12:56:44.0815 7536 RDPENCDD - ok
12:56:44.0882 7536 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
12:56:44.0887 7536 RDPWD - ok
12:56:44.0951 7536 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
12:56:44.0955 7536 RFCOMM - ok
12:56:44.0996 7536 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
12:56:44.0998 7536 rimmptsk - ok
12:56:45.0025 7536 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
12:56:45.0028 7536 rimsptsk - ok
12:56:45.0067 7536 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
12:56:45.0071 7536 rismxdp - ok
12:56:45.0186 7536 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
12:56:45.0190 7536 rspndr - ok
12:56:45.0224 7536 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:56:45.0228 7536 sbp2port - ok
12:56:45.0305 7536 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
12:56:45.0308 7536 sdbus - ok
12:56:45.0426 7536 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:56:45.0429 7536 secdrv - ok
12:56:45.0476 7536 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:56:45.0479 7536 Serenum - ok
12:56:45.0554 7536 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:56:45.0558 7536 Serial - ok
12:56:45.0645 7536 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
12:56:45.0648 7536 sermouse - ok
12:56:45.0733 7536 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
12:56:45.0736 7536 sffdisk - ok
12:56:45.0799 7536 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
12:56:45.0802 7536 sffp_mmc - ok
12:56:45.0847 7536 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
12:56:45.0849 7536 sffp_sd - ok
12:56:45.0887 7536 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:56:45.0890 7536 sfloppy - ok
12:56:45.0941 7536 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
12:56:45.0943 7536 sisagp - ok
12:56:45.0973 7536 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:56:45.0975 7536 SiSRaid2 - ok
12:56:46.0039 7536 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:56:46.0043 7536 SiSRaid4 - ok
12:56:46.0101 7536 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
12:56:46.0104 7536 Smb - ok
12:56:46.0149 7536 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
12:56:46.0151 7536 spldr - ok
12:56:46.0319 7536 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
12:56:46.0330 7536 SRTSP - ok
12:56:46.0412 7536 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
12:56:46.0415 7536 SRTSPX - ok
12:56:46.0478 7536 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
12:56:46.0485 7536 srv - ok
12:56:46.0553 7536 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
12:56:46.0557 7536 srv2 - ok
12:56:46.0606 7536 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
12:56:46.0610 7536 srvnet - ok
12:56:46.0758 7536 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
12:56:46.0793 7536 STHDA - ok
12:56:46.0841 7536 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
12:56:46.0844 7536 swenum - ok
12:56:46.0889 7536 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:56:46.0892 7536 Symc8xx - ok
12:56:47.0035 7536 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
12:56:47.0058 7536 SymDS - ok
12:56:47.0215 7536 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
12:56:47.0249 7536 SymEFA - ok
12:56:47.0337 7536 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
12:56:47.0341 7536 SymEvent - ok
12:56:47.0465 7536 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
12:56:47.0501 7536 SymIRON - ok
12:56:47.0915 7536 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
12:56:47.0926 7536 SYMTDIv - ok
12:56:48.0035 7536 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:56:48.0039 7536 Sym_hi - ok
12:56:48.0136 7536 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:56:48.0139 7536 Sym_u3 - ok
12:56:48.0232 7536 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys
12:56:48.0237 7536 SynTP - ok
12:56:48.0335 7536 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
12:56:48.0414 7536 Tcpip - ok
12:56:48.0468 7536 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
12:56:48.0476 7536 Tcpip6 - ok
12:56:48.0522 7536 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
12:56:48.0524 7536 tcpipreg - ok
12:56:48.0548 7536 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
12:56:48.0550 7536 TDPIPE - ok
12:56:48.0598 7536 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
12:56:48.0600 7536 TDTCP - ok
12:56:48.0632 7536 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
12:56:48.0636 7536 tdx - ok
12:56:48.0764 7536 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
12:56:48.0766 7536 TermDD - ok
12:56:48.0871 7536 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:56:48.0874 7536 tssecsrv - ok
12:56:48.0951 7536 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
12:56:48.0953 7536 tunmp - ok
12:56:48.0983 7536 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
12:56:48.0985 7536 tunnel - ok
12:56:49.0011 7536 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:56:49.0014 7536 uagp35 - ok
12:56:49.0056 7536 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
12:56:49.0062 7536 udfs - ok
12:56:49.0122 7536 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
12:56:49.0125 7536 uliagpkx - ok
12:56:49.0158 7536 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:56:49.0163 7536 uliahci - ok
12:56:49.0236 7536 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:56:49.0239 7536 UlSata - ok
12:56:49.0279 7536 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:56:49.0282 7536 ulsata2 - ok
12:56:49.0339 7536 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
12:56:49.0341 7536 umbus - ok
12:56:49.0435 7536 usbccgp (9d554e3509868322fabd3c9933e3ccc2) C:\Windows\system32\DRIVERS\usbccgp.sys
12:56:49.0438 7536 usbccgp - ok
12:56:49.0464 7536 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:56:49.0467 7536 usbcir - ok
12:56:49.0511 7536 usbehci (ad99bf6bee66686d68721ffcc6e08cbe) C:\Windows\system32\DRIVERS\usbehci.sys
12:56:49.0513 7536 usbehci - ok
12:56:49.0567 7536 usbhub (275dbb5a31281feaf565378526319d5a) C:\Windows\system32\DRIVERS\usbhub.sys
12:56:49.0572 7536 usbhub - ok
12:56:49.0605 7536 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:56:49.0607 7536 usbohci - ok
12:56:49.0640 7536 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
12:56:49.0642 7536 usbprint - ok
12:56:49.0713 7536 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
12:56:49.0716 7536 usbscan - ok
12:56:49.0783 7536 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:56:49.0785 7536 USBSTOR - ok
12:56:49.0830 7536 usbuhci (9b13bca94168e18ff71fdd500b96643c) C:\Windows\system32\DRIVERS\usbuhci.sys
12:56:49.0832 7536 usbuhci - ok
12:56:49.0915 7536 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:56:49.0917 7536 vga - ok
12:56:49.0959 7536 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
12:56:49.0962 7536 VgaSave - ok
12:56:49.0993 7536 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
12:56:49.0997 7536 viaagp - ok
12:56:50.0028 7536 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:56:50.0031 7536 ViaC7 - ok
12:56:50.0068 7536 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
12:56:50.0070 7536 viaide - ok
12:56:50.0096 7536 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
12:56:50.0099 7536 volmgr - ok
12:56:50.0150 7536 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
12:56:50.0157 7536 volmgrx - ok
12:56:50.0232 7536 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
12:56:50.0238 7536 volsnap - ok
12:56:50.0304 7536 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:56:50.0308 7536 vsmraid - ok
12:56:50.0354 7536 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:56:50.0356 7536 WacomPen - ok
12:56:50.0438 7536 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
12:56:50.0441 7536 Wanarp - ok
12:56:50.0449 7536 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
12:56:50.0451 7536 Wanarpv6 - ok
12:56:50.0543 7536 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:56:50.0547 7536 Wd - ok
12:56:50.0631 7536 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
12:56:50.0654 7536 Wdf01000 - ok
12:56:50.0798 7536 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:56:50.0816 7536 winachsf - ok
12:56:51.0027 7536 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:56:51.0030 7536 WmiAcpi - ok
12:56:51.0143 7536 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
12:56:51.0146 7536 ws2ifsl - ok
12:56:51.0246 7536 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:56:51.0251 7536 WUDFRd - ok
12:56:51.0339 7536 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
12:56:51.0343 7536 XAudio - ok
12:56:51.0407 7536 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:56:51.0429 7536 \Device\Harddisk0\DR0 - ok
12:56:51.0448 7536 Boot (0x1200) (4661a37e58670f062c9c97fa843bb789) \Device\Harddisk0\DR0\Partition0
12:56:51.0451 7536 \Device\Harddisk0\DR0\Partition0 - ok
12:56:51.0459 7536 Boot (0x1200) (e564a0eaaa49943892d6f8e0aadc5e86) \Device\Harddisk0\DR0\Partition1
12:56:51.0462 7536 \Device\Harddisk0\DR0\Partition1 - ok
12:56:51.0465 7536 ============================================================
12:56:51.0466 7536 Scan finished
12:56:51.0466 7536 ============================================================
12:56:51.0493 8048 Detected object count: 0
12:56:51.0494 8048 Actual detected object count: 0
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2011-11-29 13:19:07 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to Mac

Re: [Trojan] DNS Changer detected by my internet provider

The logs are all clean. But I want to check for rootkits for safety.

First:
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications

Second:
If you are connected to a router, check your router's status page and post back the DNS server IP Address(es) that it is using.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum
to forum · permalink · 2011-11-29 14:12:54 ·


Mac

@cgocable.net

Here is my log

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 29/11/2011 at 14:31:06 PM
User "Mac" on computer "MAC-PC"
Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files\Common Files\microsoft shared\ink\mshwnld.dll
Hidden: file C:\Windows\IME\IMEJP10\DICTS\IMJPST.DIC
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WOWDEB.EXE
Hidden: file C:\Windows\winsxs\x86_microsoft.web.administration-nonmsil_31bf3856ad364e35_6.0.6000.16386_none_c63a112593ebf63c\Microsoft.Web.Administration.dll
Hidden: file C:\DELL\E-Center\EULAl.exe
Hidden: file C:\Users\Mac\Downloads\OTL.exe
Hidden: file C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
Hidden: file C:\Windows\System32\DriverStore\FileRepository\dellhdaz.inf_7afcb70b\XAudio.exe
Hidden: file C:\Users\Mac\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
Hidden: file C:\Users\Mac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WDRVBXF4\check.xml
Hidden: file C:\Program Files\Java\jre1.6.0\LICENSE.rtf
Hidden: file C:\Program Files\Java\jre1.6.0\lib\charsets.jar
Hidden: file C:\Program Files\Java\jre1.6.0\LICENSE_de.rtf
Hidden: file C:\Program Files\Java\jre1.6.0\LICENSE_es.rtf
Hidden: file C:\Program Files\Java\jre1.6.0\LICENSE_fr.rtf
Hidden: file C:\Program Files\Java\jre1.6.0\LICENSE_it.rtf
Hidden: file C:\Program Files\Java\jre1.6.0\LICENSE_ja.rtf
Hidden: file C:\Program Files\Java\jre1.6.0\LICENSE_ko.rtf
Hidden: file C:\Program Files\Java\jre1.6.0\LICENSE_sv.rtf
Hidden: file C:\Program Files\Java\jre1.6.0\LICENSE_zh_CN.rtf
Hidden: file C:\Program Files\Java\jre1.6.0\LICENSE_zh_TW.rtf
Hidden: file C:\Program Files\Java\jre1.6.0\bin\eula.dll
Hidden: file C:\Program Files\Java\jre1.6.0\lib\audio\soundbank.gm
Hidden: file C:\Program Files\Java\jre1.6.0\lib\cmm\PYCC.pf
Hidden: file C:\Program Files\Java\jre1.6.0\lib\fonts\LucidaBrightDemiBold.ttf
Hidden: file C:\DELL\docs\MFC42.DLL
Hidden: file C:\Windows\System32\bcmttls.dll
Hidden: file C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2\mfc80.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\DXStress.exe
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\atixcode.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Dashboard.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Shared.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Dashboard.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Runtime.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Shared.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.TransCode.Local.Shared.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.TransCode.Local.Wizard.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Runtime.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Shared.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Welcome.Local.Dashboard.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Dashboard.dll
Hidden: file C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Runtime.dll
Hidden: file C:\Windows\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\CGMIMP32.FLT_1033
Hidden: file C:\Users\Mac\Documents\Downloads\golden_axe.exe
Hidden: file C:\ProgramData\Norton\00000082\00000121\000005d7\cltLMS1.dat
Hidden: file C:\ProgramData\Norton\00000082\00000121\000005d7\cltLMS2.dat
Hidden: file C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx64.sys
Hidden: file C:\Program Files\Dell Fax Solutions\instmsia.exe
Hidden: file C:\Program Files\Dell Fax Solutions\instmsiw.exe
Hidden: file C:\Program Files\Dell Fax Solutions\Install\x86\Uninst.exe
Hidden: file C:\Program Files\Dell AIO Printer 946\Install\x86\Uninst.exe
Hidden: file C:\Users\Mac\Downloads\sdsetup.exe
Hidden: file C:\Program Files\UBISOFT\Myst IV - Revelation\bin\Myst4.exe
Hidden: file C:\Program Files\Ubi Soft\Cyan Worlds\Uru - Ages Beyond Myst\Uru.exe
Hidden: file C:\Program Files\Ubi Soft\Cyan Worlds\Uru - Ages Beyond Myst\UruExplorer.exe
Hidden: file C:\Program Files\Ubi Soft\Cyan Worlds\Uru - Ages Beyond Myst\sp.dll
Hidden: file C:\Users\Mac\Desktop\programs\DivXInstaller.exe
Hidden: file C:\Program Files\UBISOFT\Cyan Worlds\Myst V End Of Ages\eoa.exe
Hidden: file C:\Program Files\UBISOFT\Cyan Worlds\Myst V End Of Ages\MystV.exe
Hidden: file C:\Program Files\Myst III Exile\Bin\M3.exe
Hidden: file C:\Users\Mac\Desktop\documents\AVGNAVG\Angry Video Game Nerd's Angry Video Game\Angry Video Game Nerd's Angry Video Game.exe
Hidden: file C:\ProgramData\Dell\TransferAgent\DSC20UpgradeTA.exe
Hidden: file C:\ProgramData\YoYoGames\yoyo70.exe
Hidden: file C:\Users\Mac\Documents\Downloads\iwbtgbeta(slomo).exe
Hidden: file C:\Users\Mac\Downloads\KindleForPC-installer.exe
Hidden: file C:\Users\Mac\Downloads\MPC-HomeCinema.1.5.2.3456.x86.exe
Hidden: file C:\Users\Mac\Documents\Downloads\MerryGear\sounds\tvon.WAV
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.22281_none_81ac046a67a1518c.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18158_none_8149d9694e650f50.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.22575_none_7fd463966a6f45d3.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18375_none_7f4ac4e55151a8e2.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.21173_none_7debfa986d4ab84f.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16971_none_7d608517542eb295.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21173_none_893582fea5f32a22.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.22281_none_8abf22be61f28fee.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18158_none_8a5cf7bd48b64db2.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22575_none_88e781ea64c08435.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18375_none_885de3394ba2e744.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.21173_none_86ff18ec679bf6b1.manifest
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16971_none_8673a36b4e7ff0f7.manifest
Hidden: file C:\Users\Mac\Downloads\QTSS_Request_CCTE_Support.doc
Hidden: file C:\Users\Mac\Documents\Downloads\FoxitReader31_enu_Setup_091125.exe
Hidden: file C:\Users\Mac\AppData\Local\Amazon\Kindle\application\uninstall.exe
Hidden: file C:\Users\Mac\Downloads\epsxe170-1034\ePSXe.exe
Hidden: file C:\Users\Mac\Downloads\epsxe170-1034 (1)\ePSXe.exe
Hidden: file C:\Users\Mac\Downloads\epsxe160-751\ePSXe.exe
Hidden: file C:\Users\Mac\Downloads\QuickTimeInstaller.exe
Hidden: file C:\Users\Mac\Documents\Downloads\MerryGear\Merry Gear Solid.exe
Hidden: file C:\Users\Mac\Downloads\VisualBoyAdvance-1.7.2\VisualBoyAdvance.exe
Info: Starting disk scan of D: (NTFS).
Stopped logging on 29/11/2011 at 16:06:05 PM
As for the router, how do I check the status page?
Thanks,
Mac

to forum · permalink · 2011-11-29 16:15:26 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

What router make & model?

Try to log in to it here: »192.168.1.1/
Status page (maybe): »192.168.1.1/StaRouter.htm

(be sure to obscure any personal info, as this is a public board)

to forum · permalink · 2011-11-29 16:19:08 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

reply to Mac
Any particular reason you have not installed the two service packs for Vista.

Right now you are using an unsupported Operating System. Support for SP1 ended July 12, 2011.

to forum · permalink · 2011-11-29 16:36:06 ·


Mac

@cgocable.net

The issue has been resolved. I got a new router and secured it and there are no more rogue ip addresses. Thanks for the help everyone!

to forum · permalink · 2011-12-02 16:33:38 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to Mac
A suggestion. Reformat and start over.

You are using an unsupported Operating System. There are leftovers from Norton 360. I looks like you may have two anti-virus programs running (PC Tools and MSE).

You can cleanup the Norton remains with this tool:
»www-secure.symantec.com/norton-s···t_pubweb
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2011-12-02 17:16:13 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to Mac
Cleaning Up:

Delete TFC:

  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.


Use Add/Remove Programs to uninstall Sophos AntiRootkit
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum
to forum · permalink · 2011-12-02 17:17:07 ·
Forums > Broadband Tech > Security > Security Cleanup

Sunday, 03-Jun 21:17:44 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics