Please help, tidserve intrusion alert from Norton Security

View previous topic View next topic Go down

Please help, tidserve intrusion alert from Norton Security

Post by fgwjr2003 on 5th November 2010, 4:33 pm

OTL logfile created on: 11/5/2010 10:48:18 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\frank\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 291.79 Gb Free Space | 64.32% Space Free | Partition Type: NTFS

Computer Name: FRANK-PC | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 10:47:12 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\frank\Downloads\OTL.com
PRC - [2010/10/28 01:28:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 01:28:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/22 09:21:00 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009/12/17 05:53:40 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/12/17 05:51:23 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/12/16 01:16:04 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/10/29 15:31:16 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/10/29 15:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/10/13 14:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/17 01:50:14 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/05/01 13:52:24 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
PRC - [2009/05/01 13:52:22 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/11/05 10:47:12 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\frank\Downloads\OTL.com
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2006/12/11 12:12:22 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcrcoms.exe -- (lxcr_device)
SRV - [2010/11/04 22:41:00 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/17 05:53:40 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/12/17 05:51:26 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/10/29 15:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/12 21:03:28 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/10/12 16:15:15 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/20 16:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/12/17 05:53:41 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/12/17 05:53:41 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/12/17 05:53:41 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2009/12/17 05:53:41 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2009/12/17 05:53:41 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2009/12/17 05:53:41 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/12/17 05:53:41 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/11/05 23:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/29 17:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/10/25 23:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/23 00:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/05 15:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 05:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/10/19 15:36:20 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101103.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/10/12 01:57:48 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101104.057\EX64.SYS -- (NAVEX15)
DRV - [2010/10/12 01:57:48 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/10/12 01:57:48 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/12 01:57:48 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101104.057\ENG64.SYS -- (NAVENG)
DRV - [2009/09/01 20:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.10.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/10/13 14:00:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 01:28:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/05 10:30:11 | 000,000,000 | ---D | M]

[2010/10/13 09:45:25 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Mozilla\Extensions
[2010/10/13 09:45:25 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/05 10:44:36 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\ckmaqnhb.default\extensions
[2010/10/16 10:07:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\ckmaqnhb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/17 15:04:57 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\ckmaqnhb.default\extensions\plugin@yontoo.com
[2010/10/14 15:00:31 | 000,000,000 | ---D | M] -- C:\Users\frank\AppData\Roaming\Mozilla\Firefox\Profiles\ckmaqnhb.default\extensions\toolbar@ask.com
[2010/11/05 10:40:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/30 14:18:58 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/22 18:12:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LXCRCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCRtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: SymEFA.sys - C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys (Symantec Corporation)
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfRd - Driver
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: SymEFA.sys - C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys (Symantec Corporation)
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfRd - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/05 10:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/11/05 10:27:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/05 10:20:34 | 000,641,473 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\frank\Documents\JavaRa.exe
[2010/11/05 10:09:58 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/11/05 10:09:58 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/11/05 10:09:58 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/11/05 10:09:58 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/11/05 10:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/05 08:49:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/03 11:29:58 | 000,000,000 | ---D | C] -- C:\Users\frank\Documents\excel extra credit
[2010/11/02 22:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/02 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/02 15:34:29 | 000,000,000 | ---D | C] -- C:\Users\frank\Documents\treatment documentation
[2010/11/02 15:15:09 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\Wing.dll
[2010/11/02 15:15:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\Wing32.dll
[2010/11/02 13:52:18 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Diagnostics
[2010/11/01 22:47:18 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\dvdcss
[2010/11/01 14:03:43 | 000,000,000 | ---D | C] -- C:\Users\frank\Documents\CyberLink
[2010/11/01 14:03:41 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\CyberLink
[2010/11/01 14:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/10/31 20:58:55 | 000,000,000 | ---D | C] -- C:\FREEVIDEOTODVDCONVERTER
[2010/10/31 20:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2010/10/31 20:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2010/10/31 17:22:50 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\DVDVideoSoft
[2010/10/31 16:58:21 | 000,000,000 | ---D | C] -- C:\Users\frank\Documents\DVDVideoSoft
[2010/10/31 16:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010/10/31 16:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010/10/31 13:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoConverter
[2010/10/30 14:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/10/30 14:18:40 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/10/30 14:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/10/27 07:26:36 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/27 07:26:36 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/27 07:26:36 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/27 07:26:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/27 07:26:36 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/27 07:26:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/27 07:26:36 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/27 07:26:08 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/24 22:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WorldWinner.com
[2010/10/24 21:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WorldWinner
[2010/10/24 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldWinner.com, Inc
[2010/10/24 21:59:24 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Worldwinner
[2010/10/24 18:20:11 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\PokerStars.NET
[2010/10/24 18:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2010/10/22 21:53:56 | 000,000,000 | ---D | C] -- C:\Users\frank\Documents\exel project 5
[2010/10/22 19:05:15 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Windows Live Writer
[2010/10/22 19:05:15 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Windows Live Writer
[2010/10/22 18:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/22 18:11:59 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/22 18:11:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/22 18:11:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/22 18:11:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/22 17:45:28 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/22 17:43:35 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/10/22 17:43:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/10/22 17:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/22 17:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/10/22 17:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/10/22 17:42:22 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/10/22 17:42:22 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/10/22 17:42:21 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/10/22 17:42:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/10/22 17:24:28 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Windows Live
[2010/10/22 17:23:56 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/10/22 17:23:55 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/10/22 17:23:55 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/10/22 17:23:55 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/10/22 17:23:55 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/10/22 17:23:55 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/10/22 17:23:54 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll




fgwjr2003
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-11-05
OS OS : windows 7
Points Points : 22321
# Likes # Likes : 0

View user profile

Back to top Go down

Please help, tidserve intrusion alert from Norton Security (cont.)

Post by fgwjr2003 on 5th November 2010, 4:43 pm

[2010/10/18 17:10:30 | 000,000,000 | ---D | C] -- C:\cac35a499626899e950518
[2010/10/18 13:08:08 | 000,000,000 | ---D | C] -- C:\Users\frank\Documents\CIS120 Exel
[2010/10/18 13:07:56 | 000,000,000 | ---D | C] -- C:\Users\frank\Documents\excel
[2010/10/17 15:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/17 15:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/17 15:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/10/17 15:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers Client
[2010/10/17 15:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2010/10/17 11:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\The Learning Company
[2010/10/17 11:03:07 | 000,000,000 | ---D | C] -- C:\Windows\LHSP
[2010/10/17 11:03:07 | 000,000,000 | ---D | C] -- C:\HGASRAPI
[2010/10/17 10:58:15 | 000,188,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wingde.dll
[2010/10/17 10:58:15 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wing.dll
[2010/10/17 10:58:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wing32.dll
[2010/10/17 10:58:15 | 000,006,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wingdib.drv
[2010/10/17 10:58:15 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wingpal.wnd
[2010/10/17 08:46:48 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Azureus
[2010/10/17 08:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/10/17 08:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2010/10/17 08:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/10/17 01:44:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/10/17 01:44:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/10/17 01:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2010/10/16 21:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3File
[2010/10/16 14:55:56 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\DivX
[2010/10/16 14:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/10/16 14:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/10/16 14:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/10/16 14:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/10/16 14:52:23 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Apple Computer
[2010/10/16 14:52:11 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Apple Computer
[2010/10/16 14:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/16 14:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/10/16 14:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/10/16 14:46:50 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Apple
[2010/10/16 14:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/10/16 14:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/10/16 10:07:38 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\jZip
[2010/10/16 10:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2010/10/16 10:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/10/15 17:22:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/14 12:33:16 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Adobe
[2010/10/14 11:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2010/10/14 11:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\lx_cats
[2010/10/14 11:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2400 Series
[2010/10/14 11:55:30 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrserv.dll
[2010/10/14 11:55:30 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrusb1.dll
[2010/10/14 11:55:30 | 000,654,336 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxcrutil.dll
[2010/10/14 11:55:30 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrlmpm.dll
[2010/10/14 11:55:30 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrpmui.dll
[2010/10/14 11:55:30 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\LXCRhcp.dll
[2010/10/14 11:55:30 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrinpa.dll
[2010/10/14 11:55:30 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxcriesc.dll
[2010/10/14 11:55:30 | 000,184,320 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxcrinsb.dll
[2010/10/14 11:55:30 | 000,131,584 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxcrjswr.dll
[2010/10/14 11:55:30 | 000,091,136 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxcrinsr.dll
[2010/10/14 11:55:30 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrprox.dll
[2010/10/14 11:55:30 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrpplc.dll
[2010/10/14 11:55:29 | 000,983,107 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lxcrgf.dll
[2010/10/14 11:55:29 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrcomc.dll
[2010/10/14 11:55:29 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrcoms.exe
[2010/10/14 11:55:29 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrcomm.dll
[2010/10/14 11:55:29 | 000,236,032 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxcrins.dll
[2010/10/14 11:55:29 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxcrih.exe
[2010/10/14 11:55:29 | 000,097,280 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxcrcu.dll
[2010/10/14 11:55:29 | 000,067,584 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxcrcub.dll
[2010/10/14 11:55:29 | 000,064,512 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\LXCRcfg.dll
[2010/10/14 11:55:29 | 000,023,040 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxcrcur.dll
[2010/10/14 11:32:29 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\ElevatedDiagnostics
[2010/10/14 11:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 2400 Series
[2010/10/14 11:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86) (x86)
[2010/10/14 11:28:25 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpmui.dll
[2010/10/14 11:28:25 | 000,462,848 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxcrutil.dll
[2010/10/14 11:28:25 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrinpa.dll
[2010/10/14 11:28:25 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcriesc.dll
[2010/10/14 11:28:25 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxcrinsb.dll
[2010/10/14 11:28:25 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxcrjswr.dll
[2010/10/14 11:28:25 | 000,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxcrinsr.dll
[2010/10/14 11:28:25 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxcrcur.dll
[2010/10/14 11:28:24 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrserv.dll
[2010/10/14 11:28:24 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrusb1.dll
[2010/10/14 11:28:24 | 000,983,107 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lxcrgf.dll
[2010/10/14 11:28:24 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxcrins.dll
[2010/10/14 11:28:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrprox.dll
[2010/10/14 11:28:24 | 000,086,016 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxcrcub.dll
[2010/10/14 11:28:24 | 000,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxcrcu.dll
[2010/10/14 11:28:23 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrlmpm.dll
[2010/10/14 11:28:23 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcoms.exe
[2010/10/14 11:28:23 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrih.exe
[2010/10/14 11:28:23 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrppls.exe
[2010/10/14 11:28:23 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpplc.dll
[2010/10/14 11:28:22 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomc.dll
[2010/10/14 11:28:22 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomm.dll
[2010/10/14 11:28:22 | 000,077,824 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXCRcfg.dll
[2010/10/14 11:27:43 | 000,000,000 | ---D | C] -- C:\lexmark
[2010/10/14 11:17:05 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Easeware
[2010/10/14 10:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/10/14 10:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/10/13 16:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/10/13 16:57:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/10/13 16:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/13 16:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/10/13 16:52:33 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Microsoft Help
[2010/10/13 10:31:40 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Yahoo
[2010/10/13 10:31:39 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Yahoo!
[2010/10/13 09:45:30 | 000,000,000 | ---D | C] -- C:\Users\frank\Documents\LimeWire
[2010/10/13 09:45:13 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\LimeWire
[2010/10/13 09:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/13 09:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/13 09:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[2010/10/13 08:47:55 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/10/13 08:47:55 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/10/13 08:47:55 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/10/13 08:47:55 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/10/13 08:47:55 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/10/13 08:47:55 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/10/13 08:47:55 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/10/13 08:47:55 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/10/13 08:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/10/13 07:33:48 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/10/13 07:33:44 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/10/13 07:33:44 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 07:33:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 07:33:40 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 07:33:37 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/13 07:33:36 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/10/13 07:33:36 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/10/13 07:33:36 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/10/13 07:33:36 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/10/13 07:33:36 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/10/13 07:33:36 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/10/13 07:33:36 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/10/13 07:33:36 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/10/13 07:33:36 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/10/13 07:33:35 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/10/13 07:33:35 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/10/13 07:33:35 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/10/13 07:33:35 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/10/13 07:33:35 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/10/13 07:33:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/10/13 07:33:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/10/13 07:33:06 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/10/13 07:33:04 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/10/13 07:33:04 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/10/13 07:33:01 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 07:32:59 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/10/13 07:32:56 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/10/13 07:32:56 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/10/13 07:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/10/13 07:32:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/10/13 07:32:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/10/13 07:32:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/10/13 07:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/10/13 07:32:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/10/13 07:32:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/10/13 07:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/10/13 07:32:52 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/10/13 07:32:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/10/13 07:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/10/13 07:31:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/10/13 07:31:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/10/13 07:31:05 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/10/13 07:31:05 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/10/13 07:31:02 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/13 07:31:02 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 07:30:54 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/10/13 07:30:54 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/10/13 07:30:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/10/13 07:30:53 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/10/13 07:30:48 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/10/13 07:30:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/10/13 07:30:39 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/10/13 07:30:35 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 07:30:34 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 07:30:31 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/10/13 07:30:31 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/10/13 07:30:30 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/10/13 07:30:30 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/10/13 07:30:30 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/10/13 07:30:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/10/13 07:30:16 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 07:30:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/13 07:30:14 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 07:30:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/13 07:30:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/13 07:30:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/13 07:30:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 07:30:12 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/13 07:30:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/13 07:30:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/13 07:30:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/13 07:30:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/13 07:30:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/13 07:30:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/13 07:30:07 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 07:30:06 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 07:30:04 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 07:30:04 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 07:30:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/13 07:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/10/12 23:01:26 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\vlc
[2010/10/12 23:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/10/12 21:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010/10/12 21:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/10/12 21:21:39 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\BitTorrent
[2010/10/12 21:15:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers
[2010/10/12 21:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2010/10/12 20:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/10/12 18:58:56 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2010/10/12 18:05:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/12 18:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/10/12 18:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2010/10/12 18:01:31 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/10/12 16:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2010/10/12 16:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/10/12 16:31:54 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/10/12 16:31:49 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/10/12 16:31:49 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/10/12 16:31:46 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Mozilla
[2010/10/12 16:31:46 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Mozilla
[2010/10/12 16:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/10/12 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/12 16:28:49 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Adobe
[2010/10/12 16:28:41 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Google
[2010/10/12 16:28:40 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Google
[2010/10/12 16:26:10 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/10/12 16:26:10 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/10/12 16:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/10/12 16:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/10/12 16:24:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/10/12 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/10/12 16:19:17 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Best Buy pc app
[2010/10/12 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/10/12 16:19:07 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Deployment
[2010/10/12 16:19:07 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Apps
[2010/10/12 16:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Best Buy pc app
[2010/10/12 16:18:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}
[2010/10/12 16:18:38 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\PackageAware
[2010/10/12 16:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2010/10/12 16:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Web Camera
[2010/10/12 16:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/10/12 16:15:49 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Packard Bell
[2010/10/12 16:15:40 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Roxio
[2010/10/12 16:15:19 | 000,031,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys
[2010/10/12 16:15:15 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/12 16:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/12 16:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/12 16:15:08 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Macromedia
[2010/10/12 16:14:47 | 000,000,000 | R--D | C] -- C:\Users\frank\Searches
[2010/10/12 16:14:38 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Identities
[2010/10/12 16:14:35 | 000,000,000 | R--D | C] -- C:\Users\frank\Contacts
[2010/10/12 16:14:33 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\VirtualStore
[2010/10/12 16:14:15 | 000,000,000 | -H-D | C] -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/12 16:13:47 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/10/12 16:13:47 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/10/12 16:13:47 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/10/12 16:13:47 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/10/12 16:11:39 | 000,000,000 | --SD | C] -- C:\Users\frank\AppData\Roaming\Microsoft
[2010/10/12 16:11:39 | 000,000,000 | R--D | C] -- C:\Users\frank\Videos
[2010/10/12 16:11:39 | 000,000,000 | R--D | C] -- C:\Users\frank\Saved Games
[2010/10/12 16:11:39 | 000,000,000 | R--D | C] -- C:\Users\frank\Pictures
[2010/10/12 16:11:39 | 000,000,000 | R--D | C] -- C:\Users\frank\Music
[2010/10/12 16:11:39 | 000,000,000 | R--D | C] -- C:\Users\frank\Links
[2010/10/12 16:11:39 | 000,000,000 | R--D | C] -- C:\Users\frank\Favorites
[2010/10/12 16:11:39 | 000,000,000 | R--D | C] -- C:\Users\frank\Downloads
[2010/10/12 16:11:39 | 000,000,000 | R--D | C] -- C:\Users\frank\My Documents
[2010/10/12 16:11:39 | 000,000,000 | R--D | C] -- C:\Users\frank\Desktop
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\AppData\Local\Temporary Internet Files
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\Templates
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\Start Menu
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\SendTo
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\Recent
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\PrintHood
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\NetHood
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\Documents\My Videos
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\Documents\My Pictures
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\Documents\My Music
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\My Documents
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\Local Settings
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\AppData\Local\History
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\Cookies
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\Application Data
[2010/10/12 16:11:39 | 000,000,000 | -HSD | C] -- C:\Users\frank\AppData\Local\Application Data
[2010/10/12 16:11:39 | 000,000,000 | -H-D | C] -- C:\Users\frank\AppData
[2010/10/12 16:11:39 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Temp
[2010/10/12 16:11:39 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Local\Microsoft
[2010/10/12 16:11:39 | 000,000,000 | ---D | C] -- C:\Users\frank\AppData\Roaming\Media Center Programs
[2010/10/12 16:11:13 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2010/11/05 10:51:49 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0


fgwjr2003
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-11-05
OS OS : windows 7
Points Points : 22321
# Likes # Likes : 0

View user profile

Back to top Go down

Please help, tidserve intrusion alert from Norton Security (cont.)

Post by fgwjr2003 on 5th November 2010, 4:44 pm

[2010/11/05 10:51:49 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 10:49:32 | 001,204,938 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\Cat.DB
[2010/11/05 10:44:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 10:40:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 10:39:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/05 10:39:09 | 2962,309,120 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/05 10:30:12 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/05 10:09:00 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/11/05 10:09:00 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/11/05 10:08:59 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/11/05 10:08:58 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/11/05 08:49:16 | 362,810,690 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/02 22:51:26 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/02 10:39:54 | 000,015,538 | ---- | M] () -- C:\Users\frank\Documents\ClaimEobAndLetterServlet.pdf
[2010/11/01 21:49:24 | 000,034,335 | ---- | M] () -- C:\Users\Public\Documents\gg011096.pdf
[2010/10/31 20:50:23 | 000,000,990 | ---- | M] () -- C:\Users\frank\Desktop\DVD Shrink 3.2.lnk
[2010/10/31 16:58:26 | 000,001,246 | ---- | M] () -- C:\Users\frank\Desktop\DVDVideoSoft Free Studio.lnk
[2010/10/31 16:43:09 | 000,010,752 | ---- | M] () -- C:\Users\frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 09:37:35 | 000,028,581 | ---- | M] () -- C:\Users\frank\Documents\Step One.docx
[2010/10/30 14:20:58 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/10/30 14:18:42 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/10/25 17:04:03 | 000,017,099 | ---- | M] () -- C:\Users\frank\Documents\Application Contents.docx
[2010/10/25 16:19:11 | 000,014,023 | ---- | M] () -- C:\Users\frank\Documents\Dear Alcohol.docx
[2010/10/25 16:19:11 | 000,000,162 | -H-- | M] () -- C:\Users\frank\Documents\~$ar Alcohol.docx
[2010/10/24 18:19:44 | 000,001,124 | ---- | M] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2010/10/24 18:19:44 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2010/10/23 12:35:08 | 000,017,881 | ---- | M] () -- C:\Users\frank\Documents\SC_Excel2010_C1_L1a_FrankWallace_2.xlsx
[2010/10/22 17:56:06 | 000,752,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/22 17:56:06 | 000,632,462 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/22 17:56:06 | 000,110,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/18 16:03:09 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/18 16:03:09 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/17 11:20:41 | 000,000,082 | ---- | M] () -- C:\Windows\PSPRTGEN.INI
[2010/10/17 11:20:40 | 000,153,200 | ---- | M] () -- C:\Windows\PSPRT.INI
[2010/10/17 11:03:07 | 000,000,070 | ---- | M] () -- C:\Windows\HGSpeech.ini
[2010/10/16 14:56:18 | 000,001,617 | ---- | M] () -- C:\Users\frank\Desktop\DivX Movies.lnk
[2010/10/16 14:55:50 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/10/16 14:55:10 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/10/16 14:48:30 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/16 10:07:37 | 000,000,127 | ---- | M] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2010/10/16 10:07:32 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2010/10/16 10:07:32 | 000,000,926 | ---- | M] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2010/10/15 20:06:35 | 000,398,848 | ---- | M] () -- C:\Users\frank\Documents\Living Sober MS Word.doc
[2010/10/14 17:59:40 | 000,351,259 | ---- | M] () -- C:\Users\frank\Documents\JavaRa.def
[2010/10/14 11:58:20 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 2400 Series.LNK
[2010/10/14 11:56:45 | 000,018,185 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/10/14 11:49:27 | 000,017,815 | ---- | M] () -- C:\Windows\SysWow64\LexFiles.ulf
[2010/10/14 11:02:28 | 000,000,219 | ---- | M] () -- C:\Users\frank\Desktop\Day of Defeat Source.url
[2010/10/14 11:01:35 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/10/13 17:06:30 | 000,424,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/13 09:45:32 | 000,001,870 | ---- | M] () -- C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/13 09:45:01 | 000,001,924 | ---- | M] () -- C:\Users\frank\Desktop\LimeWire 5.5.16.lnk
[2010/10/13 08:53:17 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/10/13 07:34:01 | 000,000,122 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/13 07:31:58 | 000,001,168 | ---- | M] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/10/13 07:31:58 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/10/12 23:01:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/12 21:27:24 | 000,002,496 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/10/12 21:22:26 | 000,000,994 | ---- | M] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/10/12 21:22:26 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/10/12 21:03:28 | 000,583,296 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys
[2010/10/12 21:03:26 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\isolate.ini
[2010/10/12 18:58:56 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2010/10/12 18:10:08 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/10/12 18:10:08 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/10/12 18:06:57 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2010/10/12 16:32:08 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/12 16:31:23 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/10/12 16:31:22 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/10/12 16:31:22 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/10/12 16:31:13 | 000,001,970 | ---- | M] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/12 16:31:13 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/12 16:28:22 | 000,001,444 | ---- | M] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/12 16:25:48 | 000,000,020 | ---- | M] () -- C:\Windows\
[2010/10/12 16:18:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/12 16:15:15 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/12 16:15:15 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/12 16:15:15 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/10/12 16:11:59 | 000,015,786 | ---- | M] () -- C:\Windows\SysNative\results.xml

========== Files Created - No Company Name ==========

[2010/11/05 10:30:12 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/05 10:20:34 | 000,351,259 | ---- | C] () -- C:\Users\frank\Documents\JavaRa.def
[2010/11/05 10:20:34 | 000,003,127 | ---- | C] () -- C:\Users\frank\Documents\Nederlands.lng
[2010/11/05 10:20:34 | 000,003,027 | ---- | C] () -- C:\Users\frank\Documents\Franais.lng
[2010/11/05 10:20:34 | 000,002,946 | ---- | C] () -- C:\Users\frank\Documents\Espaol.lng
[2010/11/05 10:20:34 | 000,002,920 | ---- | C] () -- C:\Users\frank\Documents\Italiano.lng
[2010/11/05 10:20:34 | 000,002,758 | ---- | C] () -- C:\Users\frank\Documents\Deutsch.lng
[2010/11/05 10:20:34 | 000,002,553 | ---- | C] () -- C:\Users\frank\Documents\Suomi.lng
[2010/11/05 08:49:16 | 362,810,690 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/02 22:51:26 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/02 10:39:54 | 000,015,538 | ---- | C] () -- C:\Users\frank\Documents\ClaimEobAndLetterServlet.pdf
[2010/11/01 21:49:24 | 000,034,335 | ---- | C] () -- C:\Users\Public\Documents\gg011096.pdf
[2010/10/31 20:50:23 | 000,000,990 | ---- | C] () -- C:\Users\frank\Desktop\DVD Shrink 3.2.lnk
[2010/10/31 16:58:22 | 000,001,246 | ---- | C] () -- C:\Users\frank\Desktop\DVDVideoSoft Free Studio.lnk
[2010/10/31 16:42:45 | 000,010,752 | ---- | C] () -- C:\Users\frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 01:10:59 | 000,028,581 | ---- | C] () -- C:\Users\frank\Documents\Step One.docx
[2010/10/30 14:20:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/30 14:18:42 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/10/25 17:04:01 | 000,017,099 | ---- | C] () -- C:\Users\frank\Documents\Application Contents.docx
[2010/10/25 16:19:11 | 000,014,023 | ---- | C] () -- C:\Users\frank\Documents\Dear Alcohol.docx
[2010/10/25 16:19:11 | 000,000,162 | -H-- | C] () -- C:\Users\frank\Documents\~$ar Alcohol.docx
[2010/10/24 18:19:44 | 000,001,124 | ---- | C] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2010/10/24 18:19:44 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2010/10/23 12:35:07 | 000,017,881 | ---- | C] () -- C:\Users\frank\Documents\SC_Excel2010_C1_L1a_FrankWallace_2.xlsx
[2010/10/17 15:42:16 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/17 15:42:16 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/17 11:03:07 | 000,081,920 | ---- | C] () -- C:\Windows\ASR32311.DLL
[2010/10/17 11:03:07 | 000,000,070 | ---- | C] () -- C:\Windows\HGSpeech.ini
[2010/10/17 11:03:05 | 000,153,200 | ---- | C] () -- C:\Windows\PSPRT.INI
[2010/10/17 11:03:05 | 000,000,082 | ---- | C] () -- C:\Windows\PSPRTGEN.INI
[2010/10/16 14:56:18 | 000,001,617 | ---- | C] () -- C:\Users\frank\Desktop\DivX Movies.lnk
[2010/10/16 14:55:50 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/10/16 14:55:10 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/10/16 14:48:30 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/16 10:07:37 | 000,076,407 | ---- | C] () -- C:\Users\frank\AppData\Roaming\Smiley.ico
[2010/10/16 10:07:37 | 000,000,127 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2010/10/16 10:07:32 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2010/10/16 10:07:32 | 000,000,926 | ---- | C] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2010/10/15 20:06:26 | 000,398,848 | ---- | C] () -- C:\Users\frank\Documents\Living Sober MS Word.doc
[2010/10/14 11:58:20 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 2400 Series.LNK
[2010/10/14 11:55:30 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\LXCRinst.dll
[2010/10/14 11:55:29 | 000,535,647 | ---- | C] () -- C:\Windows\SysNative\lxcrhelp.chm
[2010/10/14 11:55:29 | 000,018,185 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/10/14 11:55:29 | 000,002,365 | ---- | C] () -- C:\Windows\SysNative\lxcr.loc
[2010/10/14 11:28:26 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcrcomx.dll
[2010/10/14 11:28:26 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCRinst.dll
[2010/10/14 11:28:22 | 000,535,647 | ---- | C] () -- C:\Windows\SysWow64\lxcrhelp.chm
[2010/10/14 11:28:22 | 000,017,815 | ---- | C] () -- C:\Windows\SysWow64\LexFiles.ulf
[2010/10/14 11:28:22 | 000,002,365 | ---- | C] () -- C:\Windows\SysWow64\lxcr.loc
[2010/10/14 11:02:28 | 000,000,219 | ---- | C] () -- C:\Users\frank\Desktop\Day of Defeat Source.url
[2010/10/14 10:08:16 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/10/13 09:45:32 | 000,001,870 | ---- | C] () -- C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/13 09:45:01 | 000,001,924 | ---- | C] () -- C:\Users\frank\Desktop\LimeWire 5.5.16.lnk
[2010/10/13 08:53:17 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/10/13 07:34:01 | 000,000,122 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/13 07:31:58 | 000,001,168 | ---- | C] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/10/13 07:31:58 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/10/12 23:01:21 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/12 21:22:26 | 000,000,994 | ---- | C] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/10/12 21:22:26 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/10/12 21:15:23 | 000,000,766 | ---- | C] () -- C:\Windows\SysWow64\Uninstall.ico
[2010/10/12 19:00:13 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2010/10/12 18:06:57 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2010/10/12 18:01:31 | 2962,309,120 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/12 16:32:11 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/12 16:32:09 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/12 16:32:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/12 16:31:13 | 000,001,970 | ---- | C] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/12 16:31:13 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/12 16:28:22 | 000,001,444 | ---- | C] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet

fgwjr2003
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-11-05
OS OS : windows 7
Points Points : 22321
# Likes # Likes : 0

View user profile

Back to top Go down

Please help, tidserve intrusion alert from Norton Security (cont.)

Post by fgwjr2003 on 5th November 2010, 4:45 pm

Explorer Browser.lnk
[2010/10/12 16:25:48 | 000,000,020 | ---- | C] () -- C:\Windows\
[2010/10/12 16:18:13 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/10/12 16:18:13 | 000,000,169 | ---- | C] () -- C:\Windows\PidList.ini
[2010/10/12 16:18:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/12 16:15:15 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/12 16:15:15 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/10/12 16:11:59 | 000,015,786 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2010/10/12 16:11:39 | 000,000,290 | ---- | C] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/12 16:11:39 | 000,000,272 | ---- | C] () -- C:\Users\frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/12/17 05:24:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/17 05:24:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2009/12/17 05:25:09 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/11/05 10:39:09 | 2962,309,120 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/14 11:48:33 | 000,000,200 | ---- | M] () -- C:\lxcr.log
[2010/10/14 11:48:33 | 000,000,990 | ---- | M] () -- C:\lxcrcomx.log
[2010/11/05 10:39:22 | 3949,748,224 | -HS- | M] () -- C:\pagefile.sys
[2009/12/17 05:37:45 | 000,003,323 | ---- | M] () -- C:\RHDSetup.log

< %PROGRAMFILES%*. >
[2010/10/16 10:05:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip
[2010/10/16 21:07:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AC3File
[2010/10/17 01:36:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AC3Filter
[2010/11/05 10:30:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/10/16 14:46:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/10/14 13:05:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2010/10/22 17:43:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
[2010/10/12 21:22:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrent
[2010/11/05 10:30:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/10/17 08:46:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2010/10/17 08:46:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ConduitEngine
[2010/10/12 16:33:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/10/17 15:40:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2010/10/31 20:50:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVD Shrink
[2010/10/31 16:58:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft
[2009/12/17 05:58:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gateway
[2010/10/12 16:32:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/10/12 21:15:20 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/10/12 16:18:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2010/10/16 14:48:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/11/05 10:24:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/10/16 10:07:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\jZip
[2009/12/17 05:34:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Launch Manager
[2010/10/14 11:56:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lexmark 2400 Series
[2010/10/13 09:45:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2010/10/18 16:03:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee Security Scan
[2010/10/12 16:25:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/10/13 16:52:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/11/02 22:51:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/10/13 16:57:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2009/12/17 05:43:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2010/10/13 08:59:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/12 16:25:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/10/13 08:53:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/10/22 17:48:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/28 01:28:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/10/22 17:43:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2009/12/17 05:45:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewTech Infosystems
[2009/12/17 05:53:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Internet Security
[2009/12/17 05:53:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2010/10/24 18:20:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.NET
[2010/10/16 14:48:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/12/17 05:37:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2009/12/17 05:48:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2010/10/12 21:15:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2010/10/30 14:18:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010/11/04 22:42:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2009/12/17 05:37:45 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/10/12 16:18:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Video Web Camera
[2010/10/31 13:24:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoConverter
[2010/10/12 23:00:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/10/17 08:46:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze_Remote
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/10/22 17:45:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/10/13 09:00:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/13 09:00:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 00:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/10/24 21:59:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WorldWinner.com, Inc
[2010/10/13 07:33:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2010/10/17 15:04:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo Layers Client


fgwjr2003
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-11-05
OS OS : windows 7
Points Points : 22321
# Likes # Likes : 0

View user profile

Back to top Go down

Please help, tidserve intrusion alert from Norton Security (cont.)

Post by fgwjr2003 on 5th November 2010, 4:58 pm

< %appdata%*.* >
[2009/03/02 17:48:36 | 000,076,407 | ---- | M] () -- C:\Users\frank\AppData\Roaming\Smiley.ico


< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2009/10/13 14:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys


fgwjr2003
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-11-05
OS OS : windows 7
Points Points : 22321
# Likes # Likes : 0

View user profile

Back to top Go down

Please help, tidserve intrusion alert from Norton Security (cont.)

Post by fgwjr2003 on 5th November 2010, 4:59 pm

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

fgwjr2003
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-11-05
OS OS : windows 7
Points Points : 22321
# Likes # Likes : 0

View user profile

Back to top Go down

Please help, tidserve intrusion alert from Norton Security (cont.)

Post by fgwjr2003 on 5th November 2010, 5:00 pm

< MD5 for: USBSTOR.SYS >
[2009/07/13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS


fgwjr2003
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-11-05
OS OS : windows 7
Points Points : 22321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help, tidserve intrusion alert from Norton Security

Post by Sneakyone on 6th November 2010, 3:31 pm

Hi,

Welcome to GeekPolice.net!

Please don't make a topic for every reply; keep them all in this one.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help, tidserve intrusion alert from Norton Security

Post by fgwjr2003 on 6th November 2010, 10:48 pm

TDSSKiller Reports as requested

2010/11/06 17:38:03.0565 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/06 17:38:03.0565 ================================================================================
2010/11/06 17:38:03.0565 SystemInfo:
2010/11/06 17:38:03.0565
2010/11/06 17:38:03.0565 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/06 17:38:03.0565 Product type: Workstation
2010/11/06 17:38:03.0565 ComputerName: FRANK-PC
2010/11/06 17:38:03.0566 UserName: frank
2010/11/06 17:38:03.0566 Windows directory: C:\Windows
2010/11/06 17:38:03.0567 System windows directory: C:\Windows
2010/11/06 17:38:03.0567 Running under WOW64
2010/11/06 17:38:03.0567 Processor architecture: Intel x64
2010/11/06 17:38:03.0567 Number of processors: 4
2010/11/06 17:38:03.0567 Page size: 0x1000
2010/11/06 17:38:03.0567 Boot type: Normal boot
2010/11/06 17:38:03.0567 ================================================================================
2010/11/06 17:38:03.0567 Utility is running under WOW64
2010/11/06 17:38:04.0062 Initialize success
2010/11/06 17:44:57.0719 ================================================================================
2010/11/06 17:44:57.0719 Scan started
2010/11/06 17:44:57.0719 Mode: Manual;
2010/11/06 17:44:57.0719 ================================================================================
2010/11/06 17:44:57.0996 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/06 17:44:58.0156 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/06 17:44:58.0222 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/06 17:44:58.0393 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/06 17:44:58.0535 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/06 17:44:58.0650 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/06 17:44:58.0821 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/11/06 17:44:58.0980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/06 17:44:59.0114 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/06 17:44:59.0270 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/06 17:44:59.0438 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/06 17:44:59.0540 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/06 17:44:59.0689 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/06 17:44:59.0795 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/06 17:44:59.0903 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/06 17:45:00.0029 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/11/06 17:45:00.0177 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/11/06 17:45:00.0335 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/06 17:45:00.0491 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/06 17:45:00.0632 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/06 17:45:00.0819 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
2010/11/06 17:45:01.0160 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/06 17:45:01.0478 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/11/06 17:45:01.0696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/11/06 17:45:01.0890 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/11/06 17:45:02.0072 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys
2010/11/06 17:45:02.0263 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/06 17:45:02.0420 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/06 17:45:02.0563 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/06 17:45:02.0621 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/06 17:45:02.0742 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/11/06 17:45:02.0782 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/06 17:45:02.0933 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/06 17:45:02.0994 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/06 17:45:03.0012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/06 17:45:03.0141 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2010/11/06 17:45:03.0349 ccHP (1b79efc84b924a6932bb9d2a549de5c9) C:\Windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
2010/11/06 17:45:03.0523 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/06 17:45:03.0680 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/06 17:45:03.0833 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/06 17:45:03.0962 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/11/06 17:45:04.0129 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/06 17:45:04.0191 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/06 17:45:04.0312 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/11/06 17:45:04.0454 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/06 17:45:04.0611 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/06 17:45:04.0698 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/06 17:45:04.0893 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/11/06 17:45:05.0027 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/11/06 17:45:05.0184 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/11/06 17:45:05.0346 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
2010/11/06 17:45:05.0525 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/11/06 17:45:05.0604 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/06 17:45:05.0746 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/11/06 17:45:05.0962 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2010/11/06 17:45:06.0172 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/06 17:45:06.0351 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/06 17:45:06.0500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/06 17:45:06.0628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/11/06 17:45:06.0703 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/11/06 17:45:06.0823 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/06 17:45:06.0968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/11/06 17:45:07.0024 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/11/06 17:45:07.0147 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/06 17:45:07.0212 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/11/06 17:45:07.0245 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/11/06 17:45:07.0372 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/06 17:45:07.0537 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/06 17:45:07.0697 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/06 17:45:07.0849 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/06 17:45:08.0027 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/06 17:45:08.0175 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/11/06 17:45:08.0307 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/06 17:45:08.0361 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2010/11/06 17:45:08.0529 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/06 17:45:08.0578 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/06 17:45:08.0697 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/06 17:45:08.0836 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/06 17:45:09.0011 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/06 17:45:09.0206 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2010/11/06 17:45:09.0410 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/11/06 17:45:09.0617 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/06 17:45:09.0764 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/06 17:45:09.0954 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
2010/11/06 17:45:10.0010 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/06 17:45:10.0154 IDSVia64 (5b6fde76d72c2a1f0f99cbe5277e82ec) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101104.004\IDSvia64.sys
2010/11/06 17:45:10.0599 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/11/06 17:45:11.0135 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/06 17:45:11.0262 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
2010/11/06 17:45:11.0442 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
2010/11/06 17:45:11.0637 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
2010/11/06 17:45:11.0791 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/06 17:45:11.0846 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/06 17:45:11.0892 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/06 17:45:12.0020 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/06 17:45:12.0042 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/11/06 17:45:12.0097 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/11/06 17:45:12.0204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/06 17:45:12.0279 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/06 17:45:12.0399 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
2010/11/06 17:45:12.0588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/06 17:45:12.0715 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/06 17:45:12.0777 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/06 17:45:12.0902 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/06 17:45:13.0094 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/11/06 17:45:13.0261 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/06 17:45:13.0433 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/06 17:45:13.0615 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/06 17:45:13.0757 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/06 17:45:13.0942 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/06 17:45:13.0998 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/11/06 17:45:14.0183 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/11/06 17:45:14.0261 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/06 17:45:14.0302 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/06 17:45:14.0342 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/11/06 17:45:14.0368 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/06 17:45:14.0394 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/06 17:45:14.0534 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/06 17:45:14.0614 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/11/06 17:45:14.0752 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/11/06 17:45:14.0862 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/06 17:45:14.0970 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/11/06 17:45:15.0066 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/06 17:45:15.0137 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/06 17:45:15.0198 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/06 17:45:15.0279 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/06 17:45:15.0323 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/06 17:45:15.0385 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/06 17:45:15.0462 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/06 17:45:15.0550 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/11/06 17:45:15.0691 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/06 17:45:15.0751 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/06 17:45:15.0878 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/06 17:45:16.0017 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/06 17:45:16.0074 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/11/06 17:45:16.0114 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/11/06 17:45:16.0142 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/06 17:45:16.0177 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/11/06 17:45:16.0225 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/06 17:45:16.0261 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/11/06 17:45:16.0397 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/06 17:45:16.0614 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101106.003\ENG64.SYS
2010/11/06 17:45:16.0704 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101106.003\EX64.SYS
2010/11/06 17:45:16.0839 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/11/06 17:45:16.0958 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/06 17:45:17.0021 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/06 17:45:17.0111 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/06 17:45:17.0201 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/06 17:45:17.0285 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/11/06 17:45:17.0335 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/06 17:45:17.0382 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/06 17:45:17.0467 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/06 17:45:17.0617 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/11/06 17:45:17.0732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/06 17:45:17.0829 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/11/06 17:45:18.0011 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2010/11/06 17:45:18.0146 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/11/06 17:45:18.0218 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/06 17:45:18.0257 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/06 17:45:18.0383 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/06 17:45:18.0457 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/06 17:45:18.0534 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/11/06 17:45:18.0695 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/11/06 17:45:18.0833 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/11/06 17:45:18.0932 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/06 17:45:18.0977 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/06 17:45:19.0076 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/11/06 17:45:19.0150 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/11/06 17:45:19.0340 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/06 17:45:19.0439 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/11/06 17:45:19.0501 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/06 17:45:19.0571 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/11/06 17:45:19.0743 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/06 17:45:19.0979 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/06 17:45:20.0107 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/06 17:45:20.0175 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/06 17:45:20.0252 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/06 17:45:20.0401 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/06 17:45:20.0561 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/06 17:45:20.0664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/06 17:45:20.0776 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/06 17:45:20.0843 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/06 17:45:20.0887 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/06 17:45:20.0924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/06 17:45:20.0972 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/06 17:45:21.0015 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/11/06 17:45:21.0080 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/11/06 17:45:21.0231 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/06 17:45:21.0386 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\System32\Drivers\RtsUStor.sys
2010/11/06 17:45:21.0586 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
2010/11/06 17:45:21.0757 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/06 17:45:21.0912 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/06 17:45:22.0125 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/06 17:45:22.0292 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/06 17:45:22.0437 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/11/06 17:45:22.0598 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/06 17:45:22.0687 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/06 17:45:22.0817 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/06 17:45:22.0928 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/06 17:45:23.0071 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/06 17:45:23.0211 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/06 17:45:23.0291 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/06 17:45:23.0429 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/11/06 17:45:23.0563 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/11/06 17:45:23.0688 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS
2010/11/06 17:45:23.0904 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS
2010/11/06 17:45:24.0061 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/11/06 17:45:24.0220 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/06 17:45:24.0415 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2010/11/06 17:45:24.0583 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2010/11/06 17:45:24.0789 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2010/11/06 17:45:24.0967 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/06 17:45:25.0132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/06 17:45:25.0275 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/06 17:45:25.0400 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS
2010/11/06 17:45:25.0497 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2010/11/06 17:45:25.0698 SYMFW (6320bf296b62d324890866a13a296fc0) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS
2010/11/06 17:45:25.0851 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
2010/11/06 17:45:26.0007 SYMNDISV (21dcc664a1e0af7bf4c8aded8c9ff9d5) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS
2010/11/06 17:45:26.0180 SYMTDI (56a1cb71b8bb7ba9c41d2c9706df43cd) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS
2010/11/06 17:45:26.0308 SynTP (ecb9097c86db32bf3940590e0e1792c3) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/06 17:45:26.0525 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/11/06 17:45:26.0803 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/06 17:45:26.0944 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/06 17:45:27.0021 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/11/06 17:45:27.0152 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/11/06 17:45:27.0211 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/06 17:45:27.0242 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/06 17:45:27.0290 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/06 17:45:27.0332 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/06 17:45:27.0375 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/06 17:45:27.0401 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2010/11/06 17:45:27.0454 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/06 17:45:27.0526 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/06 17:45:27.0564 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/06 17:45:27.0604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/06 17:45:27.0635 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/06 17:45:27.0681 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/06 17:45:27.0697 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/06 17:45:27.0852 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/06 17:45:27.0982 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/06 17:45:28.0054 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/06 17:45:28.0104 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/06 17:45:28.0184 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/06 17:45:28.0219 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/06 17:45:28.0283 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2010/11/06 17:45:28.0449 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/06 17:45:28.0518 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/06 17:45:28.0547 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/11/06 17:45:28.0675 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/06 17:45:28.0847 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/06 17:45:28.0974 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/06 17:45:29.0065 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/11/06 17:45:29.0117 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/06 17:45:29.0238 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/06 17:45:29.0323 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/11/06 17:45:29.0447 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/11/06 17:45:29.0518 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/06 17:45:29.0763 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/06 17:45:29.0831 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/06 17:45:29.0965 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/11/06 17:45:30.0289 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/06 17:45:30.0512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/06 17:45:30.0587 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/11/06 17:45:30.0722 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2010/11/06 17:45:31.0021 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/06 17:45:31.0198 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/06 17:45:31.0312 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/11/06 17:45:31.0424 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2010/11/06 17:45:31.0516 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/06 17:45:31.0520 ================================================================================
2010/11/06 17:45:31.0520 Scan finished
2010/11/06 17:45:31.0520 ================================================================================
2010/11/06 17:45:31.0530 Detected object count: 1
2010/11/06 17:45:43.0892 \HardDisk0 - will be cured after reboot
2010/11/06 17:45:43.0892 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure


fgwjr2003
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-11-05
OS OS : windows 7
Points Points : 22321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help, tidserve intrusion alert from Norton Security

Post by Sneakyone on 6th November 2010, 11:37 pm

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help, tidserve intrusion alert from Norton Security

Post by fgwjr2003 on 7th November 2010, 1:40 am

Error msg.

Incompatible OS. Combofix only works for work stations with windows 2000 and XP

I have windows 7

?????

fgwjr2003
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-11-05
OS OS : windows 7
Points Points : 22321
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help, tidserve intrusion alert from Norton Security

Post by Sneakyone on 7th November 2010, 5:26 pm

Hi,

My apologies, you are running 64-bit. Indifferent or Blank

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum