Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old December 10th, 2011, 11:46 PM
nerak47 nerak47 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 112
blue screen

we having probs with our pc we got windows xp pro and our pc either locks up or we get the blue screen come up. Our Norton virus scan wont do a full scan cos of this prob. Was wondering if any help you could off. Thank you in advance.
Reply With Quote


  #2  
Old December 11th, 2011, 02:55 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it (For Vista/Windows 7, right click the file and select: Run as Administrator)
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

----------
Click this link to download OldTimer's OTL to your desktop.
http://oldtimer.geekstogo.com/OTL.exe

Next, click OTL.exe to open the scan display.(Vista and windows7 Users, right click on OTL.exe and click on Run As Administrator) At the top check "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.
-----------------
Reply With Quote
  #3  
Old December 11th, 2011, 03:04 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Oncetyou have posted those logs, let's see if we can get any information from your crash dump files.

Download Whocrashedsetup.exe from this link:
http://www.resplendence.com/download...ashedSetup.exe

Save the file to your desktop.
Double click on whocrashedSetup.exe

This will install the program. Setup will also download the windows debugging tool and install it. That may take a few minutes.


Accept the defaults during setup.
After setup has finished, WhoCrashed will open.

Click the analyze button.
When the analysis is complete, a message will tell you to scroll down the window for the report.
Copy and paste the analysis into your next reply here. This may help us to pinpoint which driver might be causing the crash.
Reply With Quote
  #4  
Old December 12th, 2011, 11:49 PM
nerak47 nerak47 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 112
this is how far i got on scan before machine froze

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-11 17:28:22
-----------------------------
17:28:22.265 OS Version: Windows 5.1.2600 Service Pack 3
17:28:22.265 Number of processors: 2 586 0x6B02
17:28:22.265 ComputerName: HU UserName:
17:28:24.765 Initialize success
17:28:34.390 AVAST engine defs: 11121101
17:28:38.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000075
17:28:38.437 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAC Size: 238475MB BusType: 3
17:28:40.468 Disk 0 MBR read successfully
17:28:40.468 Disk 0 MBR scan
17:28:40.500 Disk 0 Windows XP default MBR code
17:28:40.500 Disk 0 scanning sectors +488376000
17:28:40.593 Disk 0 scanning C:\WINXPPRO\system32\drivers
17:28:51.296 Service scanning
17:28:52.312 Modules scanning
17:29:09.078 Disk 0 trace - called modules:
17:29:09.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
17:29:09.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a71bab8]
17:29:09.125 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000076[0x8a75ef18]
17:29:09.125 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000075[0x8a6de030]
17:29:11.890 AVAST engine scan C:\WINXPPRO
17:29:36.390 AVAST engine scan C:\WINXPPRO\system32
17:31:34.453 AVAST engine scan C:\WINXPPRO\system32\drivers
17:31:52.125 AVAST engine scan C:\Documents and Settings\user.HU
17:32:18.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user.HU\Desktop\MBR.dat"
17:32:18.562 The log file has been saved successfully to "C:\Documents and Settings\user.HU\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-11 17:28:22
-----------------------------
17:28:22.265 OS Version: Windows 5.1.2600 Service Pack 3
17:28:22.265 Number of processors: 2 586 0x6B02
17:28:22.265 ComputerName: HU UserName:
17:28:24.765 Initialize success
17:28:34.390 AVAST engine defs: 11121101
17:28:38.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000075
17:28:38.437 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAC Size: 238475MB BusType: 3
17:28:40.468 Disk 0 MBR read successfully
17:28:40.468 Disk 0 MBR scan
17:28:40.500 Disk 0 Windows XP default MBR code
17:28:40.500 Disk 0 scanning sectors +488376000
17:28:40.593 Disk 0 scanning C:\WINXPPRO\system32\drivers
17:28:51.296 Service scanning
17:28:52.312 Modules scanning
17:29:09.078 Disk 0 trace - called modules:
17:29:09.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
17:29:09.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a71bab8]
17:29:09.125 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000076[0x8a75ef18]
17:29:09.125 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000075[0x8a6de030]
17:29:11.890 AVAST engine scan C:\WINXPPRO
17:29:36.390 AVAST engine scan C:\WINXPPRO\system32
17:31:34.453 AVAST engine scan C:\WINXPPRO\system32\drivers
17:31:52.125 AVAST engine scan C:\Documents and Settings\user.HU
17:32:18.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user.HU\Desktop\MBR.dat"
17:32:18.562 The log file has been saved successfully to "C:\Documents and Settings\user.HU\Desktop\aswMBR.txt"
17:36:01.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user.HU\Desktop\MBR.dat"
17:36:01.234 The log file has been saved successfully to "C:\Documents and Settings\user.HU\Desktop\aswMBR.txt"
Reply With Quote
  #5  
Old December 13th, 2011, 12:40 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Were you able to run the otl.exe scan or whocrashed?
Reply With Quote
  #6  
Old December 13th, 2011, 06:16 PM
nerak47 nerak47 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 112
this is it ..

computer name: HU
windows version: Windows XP Service Pack 3, 5.1, build: 2600
windows dir: C:\WINXPPRO
CPU: AuthenticAMD AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ AMD586, level: 15
2 logical processors, active mask: 3
RAM: 2145824768 total
VM: 2147352576, free: 2045038592



--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINXPPRO\Minidump

Crash dumps are enabled on your computer.


On Mon 12/12/2011 22:20:12 GMT your computer crashed
crash dump file: C:\WINXPPRO\memory.dmp
This was probably caused by the following module: Unknown ()
Bugcheck code: 0xF4 (0x3, 0xFFFFFFFF898EDAF8, 0xFFFFFFFF898EDC6C, 0xFFFFFFFF805D29B4)
Error: CRITICAL_OBJECT_TERMINATION
Bug check description: This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: Unknown .
Google query: Unknown CRITICAL_OBJECT_TERMINATION




On Sun 11/12/2011 01:33:34 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini121111-01.dmp
This was probably caused by the following module: Unknown (0x0108E829)
Bugcheck code: 0xF4 (0x3, 0xFFFFFFFF8A501178, 0xFFFFFFFF8A5012EC, 0xFFFFFFFF805D29B4)
Error: CRITICAL_OBJECT_TERMINATION
Bug check description: This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: Unknown .
Google query: Unknown CRITICAL_OBJECT_TERMINATION




On Sat 10/12/2011 23:28:43 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini121011-01.dmp
This was probably caused by the following module: win32k.sys (win32k+0xF2F79)
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFFBF8F2F79, 0xFFFFFFFFAC3E6850, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\WINXPPRO\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Fri 09/12/2011 17:12:33 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini120911-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x22F43)
Bugcheck code: 0x77 (0x1, 0xFFFFFFFF808F0F1E, 0x0, 0xFFFFFFFFA860BC20)
Error: KERNEL_STACK_INPAGE_ERROR
file path: C:\WINXPPRO\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Thu 08/12/2011 22:00:11 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini120811-03.dmp
This was probably caused by the following module: nvnrm.sys (NVNRM+0x10C552)
Bugcheck code: 0xF4 (0x3, 0xFFFFFFFF8A528020, 0xFFFFFFFF8A528194, 0xFFFFFFFF805D29B4)
Error: CRITICAL_OBJECT_TERMINATION
file path: C:\WINXPPRO\system32\drivers\nvnrm.sys
product: NVNRM
company: NVIDIA Corporation
description: NVIDIA Network Resource Manager.
Bug check description: This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: nvnrm.sys (NVIDIA Network Resource Manager., NVIDIA Corporation).
Google query: nvnrm.sys NVIDIA Corporation CRITICAL_OBJECT_TERMINATION




On Thu 08/12/2011 21:41:18 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini120811-02.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x22F43)
Bugcheck code: 0x77 (0x1, 0x6F724975, 0x0, 0xFFFFFFFFA99DCC34)
Error: KERNEL_STACK_INPAGE_ERROR
file path: C:\WINXPPRO\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Thu 08/12/2011 14:45:37 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini120811-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x22F43)
Bugcheck code: 0x77 (0xFFFFFFFFC0000185, 0xFFFFFFFFC0000185, 0x0, 0xA9D1000)
Error: KERNEL_STACK_INPAGE_ERROR
file path: C:\WINXPPRO\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Tue 06/12/2011 17:42:42 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini120611-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x22F43)
Bugcheck code: 0x77 (0x1, 0x0, 0x0, 0xFFFFFFFFA99F7C34)
Error: KERNEL_STACK_INPAGE_ERROR
file path: C:\WINXPPRO\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Wed 30/11/2011 12:31:51 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini113011-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x22F43)
Bugcheck code: 0x77 (0x1, 0x0, 0x0, 0xFFFFFFFFA96E7960)
Error: KERNEL_STACK_INPAGE_ERROR
file path: C:\WINXPPRO\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 28/11/2011 12:14:35 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini112811-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x22F43)
Bugcheck code: 0x77 (0x1, 0xFFFFFFFFAF738801, 0x0, 0xFFFFFFFFA998FC34)
Error: KERNEL_STACK_INPAGE_ERROR
file path: C:\WINXPPRO\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 27/11/2011 12:10:45 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini112711-01.dmp
This was probably caused by the following module: disk.sys (disk+0x5FD1)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFFFFF80572000, 0xFFFFFFFFBA503828, 0xFFFFFFFFBA503524)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\WINXPPRO\system32\drivers\disk.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: PnP Disk Driver
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Tue 15/11/2011 13:05:13 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini111511-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x9B20B)
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF8057220B, 0xFFFFFFFFBA507897, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\WINXPPRO\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 13/11/2011 12:12:29 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini111311-01.dmp
This was probably caused by the following module: acpi.sys (ACPI+0x22078)
Bugcheck code: 0x1000007E (0xFFFFFFFFC000001D, 0xFFFFFFFFB9F9B078, 0xFFFFFFFFBA50B854, 0xFFFFFFFFBA50B550)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\WINXPPRO\system32\drivers\acpi.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: ACPI Driver for NT
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Sat 05/11/2011 13:02:36 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini110511-01.dmp
This was probably caused by the following module: Unknown (0x0000FC45)
Bugcheck code: 0x1000007E (0xFFFFFFFFC000001D, 0xFFFFFFFF8057212C, 0xFFFFFFFFBA4FB844, 0xFFFFFFFFBA4FB540)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: Unknown .
Google query: Unknown SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M




On Thu 27/10/2011 11:14:48 GMT your computer crashed
crash dump file: C:\WINXPPRO\Minidump\Mini102711-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22F43)
Bugcheck code: 0x77 (0x1, 0x0, 0x0, 0xFFFFFFFFA9BD3CBC)
Error: KERNEL_STACK_INPAGE_ERROR
file path: C:\WINXPPRO\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.



--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

58 crash dumps have been found and analyzed. Only 15 are included in this report. 3 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

rapportpg.sys (RapportPG, Trusteer Ltd.)

nvnrm.sys (NVIDIA Network Resource Manager., NVIDIA Corporation)

unknown

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
Reply With Quote
  #7  
Old December 14th, 2011, 03:12 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Were you able to perform a scan with otl.exe? Please read my questuins carefully and be sure to follow and reply in full. Otherwise we will never work to a resolution.

Also, have you recently made any changes to your system, like installing any new hardware or updating any device drivers or programs?
Reply With Quote
  #8  
Old December 14th, 2011, 02:31 PM
nerak47 nerak47 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 112
I am trying to do the otl.exe again, each time i have tried to do it the computer just freezes or blue screen comes up. Shall post it if i do it this time.
Have not installed anything new.
Reply With Quote
  #9  
Old December 14th, 2011, 02:46 PM
nerak47 nerak47 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 112
OTL logfile created on: 14/12/2011 13:30:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user.HU\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.04% Memory free
3.85 Gb Paging File | 3.00 Gb Available in Paging File | 77.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXPPRO | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 153.69 Gb Free Space | 66.00% Space Free | Partition Type: NTFS

Computer Name: HU | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 13:29:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user.HU\My Documents\Downloads\OTL(1).exe
PRC - [2011/11/09 01:52:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccsvchst.exe
PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXPPRO\explorer.exe
PRC - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
PRC - [2006/09/11 19:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/09/11 19:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/13 16:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/09 21:48:49 | 008,527,008 | ---- | M] () -- C:\WINXPPRO\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/09 18:31:07 | 000,303,104 | ---- | M] () -- C:\WINXPPRO\assembly\GAC_MSIL\System.Runtime.Remot ing\2.0.0.0__b77a5c561934e089\System.Runtime.Remot ing.dll
MOD - [2011/11/09 01:52:12 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/31 13:31:39 | 011,800,576 | ---- | M] () -- C:\WINXPPRO\assembly\NativeImages_v2.0.50727_32\Sy stem.Web\60df958ca96c9b8945f836759b6abd34\System.W eb.ni.dll
MOD - [2011/10/31 13:31:11 | 000,971,264 | ---- | M] () -- C:\WINXPPRO\assembly\NativeImages_v2.0.50727_32\Sy stem.Configuration\bce0720436dc6cb76006377f295ea36 5\System.Configuration.ni.dll
MOD - [2011/10/31 13:30:27 | 000,025,600 | ---- | M] () -- C:\WINXPPRO\assembly\NativeImages_v2.0.50727_32\Ac cessibility\d86a3346c3d90ff12d0df9d7726f3ece\Acces sibility.ni.dll
MOD - [2011/10/31 13:29:11 | 005,450,752 | ---- | M] () -- C:\WINXPPRO\assembly\NativeImages_v2.0.50727_32\Sy stem.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.X ml.ni.dll
MOD - [2011/10/31 13:29:06 | 012,430,848 | ---- | M] () -- C:\WINXPPRO\assembly\NativeImages_v2.0.50727_32\Sy stem.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7 a\System.Windows.Forms.ni.dll
MOD - [2011/10/31 13:28:55 | 001,587,200 | ---- | M] () -- C:\WINXPPRO\assembly\NativeImages_v2.0.50727_32\Sy stem.Drawing\c10bea3c4bb7ef654651141bf9419090\Syst em.Drawing.ni.dll
MOD - [2011/10/31 13:28:31 | 007,950,848 | ---- | M] () -- C:\WINXPPRO\assembly\NativeImages_v2.0.50727_32\Sy stem\af39f6e644af02873b9bae319f2bfb13\System.ni.dl l
MOD - [2011/10/31 13:28:22 | 011,490,816 | ---- | M] () -- C:\WINXPPRO\assembly\NativeImages_v2.0.50727_32\ms corlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.n i.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/12 15:57:06 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard. dll
MOD - [2011/08/07 12:24:56 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users.WINXPPRO\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\R apportMS.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
MOD - [2006/04/13 16:14:26 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2006/04/13 16:14:26 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2006/04/13 16:14:26 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe -- (NAV)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/09/11 19:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/09/11 19:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 16:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2011/12/09 16:15:59 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINXPPRO\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\ 20111213.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/09 16:15:59 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/09 16:15:59 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/09 16:15:59 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINXPPRO\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\ 20111213.035\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/09 16:11:21 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINXPPRO\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/08 16:08:16 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINXPPRO\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20 111212.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/23 23:08:44 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINXPPRO\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\2 0111123.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINXPPRO\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\b aseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINXPPRO\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/10/12 20:53:08 | 007,206,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXPPRO\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/09/27 00:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINXPPRO\system32\drivers\NAV\1302000.00A\SYMEF A.SYS -- (SymEFA)
DRV - [2011/08/08 23:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINXPPRO\system32\drivers\NAV\1302000.00A\ccSet x86.sys -- (ccSet_NAV)
DRV - [2011/08/07 12:24:56 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users.WINXPPRO\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\R apportIaso.sys -- (RapportIaso)
DRV - [2011/08/03 02:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINXPPRO\System32\Drivers\NAV\1302000.00A\SRTSP .SYS -- (SRTSP)
DRV - [2011/08/03 02:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINXPPRO\system32\drivers\NAV\1302000.00A\SRTSP X.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/26 02:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINXPPRO\System32\Drivers\NAV\1302000.00A\SYMTD I.SYS -- (SYMTDI)
DRV - [2011/07/26 02:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINXPPRO\system32\drivers\NAV\1302000.00A\SYMDS .SYS -- (SymDS)
DRV - [2011/07/26 02:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINXPPRO\system32\drivers\NAV\1302000.00A\Ironx 86.SYS -- (SymIRON)
DRV - [2009/03/25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXPPRO\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXPPRO\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXPPRO\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXPPRO\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXPPRO\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXPPRO\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXPPRO\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINXPPRO\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/12/06 11:41:16 | 000,044,416 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINXPPRO\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/09/11 11:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXPPRO\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 11:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXPPRO\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/11 11:45:26 | 000,110,592 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINXPPRO\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/08/21 10:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXPPRO\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINXPPRO\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/17 09:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINXPPRO\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 11:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINXPPRO\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINXPPRO\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXPPRO\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=axl&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXPPRO\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=axl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.virginmedia.com"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bc47732e8-422b-4676-abf9-ab33b128c778%7D&mid=78500f63346c47d1883ed157ca2b96 0d-6019bc1ee73dec824b5b5d677becd3e923e1923a&ds=AVG&v= 8.0.0.34.1&lang=en&pr=fr&d=2011-10-29%2021%3A30%3A03&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXPPRO\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINXPPRO\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINXPPRO\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\user.HU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbg bpiphf\1.0.3.152_0\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users.WINXPPRO\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2011/12/09 16:19:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 01:52:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 18:19:59 | 000,000,000 | ---D | M]

[2011/04/14 18:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user.HU\Application Data\Mozilla\Extensions
[2011/11/24 23:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user.HU\Application Data\Mozilla\Firefox\Profiles\yjp0oi1t.default\ext ensions
[2010/12/28 16:15:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user.HU\Application Data\Mozilla\Firefox\Profiles\yjp0oi1t.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/29 20:30:05 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\user.HU\Application Data\Mozilla\Firefox\Profiles\yjp0oi1t.default\ext ensions\avg@toolbar
[2011/10/12 16:36:46 | 000,003,674 | ---- | M] () -- C:\Documents and Settings\user.HU\Application Data\Mozilla\Firefox\Profiles\yjp0oi1t.default\sea rchplugins\avg-secure-search.xml
[2010/09/14 12:48:25 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\user.HU\Application Data\Mozilla\Firefox\Profiles\yjp0oi1t.default\sea rchplugins\BearShareWebSearch.xml
[2011/11/09 01:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/23 18:14:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/29 21:04:33 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/11/09 01:52:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/14 12:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/09/29 00:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/03 17:19:52 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/11/09 01:52:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf 32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINXPPRO\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINXPPRO\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoo gleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.d ll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\user.HU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINXPPRO\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SOE Web Installer = C:\Documents and Settings\user.HU\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbg bpiphf\1.0.3.152_0\

O1 HOSTS File: ([2007/07/27 12:00:00 | 000,000,734 | ---- | M]) - C:\WINXPPRO\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi. dll File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi. dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINXPPRO\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINXPPRO\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINXPPRO\System32\GPhotos.scr (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINXPPRO\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINXPPRO\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINXPPRO\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINXPPRO\system32\nvappfilter.dll (NVIDIA)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1293487344656 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{913F6352-FAAD-4655-95FD-EAF475C11343}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINXPPRO\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXPPRO\system32\userinit.exe) -C:\WINXPPRO\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINXPPRO\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\user.HU\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user.HU\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/27 21:15:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{43e581a6-1e81-11e0-a993-001e8ccf7ffe}\Shell - "" = AutoRun
O33 - MountPoints2\{43e581a6-1e81-11e0-a993-001e8ccf7ffe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{43e581a6-1e81-11e0-a993-001e8ccf7ffe}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 21:59:59 | 000,000,000 | -HSD | C] -- C:\found.004
[2011/12/13 17:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXPPRO\Start Menu\Programs\WhoCrashed
[2011/12/13 17:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/12/10 22:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.HU\Application Data\ParetoLogic
[2011/12/10 22:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.HU\Application Data\DriverCure
[2011/12/10 22:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/12/10 22:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXPPRO\Application Data\ParetoLogic
[2011/12/10 20:43:24 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/12/09 22:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXPPRO\Start Menu\Programs\PlanetSide
[2011/12/09 16:15:46 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symef a.sys
[2011/12/09 16:15:46 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\srtsp .sys
[2011/12/09 16:15:46 | 000,387,192 | ---- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symtd i.sys
[2011/12/09 16:15:46 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symtd iv.sys
[2011/12/09 16:15:46 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symds .sys
[2011/12/09 16:15:46 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symne ts.sys
[2011/12/09 16:15:46 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\ironx 86.sys
[2011/12/09 16:15:46 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\ccset x86.sys
[2011/12/09 16:15:46 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\srtsp x.sys
[2011/12/09 16:15:40 | 000,000,000 | ---D | C] -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A
[2011/12/09 16:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.HU\My Documents\Symantec
[2011/12/09 16:11:21 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\SYMEVENT.SYS
[2011/12/09 16:11:21 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINXPPRO\System32\S32EVNT1.DLL
[2011/12/09 16:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/09 16:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/09 16:10:57 | 000,000,000 | ---D | C] -- C:\WINXPPRO\System32\drivers\NAV
[2011/12/09 16:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/12/09 16:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/12/09 16:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXPPRO\Start Menu\Programs\Norton AntiVirus
[2011/12/09 16:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXPPRO\Application Data\Norton
[2011/12/09 16:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/09 16:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXPPRO\Application Data\NortonInstaller
[2011/12/09 13:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXPPRO\Application Data\AVAST Software
[2011/12/08 21:57:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINXPPRO\System32\drivers\mbamswissarmy.sys
[2011/12/02 02:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Tool
[2010/11/29 18:06:52 | 081,898,280 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[13 C:\WINXPPRO\*.tmp files -> C:\WINXPPRO\*.tmp -> ]
[1 C:\WINXPPRO\System32\*.tmp files -> C:\WINXPPRO\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 13:25:17 | 000,013,646 | ---- | M] () -- C:\WINXPPRO\System32\wpa.dbl
[2011/12/14 13:05:56 | 000,000,878 | ---- | M] () -- C:\WINXPPRO\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/14 13:05:50 | 000,002,048 | --S- | M] () -- C:\WINXPPRO\bootstat.dat
[2011/12/14 13:05:45 | 000,095,072 | ---- | M] () -- C:\WINXPPRO\System32\FNTCACHE.DAT
[2011/12/14 13:03:38 | 000,591,495 | ---- | M] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\Cat.D B
[2011/12/14 13:03:32 | 000,001,393 | ---- | M] () -- C:\WINXPPRO\imsins.BAK
[2011/12/14 12:42:00 | 000,000,882 | ---- | M] () -- C:\WINXPPRO\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/13 17:13:13 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\user.HU\Desktop\WhoCrashed.lnk
[2011/12/12 22:21:11 | 2145,386,496 | ---- | M] () -- C:\WINXPPRO\MEMORY.DMP
[2011/12/11 16:11:01 | 000,001,324 | ---- | M] () -- C:\WINXPPRO\System32\d3d9caps.dat
[2011/12/09 23:24:02 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\user.HU\Desktop\Planetside.lnk
[2011/12/09 22:54:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXPPRO\System32\FlashPlayerCPLApp.cpl
[2011/12/09 22:25:19 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users.WINXPPRO\Desktop\PlanetSide.lnk
[2011/12/09 18:31:27 | 000,433,452 | ---- | M] () -- C:\WINXPPRO\System32\perfh009.dat
[2011/12/09 18:31:27 | 000,068,408 | ---- | M] () -- C:\WINXPPRO\System32\perfc009.dat
[2011/12/09 16:18:31 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users.WINXPPRO\Desktop\Norton AntiVirus.LNK
[2011/12/09 16:16:00 | 000,004,782 | ---- | M] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\VT201 11023.023
[2011/12/09 16:11:21 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINXPPRO\System32\drivers\SYMEVENT.SYS
[2011/12/09 16:11:21 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINXPPRO\System32\S32EVNT1.DLL
[2011/12/09 16:11:21 | 000,007,510 | ---- | M] () -- C:\WINXPPRO\System32\drivers\SYMEVENT.CAT
[2011/12/09 16:11:21 | 000,000,806 | ---- | M] () -- C:\WINXPPRO\System32\drivers\SYMEVENT.INF
[2011/12/09 15:52:09 | 000,002,577 | ---- | M] () -- C:\WINXPPRO\System32\CONFIG.NT
[2011/12/08 21:57:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINXPPRO\System32\drivers\mbamswissarmy.sys
[2011/11/23 13:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINXPPRO\System32\win32k.sys
[2011/11/23 13:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINXPPRO\System32\dllcache\win32k.sys
[13 C:\WINXPPRO\*.tmp files -> C:\WINXPPRO\*.tmp -> ]
[1 C:\WINXPPRO\System32\*.tmp files -> C:\WINXPPRO\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/13 17:13:13 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\user.HU\Desktop\WhoCrashed.lnk
[2011/12/09 23:24:02 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\user.HU\Desktop\Planetside.lnk
[2011/12/09 22:25:11 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users.WINXPPRO\Desktop\PlanetSide.lnk
[2011/12/09 16:17:31 | 000,591,495 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\Cat.D B
[2011/12/09 16:16:16 | 000,004,782 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\VT201 11023.023
[2011/12/09 16:15:46 | 000,007,877 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symne tv.cat
[2011/12/09 16:15:46 | 000,007,510 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\ccset x86.cat
[2011/12/09 16:15:46 | 000,007,498 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symef a.cat
[2011/12/09 16:15:46 | 000,007,496 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\srtsp x.cat
[2011/12/09 16:15:46 | 000,007,492 | R--- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symds .cat
[2011/12/09 16:15:46 | 000,007,492 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\srtsp .cat
[2011/12/09 16:15:46 | 000,007,492 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\iron. cat
[2011/12/09 16:15:46 | 000,007,458 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symne t.cat
[2011/12/09 16:15:46 | 000,003,433 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symef a.inf
[2011/12/09 16:15:46 | 000,002,852 | R--- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symds .inf
[2011/12/09 16:15:46 | 000,001,468 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symne tv.inf
[2011/12/09 16:15:46 | 000,001,440 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\symne t.inf
[2011/12/09 16:15:46 | 000,001,389 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\srtsp x.inf
[2011/12/09 16:15:46 | 000,001,389 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\srtsp .inf
[2011/12/09 16:15:46 | 000,000,828 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\ccset x86.inf
[2011/12/09 16:15:46 | 000,000,742 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\iron. inf
[2011/12/09 16:15:40 | 000,000,172 | ---- | C] () -- C:\WINXPPRO\System32\drivers\NAV\1302000.00A\isola te.ini
[2011/12/09 16:11:21 | 000,007,510 | ---- | C] () -- C:\WINXPPRO\System32\drivers\SYMEVENT.CAT
[2011/12/09 16:11:21 | 000,000,806 | ---- | C] () -- C:\WINXPPRO\System32\drivers\SYMEVENT.INF
[2011/12/09 16:11:19 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users.WINXPPRO\Desktop\Norton AntiVirus.LNK
[2011/10/12 16:16:30 | 000,056,832 | ---- | C] () -- C:\WINXPPRO\System32\OpenVideo.dll
[2011/09/04 09:45:46 | 000,001,324 | ---- | C] () -- C:\WINXPPRO\System32\d3d9caps.dat
[2011/04/06 16:17:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user.HU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/10 13:31:57 | 000,000,754 | ---- | C] () -- C:\WINXPPRO\WORDPAD.INI
[2011/01/12 14:28:01 | 000,000,000 | ---- | C] () -- C:\WINXPPRO\EEventManager.INI
[2010/12/27 22:30:27 | 000,000,000 | ---- | C] () -- C:\WINXPPRO\nsreg.dat
[2010/12/27 21:34:02 | 000,000,000 | ---- | C] () -- C:\WINXPPRO\ativpsrm.bin
[2010/12/27 21:33:55 | 000,887,724 | ---- | C] () -- C:\WINXPPRO\System32\ativva6x.dat
[2010/12/27 21:33:55 | 000,239,869 | ---- | C] () -- C:\WINXPPRO\System32\atiicdxx.dat
[2010/12/27 21:33:55 | 000,000,003 | ---- | C] () -- C:\WINXPPRO\System32\ativva5x.dat
[2010/12/27 21:23:06 | 000,001,428 | R--- | C] () -- C:\WINXPPRO\System32\drivers\nvphy.bin
[2010/12/27 21:22:40 | 000,000,804 | R--- | C] () -- C:\WINXPPRO\System32\AsusSetup.ini
[2010/12/27 21:22:40 | 000,000,396 | R--- | C] () -- C:\WINXPPRO\System32\raidmgmt.ini
[2010/12/27 21:22:24 | 000,033,860 | ---- | C] () -- C:\WINXPPRO\Ascd_tmp.ini
[2010/12/27 21:22:24 | 000,005,810 | R--- | C] () -- C:\WINXPPRO\System32\drivers\ASACPI.sys
[2010/12/27 21:22:15 | 000,010,288 | ---- | C] () -- C:\WINXPPRO\System32\drivers\ASUSHWIO.SYS
[2010/12/27 21:18:22 | 000,002,048 | --S- | C] () -- C:\WINXPPRO\bootstat.dat
[2010/12/27 21:12:21 | 000,022,720 | ---- | C] () -- C:\WINXPPRO\System32\emptyregdb.dat
[2010/12/27 21:05:43 | 000,004,205 | ---- | C] () -- C:\WINXPPRO\ODBCINST.INI
[2010/12/27 21:02:47 | 000,095,072 | ---- | C] () -- C:\WINXPPRO\System32\FNTCACHE.DAT
[2010/08/06 00:30:51 | 000,637,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINXPPRO\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINXPPRO\System32\AgCPanelTraditionalChinese.dl l
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINXPPRO\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINXPPRO\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINXPPRO\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINXPPRO\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINXPPRO\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINXPPRO\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINXPPRO\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINXPPRO\System32\AgCPanelFrench.dll
[2007/07/27 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINXPPRO\System32\oembios.bin
[2007/07/27 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINXPPRO\System32\mlang.dat
[2007/07/27 12:00:00 | 000,433,452 | ---- | C] () -- C:\WINXPPRO\System32\perfh009.dat
[2007/07/27 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINXPPRO\System32\perfi009.dat
[2007/07/27 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINXPPRO\System32\dssec.dat
[2007/07/27 12:00:00 | 000,090,112 | ---- | C] () -- C:\WINXPPRO\System32\mycomput.dll
[2007/07/27 12:00:00 | 000,068,408 | ---- | C] () -- C:\WINXPPRO\System32\perfc009.dat
[2007/07/27 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINXPPRO\System32\mib.bin
[2007/07/27 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINXPPRO\System32\perfd009.dat
[2007/07/27 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINXPPRO\System32\secupd.dat
[2007/07/27 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINXPPRO\System32\oembios.dat
[2007/07/27 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINXPPRO\System32\dcache.bin
[2007/07/27 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINXPPRO\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINXPPRO\Application Data\TEMP:0B4227B4

< End of report >
Reply With Quote
  #10  
Old December 16th, 2011, 06:19 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Is your E: drive a flash drive?
Reply With Quote
  #11  
Old December 16th, 2011, 06:57 PM
nerak47 nerak47 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 112
I dont have a E drive
Reply With Quote
  #12  
Old December 16th, 2011, 07:50 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
At some point you had a drive inserted and it was assigned the letter E:.

It shows in your logs:


O33 - MountPoints2\{43e581a6-1e81-11e0-a993-001e8ccf7ffe}\Shell\AutoRun\command - "" = E:\Startme.exe


Did you ever use a flash drive in this computer?
Reply With Quote
  #13  
Old December 16th, 2011, 10:59 PM
nerak47 nerak47 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 112
i did buy a usb thing maybe that is what a flash drive is. It never worked.
Reply With Quote
  #14  
Old December 18th, 2011, 12:21 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
It nevber worked? Did you return it or do you still have it? Can you tell me what happened when you inserted it?

Your Windows Folder is listed as C:\WINXPPRO
That's not the usual name for the Windows folder. Did you do a paralell install at some point?
Reply With Quote
  #15  
Old December 19th, 2011, 02:37 PM
nerak47 nerak47 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 112
hi

sorry not replied but had to forward the email to my husbands so i could open it.
He said we did install windows over the top at some point. Also the E drive you was on about is where we plug our camera lead in to to view the photos. When i am logged on to the computer i get problems with the blue screen but when my husband is logged on to his side it doesnt seem to happen. I do do alot more on the pc than my husband does.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 02:01 PM.