JoshLyman

Members
  • Content Count

    29
  • Joined

  • Last visited

About JoshLyman

  • Rank
    Member

Profile Information

  • Gender
    Male
  • Location
    UK
  1. hey all, I seem to be having a problem accessing my hotmail account, it appears to have something to do with my wireless connection. Basically, in my house there are two main computers using a belkin router, mine (Wireless) and my parents (wired). Sporadically, i have major problems accessing hotmail, i sign in and the browser apparently wont find the mail server. have tried with all four browsers, chrome, Firefox 3.6.6, safari (newest) and i.e.8, and when it not feeling like it it wont work on any of them! Also have tried using outlook (with connector) and windows mail programs and they wont work at all or not after the first set up. however, there is no problems ever accessing from my parents computer! very confusing! any ideas would be helpful? Cheers, JoshLyman
  2. Hey guys, I've been having a problem with my start-up on my PC. I have a dell Core2 Duo E4500 @ 2.2ghz with vista business sp1 and 2gb ram. my computer keeps freezing for about 4-5 minutes when i boot it up, once i've entered windows and the desktop comes up and it begins to load my various tray programs. Currently these are AVG 9.0, Comodo firewall, Spyware doctor - free version, i've disabled sidebar and msn, and recently switched out avira antivirus as it always appeared to be at that point (avira starting up) that it would freeze. Scanned with avira, avg9, spybot and spyware doctor - cant find any probs Any ideas as to what could be causing it?
  3. disabled everything, just tried to run it again still wont work along with various install programs i downloaded like avg 8.5 also avg 8 wont display its console (test centre and whatnot)
  4. http://www.techspot.com/vb/all/windows/t-1...nt-load-up.html
  5. oh sorry, disabled everything, just tried to run it again still wont work along with various install programs i downloaded like avg 8.5 also avg 8 wont display its console (test centre and whatnot) i heard about the tweak on various boards when i was researchin. and yes it used to work fine on the wireless connected machines
  6. right as far as i can tell your malware guys, dont think i'm infected. i've heard about a possible MTU router tweak that could fix this. what is that and how would i do it? i just updated the firmware last night and still no joy. still no face book on any machine with a wireless connection to my router, but the hardwired computer still shows it normally
  7. after the fix it wont let me run security check as it is not a valid win32 program same thing when i tried to re-install my comodo firewall
  8. all posted under same topic heading in malware bit
  9. gone searching for firmware upgrade .. apparently isnt one
  10. hey been having a problem with FB and BT himself said i should post some logs in here to see if i was infected ... MBAM said was clean since problem started. Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows Vista . (6.0.6001) Service Pack 1 [32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [MpsSvc] RUNNING (state:4) Windows Firewall -> Enabled Windows Defender -> Enabled User Account Control (UAC) -> Disabled ! . Internet Explorer 7.0.6001.18000 Mozilla Firefox 3.5.1 (en-GB) . C:\ [Fixed-NTFS] .. ( Total:138 Go - Free:50 Go ) D:\ [Fixed-NTFS] .. ( Total:149 Go - Free:148 Go ) E:\ [Fixed-NTFS] .. ( Total:9 Go - Free:6 Go ) F:\ [CD_Rom] . Scan : 00:24.35 Path : C:\Users\Big Si\Downloads\Rooter.exe User : Big Si ( Administrator -> YES ) . ----------------------\\ Processes . Locked [system Process] (0) Locked System (4) ______ \SystemRoot\System32\smss.exe (464) ______ C:\Windows\system32\csrss.exe (532) ______ C:\Windows\system32\wininit.exe (576) ______ C:\Windows\system32\csrss.exe (588) ______ C:\Windows\system32\winlogon.exe (648) ______ C:\Windows\system32\services.exe (668) ______ C:\Windows\system32\lsass.exe (680) ______ C:\Windows\system32\lsm.exe (692) ______ C:\Windows\system32\svchost.exe (912) ______ C:\Windows\system32\svchost.exe (980) ______ ?? (1028) ______ C:\Windows\system32\svchost.exe (1148) ______ C:\Windows\System32\svchost.exe (1168) ______ C:\Windows\System32\svchost.exe (1228) ______ C:\Windows\System32\svchost.exe (1276) ______ C:\Windows\system32\svchost.exe (1320) Locked audiodg.exe (1432) ______ C:\Windows\system32\svchost.exe (1532) ______ C:\Windows\system32\SLsvc.exe (1596) ______ C:\Windows\system32\svchost.exe (1652) ______ C:\Windows\System32\spoolsv.exe (2040) ______ C:\Windows\system32\svchost.exe (260) ______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1240) ______ C:\Windows\system32\svchost.exe (1868) ______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (920) ______ C:\Program Files\Spyware Doctor\pctsAuxs.exe (2224) ______ C:\Program Files\Spyware Doctor\pctsSvc.exe (2256) ______ C:\Windows\system32\svchost.exe (2308) ______ C:\Windows\System32\svchost.exe (2340) ______ C:\Windows\system32\SearchIndexer.exe (2392) ______ C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (2640) ______ C:\Windows\system32\taskeng.exe (3700) ______ C:\Windows\system32\Dwm.exe (3820) ______ C:\Windows\Explorer.EXE (3860) ______ C:\Windows\RtHDVCpl.exe (3144) ______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (3196) ______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3204) ______ C:\Program Files\AVG\AVG8\avgtray.exe (3228) ______ C:\Windows\System32\hkcmd.exe (848) ______ C:\Windows\System32\igfxpers.exe (2416) ______ C:\Windows\system32\igfxsrvc.exe (1612) ______ ?? (3636) ______ C:\Program Files\Java\jre6\bin\jusched.exe (948) ______ C:\Program Files\Spyware Doctor\pctsTray.exe (1312) ______ C:\Users\Big Si\AppData\Local\Google\Update\GoogleUpdate.exe (4012) ______ C:\Program Files\Windows Media Player\wmpnscfg.exe (3724) ______ C:\Windows\system32\wbem\unsecapp.exe (1156) ______ C:\Windows\system32\wbem\wmiprvse.exe (1604) ______ C:\Program Files\Windows Media Player\wmpnetwk.exe (2676) ______ C:\Windows\System32\mobsync.exe (4072) ______ C:\Program Files\Mozilla Firefox\firefox.exe (2632) ______ C:\Windows\system32\wuauclt.exe (2604) ______ C:\Windows\system32\cmd.exe (3628) ______ C:\Windows\system32\svchost.exe (2488) ______ C:\Windows\system32\SearchProtocolHost.exe (2512) ______ C:\Windows\system32\SearchFilterHost.exe (2932) ______ C:\Users\Big Si\Downloads\Rooter.exe (1184) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424) \Device\Harddisk0\Partition2 (Start_Offset:50331648 | Length:10737418240) \Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10787749888 | Length:149210267648) . ----------------------\\ Scheduled Tasks . C:\Windows\Tasks\desktop.ini C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-505280420-2691023175-4179455115-1000.job C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-505280420-2691023175-4179455115-1000Core.job C:\Windows\Tasks\Norton Security Scan for Big Si.job C:\Windows\Tasks\SA.DAT C:\Windows\Tasks\SCHEDLGU.TXT C:\Windows\Tasks\User_Feed_Synchronization-{E2CE5761-1AA0-474D-B0F4-3BA691DE2C0E}.job . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 00:25.11 . C:\Rooter$\Rooter_1.txt - (25/07/2009 | 00:25.11) ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/07/25 00:34 Program Version: Version 1.3.2.0 Windows Version: Windows Vista SP1 ================================================== SSDT ------------------- #: 000 Function Name: NtAcceptConnectPort Status: Not hooked #: 001 Function Name: NtAccessCheck Status: Not hooked #: 002 Function Name: NtAccessCheckAndAuditAlarm Status: Not hooked #: 003 Function Name: NtAccessCheckByType Status: Not hooked #: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm Status: Not hooked #: 005 Function Name: NtAccessCheckByTypeResultList Status: Not hooked #: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm Status: Not hooked #: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle Status: Not hooked #: 008 Function Name: NtAddAtom Status: Not hooked #: 009 Function Name: NtAddBootEntry Status: Not hooked #: 010 Function Name: NtAddDriverEntry Status: Not hooked #: 011 Function Name: NtAdjustGroupsToken Status: Not hooked #: 012 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd82472 #: 013 Function Name: NtAlertResumeThread Status: Not hooked #: 014 Function Name: NtAlertThread Status: Not hooked #: 015 Function Name: NtAllocateLocallyUniqueId Status: Not hooked #: 016 Function Name: NtAllocateUserPhysicalPages Status: Not hooked #: 017 Function Name: NtAllocateUuids Status: Not hooked #: 018 Function Name: NtAllocateVirtualMemory Status: Not hooked #: 019 Function Name: NtAlpcAcceptConnectPort Status: Not hooked #: 020 Function Name: NtAlpcCancelMessage Status: Not hooked #: 021 Function Name: NtAlpcConnectPort Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd83340 #: 022 Function Name: NtAlpcCreatePort Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd828a6 #: 023 Function Name: NtAlpcCreatePortSection Status: Not hooked #: 024 Function Name: NtAlpcCreateResourceReserve Status: Not hooked #: 025 Function Name: NtAlpcCreateSectionView Status: Not hooked #: 026 Function Name: NtAlpcCreateSecurityContext Status: Not hooked #: 027 Function Name: NtAlpcDeletePortSection Status: Not hooked #: 028 Function Name: NtAlpcDeleteResourceReserve Status: Not hooked #: 029 Function Name: NtAlpcDeleteSectionView Status: Not hooked #: 030 Function Name: NtAlpcDeleteSecurityContext Status: Not hooked #: 031 Function Name: NtAlpcDisconnectPort Status: Not hooked #: 032 Function Name: NtAlpcImpersonateClientOfPort Status: Not hooked #: 033 Function Name: NtAlpcOpenSenderProcess Status: Not hooked #: 034 Function Name: NtAlpcOpenSenderThread Status: Not hooked #: 035 Function Name: NtAlpcQueryInformation Status: Not hooked #: 036 Function Name: NtAlpcQueryInformationMessage Status: Not hooked #: 037 Function Name: NtAlpcRevokeSecurityContext Status: Not hooked #: 038 Function Name: NtAlpcSendWaitReceivePort Status: Not hooked #: 039 Function Name: NtAlpcSetInformation Status: Not hooked #: 040 Function Name: NtApphelpCacheControl Status: Not hooked #: 041 Function Name: NtAreMappedFilesTheSame Status: Not hooked #: 042 Function Name: NtAssignProcessToJobObject Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c642cd6 #: 043 Function Name: NtCallbackReturn Status: Not hooked #: 044 Function Name: NtRequestDeviceWakeup Status: Not hooked #: 045 Function Name: NtCancelIoFile Status: Not hooked #: 046 Function Name: NtCancelTimer Status: Not hooked #: 047 Function Name: NtClearEvent Status: Not hooked #: 048 Function Name: NtClose Status: Not hooked #: 049 Function Name: NtCloseObjectAuditAlarm Status: Not hooked #: 050 Function Name: NtCompactKeys Status: Not hooked #: 051 Function Name: NtCompareTokens Status: Not hooked #: 052 Function Name: NtCompleteConnectPort Status: Not hooked #: 053 Function Name: NtCompressKey Status: Not hooked #: 054 Function Name: NtConnectPort Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd817ea #: 055 Function Name: NtContinue Status: Not hooked #: 056 Function Name: NtCreateDebugObject Status: Not hooked #: 057 Function Name: NtCreateDirectoryObject Status: Not hooked #: 058 Function Name: NtCreateEvent Status: Not hooked #: 059 Function Name: NtCreateEventPair Status: Not hooked #: 060 Function Name: NtCreateFile Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c64338c #: 061 Function Name: NtCreateIoCompletion Status: Not hooked #: 062 Function Name: NtCreateJobObject Status: Not hooked #: 063 Function Name: NtCreateJobSet Status: Not hooked #: 064 Function Name: NtCreateKey Status: Not hooked #: 065 Function Name: NtCreateKeyTransacted Status: Not hooked #: 066 Function Name: NtCreateMailslotFile Status: Not hooked #: 067 Function Name: NtCreateMutant Status: Not hooked #: 068 Function Name: NtCreateNamedPipeFile Status: Not hooked #: 069 Function Name: NtCreatePrivateNamespace Status: Not hooked #: 070 Function Name: NtCreatePagingFile Status: Not hooked #: 071 Function Name: NtCreatePort Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81544 #: 072 Function Name: NtCreateProcess Status: Not hooked #: 073 Function Name: NtCreateProcessEx Status: Not hooked #: 074 Function Name: NtCreateProfile Status: Not hooked #: 075 Function Name: NtCreateSection Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81e84 #: 076 Function Name: NtCreateSemaphore Status: Not hooked #: 077 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd82658 #: 078 Function Name: NtCreateThread Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81112 #: 079 Function Name: NtCreateTimer Status: Not hooked #: 080 Function Name: NtCreateToken Status: Not hooked #: 081 Function Name: NtCreateTransaction Status: Not hooked #: 082 Function Name: NtOpenTransaction Status: Not hooked #: 083 Function Name: NtQueryInformationTransaction Status: Not hooked #: 084 Function Name: NtQueryInformationTransactionManager Status: Not hooked #: 085 Function Name: NtPrePrepareEnlistment Status: Not hooked #: 086 Function Name: NtPrepareEnlistment Status: Not hooked #: 087 Function Name: NtCommitEnlistment Status: Not hooked #: 088 Function Name: NtReadOnlyEnlistment Status: Not hooked #: 089 Function Name: NtRollbackComplete Status: Not hooked #: 090 Function Name: NtRollbackEnlistment Status: Not hooked #: 091 Function Name: NtCommitTransaction Status: Not hooked #: 092 Function Name: NtRollbackTransaction Status: Not hooked #: 093 Function Name: NtPrePrepareComplete Status: Not hooked #: 094 Function Name: NtPrepareComplete Status: Not hooked #: 095 Function Name: NtCommitComplete Status: Not hooked #: 096 Function Name: NtSinglePhaseReject Status: Not hooked #: 097 Function Name: NtSetInformationTransaction Status: Not hooked #: 098 Function Name: NtSetInformationTransactionManager Status: Not hooked #: 099 Function Name: NtSetInformationResourceManager Status: Not hooked #: 100 Function Name: NtCreateTransactionManager Status: Not hooked #: 101 Function Name: NtOpenTransactionManager Status: Not hooked #: 102 Function Name: NtRenameTransactionManager Status: Not hooked #: 103 Function Name: NtRollforwardTransactionManager Status: Not hooked #: 104 Function Name: NtRecoverEnlistment Status: Not hooked #: 105 Function Name: NtRecoverResourceManager Status: Not hooked #: 106 Function Name: NtRecoverTransactionManager Status: Not hooked #: 107 Function Name: NtCreateResourceManager Status: Not hooked #: 108 Function Name: NtOpenResourceManager Status: Not hooked #: 109 Function Name: NtGetNotificationResourceManager Status: Not hooked #: 110 Function Name: NtQueryInformationResourceManager Status: Not hooked #: 111 Function Name: NtCreateEnlistment Status: Not hooked #: 112 Function Name: NtOpenEnlistment Status: Not hooked #: 113 Function Name: NtSetInformationEnlistment Status: Not hooked #: 114 Function Name: NtQueryInformationEnlistment Status: Not hooked #: 115 Function Name: NtCreateWaitablePort Status: Not hooked #: 116 Function Name: NtDebugActiveProcess Status: Not hooked #: 117 Function Name: NtDebugContinue Status: Not hooked #: 118 Function Name: NtDelayExecution Status: Not hooked #: 119 Function Name: NtDeleteAtom Status: Not hooked #: 120 Function Name: NtDeleteBootEntry Status: Not hooked #: 121 Function Name: NtDeleteDriverEntry Status: Not hooked #: 122 Function Name: NtDeleteFile Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c643504 #: 123 Function Name: NtDeleteKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646cb8 #: 124 Function Name: NtDeletePrivateNamespace Status: Not hooked #: 125 Function Name: NtDeleteObjectAuditAlarm Status: Not hooked #: 126 Function Name: NtDeleteValueKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646cf6 #: 127 Function Name: NtDeviceIoControlFile Status: Not hooked #: 128 Function Name: NtDisplayString Status: Not hooked #: 129 Function Name: NtDuplicateObject Status: Not hooked #: 130 Function Name: NtDuplicateToken Status: Not hooked #: 131 Function Name: NtEnumerateBootEntries Status: Not hooked #: 132 Function Name: NtEnumerateDriverEntries Status: Not hooked #: 133 Function Name: NtEnumerateKey Status: Not hooked #: 134 Function Name: NtEnumerateSystemEnvironmentValuesEx Status: Not hooked #: 135 Function Name: NtEnumerateTransactionObject Status: Not hooked #: 136 Function Name: NtEnumerateValueKey Status: Not hooked #: 137 Function Name: NtExtendSection Status: Not hooked #: 138 Function Name: NtFilterToken Status: Not hooked #: 139 Function Name: NtFindAtom Status: Not hooked #: 140 Function Name: NtFlushBuffersFile Status: Not hooked #: 141 Function Name: NtFlushInstructionCache Status: Not hooked #: 142 Function Name: NtFlushKey Status: Not hooked #: 143 Function Name: NtFlushProcessWriteBuffers Status: Not hooked #: 144 Function Name: NtFlushVirtualMemory Status: Not hooked #: 145 Function Name: NtFlushWriteBuffer Status: Not hooked #: 146 Function Name: NtFreeUserPhysicalPages Status: Not hooked #: 147 Function Name: NtFreeVirtualMemory Status: Not hooked #: 148 Function Name: NtFreezeRegistry Status: Not hooked #: 149 Function Name: NtFreezeTransactions Status: Not hooked #: 150 Function Name: NtFsControlFile Status: Not hooked #: 151 Function Name: NtGetContextThread Status: Not hooked #: 152 Function Name: NtGetDevicePowerState Status: Not hooked #: 153 Function Name: NtGetNlsSectionPtr Status: Not hooked #: 154 Function Name: NtGetPlugPlayEvent Status: Not hooked #: 155 Function Name: NtGetWriteWatch Status: Not hooked #: 156 Function Name: NtImpersonateAnonymousToken Status: Not hooked #: 157 Function Name: NtImpersonateClientOfPort Status: Not hooked #: 158 Function Name: NtImpersonateThread Status: Not hooked #: 159 Function Name: NtInitializeNlsFiles Status: Not hooked #: 160 Function Name: NtInitializeRegistry Status: Not hooked #: 161 Function Name: NtInitiatePowerAction Status: Not hooked #: 162 Function Name: NtIsProcessInJob Status: Not hooked #: 163 Function Name: NtIsSystemResumeAutomatic Status: Not hooked #: 164 Function Name: NtListenPort Status: Not hooked #: 165 Function Name: NtLoadDriver Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd82fc2 #: 166 Function Name: NtLoadKey Status: Not hooked #: 167 Function Name: NtLoadKey2 Status: Not hooked #: 168 Function Name: NtLoadKeyEx Status: Not hooked #: 169 Function Name: NtLockFile Status: Not hooked #: 170 Function Name: NtLockProductActivationKeys Status: Not hooked #: 171 Function Name: NtLockRegistryKey Status: Not hooked #: 172 Function Name: NtLockVirtualMemory Status: Not hooked #: 173 Function Name: NtMakePermanentObject Status: Not hooked #: 174 Function Name: NtMakeTemporaryObject Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81a6e #: 175 Function Name: NtMapUserPhysicalPages Status: Not hooked #: 176 Function Name: NtMapUserPhysicalPagesScatter Status: Not hooked #: 177 Function Name: NtMapViewOfSection Status: Not hooked #: 178 Function Name: NtModifyBootEntry Status: Not hooked #: 179 Function Name: NtModifyDriverEntry Status: Not hooked #: 180 Function Name: NtNotifyChangeDirectoryFile Status: Not hooked #: 181 Function Name: NtNotifyChangeKey Status: Not hooked #: 182 Function Name: NtNotifyChangeMultipleKeys Status: Not hooked #: 183 Function Name: NtOpenDirectoryObject Status: Not hooked #: 184 Function Name: NtOpenEvent Status: Not hooked #: 185 Function Name: NtOpenEventPair Status: Not hooked #: 186 Function Name: NtOpenFile Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c643450 #: 187 Function Name: NtOpenIoCompletion Status: Not hooked #: 188 Function Name: NtOpenJobObject Status: Not hooked #: 189 Function Name: NtOpenKey Status: Not hooked #: 190 Function Name: NtOpenKeyTransacted Status: Not hooked #: 191 Function Name: NtOpenMutant Status: Not hooked #: 192 Function Name: NtOpenPrivateNamespace Status: Not hooked #: 193 Function Name: NtOpenObjectAuditAlarm Status: Not hooked #: 194 Function Name: NtOpenProcess Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c642e0e #: 195 Function Name: NtOpenProcessToken Status: Not hooked #: 196 Function Name: NtOpenProcessTokenEx Status: Not hooked #: 197 Function Name: NtOpenSection Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81cfe #: 198 Function Name: NtOpenSemaphore Status: Not hooked #: 199 Function Name: NtOpenSession Status: Not hooked #: 200 Function Name: NtOpenSymbolicLinkObject Status: Not hooked #: 201 Function Name: NtOpenThread Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c642fbc #: 202 Function Name: NtOpenThreadToken Status: Not hooked #: 203 Function Name: NtOpenThreadTokenEx Status: Not hooked #: 204 Function Name: NtOpenTimer Status: Not hooked #: 205 Function Name: NtPlugPlayControl Status: Not hooked #: 206 Function Name: NtPowerInformation Status: Not hooked #: 207 Function Name: NtPrivilegeCheck Status: Not hooked #: 208 Function Name: NtPrivilegeObjectAuditAlarm Status: Not hooked #: 209 Function Name: NtPrivilegedServiceAuditAlarm Status: Not hooked #: 210 Function Name: NtProtectVirtualMemory Status: Not hooked #: 211 Function Name: NtPulseEvent Status: Not hooked #: 212 Function Name: NtQueryAttributesFile Status: Not hooked #: 213 Function Name: NtQueryBootEntryOrder Status: Not hooked #: 214 Function Name: NtQueryBootOptions Status: Not hooked #: 215 Function Name: NtQueryDebugFilterState Status: Not hooked #: 216 Function Name: NtQueryDefaultLocale Status: Not hooked #: 217 Function Name: NtQueryDefaultUILanguage Status: Not hooked #: 218 Function Name: NtQueryDirectoryFile Status: Not hooked #: 219 Function Name: NtQueryDirectoryObject Status: Not hooked #: 220 Function Name: NtQueryDriverEntryOrder Status: Not hooked #: 221 Function Name: NtQueryEaFile Status: Not hooked #: 222 Function Name: NtQueryEvent Status: Not hooked #: 223 Function Name: NtQueryFullAttributesFile Status: Not hooked #: 224 Function Name: NtQueryInformationAtom Status: Not hooked #: 225 Function Name: NtQueryInformationFile Status: Not hooked #: 226 Function Name: NtQueryInformationJobObject Status: Not hooked #: 227 Function Name: NtQueryInformationPort Status: Not hooked #: 228 Function Name: NtQueryInformationProcess Status: Not hooked #: 229 Function Name: NtQueryInformationThread Status: Not hooked #: 230 Function Name: NtQueryInformationToken Status: Not hooked #: 231 Function Name: NtQueryInstallUILanguage Status: Not hooked #: 232 Function Name: NtQueryIntervalProfile Status: Not hooked #: 233 Function Name: NtQueryIoCompletion Status: Not hooked #: 234 Function Name: NtQueryKey Status: Not hooked #: 235 Function Name: NtQueryMultipleValueKey Status: Not hooked #: 236 Function Name: NtQueryMutant Status: Not hooked #: 237 Function Name: NtQueryObject Status: Not hooked #: 238 Function Name: NtQueryOpenSubKeys Status: Not hooked #: 239 Function Name: NtQueryOpenSubKeysEx Status: Not hooked #: 240 Function Name: NtQueryPerformanceCounter Status: Not hooked #: 241 Function Name: NtQueryQuotaInformationFile Status: Not hooked #: 242 Function Name: NtQuerySection Status: Not hooked #: 243 Function Name: NtQuerySecurityObject Status: Not hooked #: 244 Function Name: NtQuerySemaphore Status: Not hooked #: 245 Function Name: NtQuerySymbolicLinkObject Status: Not hooked #: 246 Function Name: NtQuerySystemEnvironmentValue Status: Not hooked #: 247 Function Name: NtQuerySystemEnvironmentValueEx Status: Not hooked #: 248 Function Name: NtQuerySystemInformation Status: Not hooked #: 249 Function Name: NtQuerySystemTime Status: Not hooked #: 250 Function Name: NtQueryTimer Status: Not hooked #: 251 Function Name: NtQueryTimerResolution Status: Not hooked #: 252 Function Name: NtQueryValueKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646dfa #: 253 Function Name: NtQueryVirtualMemory Status: Not hooked #: 254 Function Name: NtQueryVolumeInformationFile Status: Not hooked #: 255 Function Name: NtQueueApcThread Status: Not hooked #: 256 Function Name: NtRaiseException Status: Not hooked #: 257 Function Name: NtRaiseHardError Status: Not hooked #: 258 Function Name: NtReadFile Status: Not hooked #: 259 Function Name: NtReadFileScatter Status: Not hooked #: 260 Function Name: NtReadRequestData Status: Not hooked #: 261 Function Name: NtReadVirtualMemory Status: Not hooked #: 262 Function Name: NtRegisterThreadTerminatePort Status: Not hooked #: 263 Function Name: NtReleaseMutant Status: Not hooked #: 264 Function Name: NtReleaseSemaphore Status: Not hooked #: 265 Function Name: NtRemoveIoCompletion Status: Not hooked #: 266 Function Name: NtRemoveProcessDebug Status: Not hooked #: 267 Function Name: NtRenameKey Status: Not hooked #: 268 Function Name: NtReplaceKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646d7e #: 269 Function Name: NtReplacePartitionUnit Status: Not hooked #: 270 Function Name: NtReplyPort Status: Not hooked #: 271 Function Name: NtReplyWaitReceivePort Status: Not hooked #: 272 Function Name: NtReplyWaitReceivePortEx Status: Not hooked #: 273 Function Name: NtReplyWaitReplyPort Status: Not hooked #: 274 Function Name: NtRequestDeviceWakeup Status: Not hooked #: 275 Function Name: NtRequestPort Status: Not hooked #: 276 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81662 #: 277 Function Name: NtRequestWakeupLatency Status: Not hooked #: 278 Function Name: NtResetEvent Status: Not hooked #: 279 Function Name: NtResetWriteWatch Status: Not hooked #: 280 Function Name: NtRestoreKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646dbc #: 281 Function Name: NtResumeProcess Status: Not hooked #: 282 Function Name: NtResumeThread Status: Not hooked #: 283 Function Name: NtSaveKey Status: Not hooked #: 284 Function Name: NtSaveKeyEx Status: Not hooked #: 285 Function Name: NtSaveMergedKeys Status: Not hooked #: 286 Function Name: NtSecureConnectPort Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd82d5e #: 287 Function Name: NtSetBootEntryOrder Status: Not hooked #: 288 Function Name: NtSetBootOptions Status: Not hooked #: 289 Function Name: NtSetContextThread Status: Not hooked #: 290 Function Name: NtSetDebugFilterState Status: Not hooked #: 291 Function Name: NtSetDefaultHardErrorPort Status: Not hooked #: 292 Function Name: NtSetDefaultLocale Status: Not hooked #: 293 Function Name: NtSetDefaultUILanguage Status: Not hooked #: 294 Function Name: NtSetDriverEntryOrder Status: Not hooked #: 295 Function Name: NtSetEaFile Status: Not hooked #: 296 Function Name: NtSetEvent Status: Not hooked #: 297 Function Name: NtSetEventBoostPriority Status: Not hooked #: 298 Function Name: NtSetHighEventPair Status: Not hooked #: 299 Function Name: NtSetHighWaitLowEventPair Status: Not hooked #: 300 Function Name: NtSetInformationDebugObject Status: Not hooked #: 301 Function Name: NtSetInformationFile Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c643572 #: 302 Function Name: NtSetInformationJobObject Status: Not hooked #: 303 Function Name: NtSetInformationKey Status: Not hooked #: 304 Function Name: NtSetInformationObject Status: Not hooked #: 305 Function Name: NtSetInformationProcess Status: Not hooked #: 306 Function Name: NtSetInformationThread Status: Not hooked #: 307 Function Name: NtSetInformationToken Status: Not hooked #: 308 Function Name: NtSetIntervalProfile Status: Not hooked #: 309 Function Name: NtSetIoCompletion Status: Not hooked #: 310 Function Name: NtSetLdtEntries Status: Not hooked #: 311 Function Name: NtSetLowEventPair Status: Not hooked #: 312 Function Name: NtSetLowWaitHighEventPair Status: Not hooked #: 313 Function Name: NtSetQuotaInformationFile Status: Not hooked #: 314 Function Name: NtSetSecurityObject Status: Not hooked #: 315 Function Name: NtSetSystemEnvironmentValue Status: Not hooked #: 316 Function Name: NtSetSystemEnvironmentValueEx Status: Not hooked #: 317 Function Name: NtSetSystemInformation Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd83170 #: 318 Function Name: NtSetSystemPowerState Status: Not hooked #: 319 Function Name: NtSetSystemTime Status: Not hooked #: 320 Function Name: NtSetThreadExecutionState Status: Not hooked #: 321 Function Name: NtSetTimer Status: Not hooked #: 322 Function Name: NtSetTimerResolution Status: Not hooked #: 323 Function Name: NtSetUuidSeed Status: Not hooked #: 324 Function Name: NtSetValueKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646c4c #: 325 Function Name: NtSetVolumeInformationFile Status: Not hooked #: 326 Function Name: NtShutdownSystem Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81a08 #: 327 Function Name: NtSignalAndWaitForSingleObject Status: Not hooked #: 328 Function Name: NtStartProfile Status: Not hooked #: 329 Function Name: NtStopProfile Status: Not hooked #: 330 Function Name: NtSuspendProcess Status: Not hooked #: 331 Function Name: NtSuspendThread Status: Not hooked #: 332 Function Name: NtSystemDebugControl Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81bf2 #: 333 Function Name: NtTerminateJobObject Status: Not hooked #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c642b5a #: 335 Function Name: NtTerminateThread Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd812dc #: 336 Function Name: NtTestAlert Status: Not hooked #: 337 Function Name: NtThawRegistry Status: Not hooked #: 338 Function Name: NtThawTransactions Status: Not hooked #: 339 Function Name: NtTraceEvent Status: Not hooked #: 340 Function Name: NtTraceControl Status: Not hooked #: 341 Function Name: NtTranslateFilePath Status: Not hooked #: 342 Function Name: NtUnloadDriver Status: Not hooked #: 343 Function Name: NtUnloadKey Status: Not hooked #: 344 Function Name: NtUnloadKey2 Status: Not hooked #: 345 Function Name: NtUnloadKeyEx Status: Not hooked #: 346 Function Name: NtUnlockFile Status: Not hooked #: 347 Function Name: NtUnlockVirtualMemory Status: Not hooked #: 348 Function Name: NtUnmapViewOfSection Status: Not hooked #: 349 Function Name: NtVdmControl Status: Not hooked #: 350 Function Name: NtWaitForDebugEvent Status: Not hooked #: 351 Function Name: NtWaitForMultipleObjects Status: Not hooked #: 352 Function Name: NtWaitForSingleObject Status: Not hooked #: 353 Function Name: NtWaitHighEventPair Status: Not hooked #: 354 Function Name: NtWaitLowEventPair Status: Not hooked #: 355 Function Name: NtWriteFile Status: Not hooked #: 356 Function Name: NtWriteFileGather Status: Not hooked #: 357 Function Name: NtWriteRequestData Status: Not hooked #: 358 Function Name: NtWriteVirtualMemory Status: Not hooked #: 359 Function Name: NtYieldExecution Status: Not hooked #: 360 Function Name: NtCreateKeyedEvent Status: Not hooked #: 361 Function Name: NtOpenKeyedEvent Status: Not hooked #: 362 Function Name: NtReleaseKeyedEvent Status: Not hooked #: 363 Function Name: NtWaitForKeyedEvent Status: Not hooked #: 364 Function Name: NtQueryPortInformationProcess Status: Not hooked #: 365 Function Name: NtGetCurrentProcessorNumber Status: Not hooked #: 366 Function Name: NtWaitForMultipleObjects32 Status: Not hooked #: 367 Function Name: NtGetNextProcess Status: Not hooked #: 368 Function Name: NtGetNextThread Status: Not hooked #: 369 Function Name: NtCancelIoFileEx Status: Not hooked #: 370 Function Name: NtCancelSynchronousIoFile Status: Not hooked #: 371 Function Name: NtRemoveIoCompletionEx Status: Not hooked #: 372 Function Name: NtRegisterProtocolAddressInformation Status: Not hooked #: 373 Function Name: NtPropagationComplete Status: Not hooked #: 374 Function Name: NtPropagationFailed Status: Not hooked #: 375 Function Name: NtCreateWorkerFactory Status: Not hooked #: 376 Function Name: NtReleaseWorkerFactoryWorker Status: Not hooked #: 377 Function Name: NtWaitForWorkViaWorkerFactory Status: Not hooked #: 378 Function Name: NtSetInformationWorkerFactory Status: Not hooked #: 379 Function Name: NtQueryInformationWorkerFactory Status: Not hooked #: 380 Function Name: NtWorkerFactoryWorkerReady Status: Not hooked #: 381 Function Name: NtShutdownWorkerFactory Status: Not hooked #: 382 Function Name: NtCreateThreadEx Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd829b2 #: 383 Function Name: NtCreateUserProcess Status: Not hooked #: 384 Function Name: NtQueryLicenseValue Status: Not hooked #: 385 Function Name: NtMapCMFModule Status: Not hooked #: 386 Function Name: NtIsUILanguageComitted Status: Not hooked #: 387 Function Name: NtFlushInstallUILanguage Status: Not hooked #: 388 Function Name: NtGetMUIRegistryInfo Status: Not hooked #: 389 Function Name: NtAcquireCMFViewOwnership Status: Not hooked #: 390 Function Name: NtReleaseCMFViewOwnership Status: Not hooked ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/07/25 00:34 Program Version: Version 1.3.2.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: acpi.sys Image Path: C:\Windows\system32\drivers\acpi.sys Address: 0x80694000 Size: 286720 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x82812000 Size: 3903488 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\Windows\system32\drivers\afd.sys Address: 0x8C318000 Size: 294912 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: C:\Windows\system32\drivers\atapi.sys Address: 0x807A6000 Size: 32768 File Visible: - Signed: - Status: - Name: ataport.SYS Image Path: C:\Windows\system32\drivers\ataport.SYS Address: 0x807AE000 Size: 122880 File Visible: - Signed: - Status: - Name: ATMFD.DLL Image Path: C:\Windows\System32\ATMFD.DLL Address: 0x81900000 Size: 311296 File Visible: - Signed: - Status: - Name: avgldx86.sys Image Path: C:\Windows\System32\Drivers\avgldx86.sys Address: 0x8C6E5000 Size: 329088 File Visible: - Signed: - Status: - Name: avgmfx86.sys Image Path: C:\Windows\System32\Drivers\avgmfx86.sys Address: 0x8C6DF000 Size: 21120 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\Windows\System32\Drivers\Beep.SYS Address: 0x8BFF7000 Size: 28672 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\Windows\system32\BOOTVID.dll Address: 0x80481000 Size: 32768 File Visible: - Signed: - Status: - Name: bowser.sys Image Path: C:\Windows\system32\DRIVERS\bowser.sys Address: 0xA899C000 Size: 102400 File Visible: - Signed: - Status: - Name: cdd.dll Image Path: C:\Windows\System32\cdd.dll Address: 0x818F0000 Size: 57344 File Visible: - Signed: - Status: - Name: cdfs.sys Image Path: C:\Windows\system32\DRIVERS\cdfs.sys Address: 0x8C736000 Size: 90112 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\Windows\system32\DRIVERS\cdrom.sys Address: 0x8353B000 Size: 98304 File Visible: - Signed: - Status: - Name: CI.dll Image Path: C:\Windows\system32\CI.dll Address: 0x804CA000 Size: 917504 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS Address: 0x8379E000 Size: 135168 File Visible: - Signed: - Status: - Name: CLFS.SYS Image Path: C:\Windows\system32\CLFS.SYS Address: 0x80489000 Size: 266240 File Visible: - Signed: - Status: - Name: cmdguard.sys Image Path: C:\Windows\System32\DRIVERS\cmdguard.sys Address: 0x8BD7E000 Size: 126976 File Visible: - Signed: - Status: - Name: cmdhlp.sys Image Path: C:\Windows\System32\DRIVERS\cmdhlp.sys Address: 0x8C2FA000 Size: 40960 File Visible: - Signed: - Status: - Name: crashdmp.sys Image Path: C:\Windows\System32\Drivers\crashdmp.sys Address: 0x8C74C000 Size: 53248 File Visible: - Signed: - Status: - Name: crcdisk.sys Image Path: C:\Windows\system32\drivers\crcdisk.sys Address: 0x837BF000 Size: 36864 File Visible: - Signed: - Status: - Name: csc.sys Image Path: C:\Windows\system32\drivers\csc.sys Address: 0x8C66E000 Size: 368640 File Visible: - Signed: - Status: - Name: dfsc.sys Image Path: C:\Windows\System32\Drivers\dfsc.sys Address: 0x8C6C8000 Size: 94208 File Visible: - Signed: - Status: - Name: disk.sys Image Path: C:\Windows\system32\drivers\disk.sys Address: 0x8378D000 Size: 69632 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\Windows\system32\drivers\drmk.sys Address: 0x8BD59000 Size: 151552 File Visible: - Signed: - Status: - Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8C764000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8C759000 Size: 45056 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\Windows\System32\drivers\Dxapi.sys Address: 0x8C76C000 Size: 40960 File Visible: - Signed: - Status: - Name: dxgkrnl.sys Image Path: C:\Windows\System32\drivers\dxgkrnl.sys Address: 0x8BACA000 Size: 651264 File Visible: - Signed: - Status: - Name: e1e6032.sys Image Path: C:\Windows\system32\DRIVERS\e1e6032.sys Address: 0x8BB76000 Size: 241664 File Visible: - Signed: - Status: - Name: ecache.sys Image Path: C:\Windows\System32\drivers\ecache.sys Address: 0x83766000 Size: 159744 File Visible: - Signed: - Status: - Name: fastfat.SYS Image Path: C:\Windows\System32\Drivers\fastfat.SYS Address: 0xA972C000 Size: 163840 File Visible: - Signed: - Status: - Name: fdc.sys Image Path: C:\Windows\system32\DRIVERS\fdc.sys Address: 0x83530000 Size: 45056 File Visible: - Signed: - Status: - Name: fileinfo.sys Image Path: C:\Windows\system32\drivers\fileinfo.sys Address: 0x805AA000 Size: 65536 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: C:\Windows\system32\drivers\fltmgr.sys Address: 0x807CC000 Size: 204800 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS Address: 0x8BFE7000 Size: 36864 File Visible: - Signed: - Status: - Name: fwpkclnt.sys Image Path: C:\Windows\System32\drivers\fwpkclnt.sys Address: 0x834F4000 Size: 110592 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\Windows\system32\hal.dll Address: 0x82BCB000 Size: 208896 File Visible: - Signed: - Status: - Name: HDAudBus.sys Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys Address: 0x8351E000 Size: 73728 File Visible: - Signed: - Status: - Name: HIDCLASS.SYS Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS Address: 0x8C2A7000 Size: 65536 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS Address: 0x8BD9D000 Size: 28672 File Visible: - Signed: - Status: - Name: hidusb.sys Image Path: C:\Windows\system32\DRIVERS\hidusb.sys Address: 0x8C29E000 Size: 36864 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\Windows\system32\drivers\HTTP.sys Address: 0xA8914000 Size: 438272 File Visible: - Signed: - Status: - Name: igdkmd32.sys Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys Address: 0x8B40F000 Size: 7057408 File Visible: - Signed: - Status: - Name: ikfilesec.sys Image Path: C:\Windows\system32\drivers\ikfilesec.sys Address: 0x805BA000 Size: 57344 File Visible: - Signed: - Status: - Name: inspect.sys Image Path: C:\Windows\system32\DRIVERS\inspect.sys Address: 0x8C376000 Size: 77824 File Visible: - Signed: - Status: - Name: intelide.sys Image Path: C:\Windows\system32\DRIVERS\intelide.sys Address: 0x8077A000 Size: 28672 File Visible: - Signed: - Status: - Name: intelppm.sys Image Path: C:\Windows\system32\DRIVERS\intelppm.sys Address: 0x8350F000 Size: 61440 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys Address: 0x8BCBB000 Size: 45056 File Visible: - Signed: - Status: - Name: kbdhid.sys Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys Address: 0x8C2B7000 Size: 36864 File Visible: - Signed: - Status: - Name: kdcom.dll Image Path: C:\Windows\system32\kdcom.dll Address: 0x80408000 Size: 32768 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\Windows\system32\DRIVERS\ks.sys Address: 0x8BCD3000 Size: 172032 File Visible: - Signed: - Status: - Name: ksecdd.sys Image Path: C:\Windows\System32\Drivers\ksecdd.sys Address: 0x82E0F000 Size: 462848 File Visible: - Signed: - Status: - Name: lltdio.sys Image Path: C:\Windows\system32\DRIVERS\lltdio.sys Address: 0xA88BD000 Size: 65536 File Visible: - Signed: - Status: - Name: luafv.sys Image Path: C:\Windows\system32\drivers\luafv.sys Address: 0x8C785000 Size: 110592 File Visible: - Signed: - Status: - Name: mcupdate_GenuineIntel.dll Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll Address: 0x80410000 Size: 393216 File Visible: - Signed: - Status: - Name: monitor.sys Image Path: C:\Windows\system32\DRIVERS\monitor.sys Address: 0x8C776000 Size: 61440 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\Windows\system32\DRIVERS\mouclass.sys Address: 0x8BCC6000 Size: 45056 File Visible: - Signed: - Status: - Name: mouhid.sys Image Path: C:\Windows\system32\DRIVERS\mouhid.sys Address: 0x8C2C0000 Size: 32768 File Visible: - Signed: - Status: - Name: mountmgr.sys Image Path: C:\Windows\System32\drivers\mountmgr.sys Address: 0x80796000 Size: 65536 File Visible: - Signed: - Status: - Name: mpsdrv.sys Image Path: C:\Windows\System32\drivers\mpsdrv.sys Address: 0xA89B5000 Size: 86016 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\Windows\system32\drivers\mrxdav.sys Address: 0xA89CA000 Size: 131072 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys Address: 0x8C7A8000 Size: 126976 File Visible: - Signed: - Status: - Name: mrxsmb10.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys Address: 0x8C7C7000 Size: 233472 File Visible: - Signed: - Status: - Name: mrxsmb20.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys Address: 0x8C3D1000 Size: 98304 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\Windows\System32\Drivers\Msfs.SYS Address: 0x8BDD9000 Size: 45056 File Visible: - Signed: - Status: - Name: msisadrv.sys Image Path: C:\Windows\system32\drivers\msisadrv.sys Address: 0x806E3000 Size: 32768 File Visible: - Signed: - Status: - Name: msiscsi.sys Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys Address: 0x83553000 Size: 188416 File Visible: - Signed: - Status: - Name: msrpc.sys Image Path: C:\Windows\system32\drivers\msrpc.sys Address: 0x82F8B000 Size: 176128 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys Address: 0x8BCFD000 Size: 40960 File Visible: - Signed: - Status: - Name: mup.sys Image Path: C:\Windows\System32\Drivers\mup.sys Address: 0x83757000 Size: 61440 File Visible: - Signed: - Status: - Name: ndis.sys Image Path: C:\Windows\system32\drivers\ndis.sys Address: 0x82E80000 Size: 1093632 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys Address: 0x835E4000 Size: 45056 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys Address: 0xA88F7000 Size: 40960 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys Address: 0x805C8000 Size: 143360 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\Windows\System32\Drivers\NDProxy.SYS Address: 0x8BD48000 Size: 69632 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\Windows\system32\DRIVERS\netbios.sys Address: 0x8C389000 Size: 57344 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\Windows\System32\DRIVERS\netbt.sys Address: 0x8C2C8000 Size: 204800 File Visible: - Signed: - Status: - Name: NETIO.SYS Image Path: C:\Windows\system32\drivers\NETIO.SYS Address: 0x82FB6000 Size: 237568 File Visible: - Signed: - Status: - Name: netr73.sys Image Path: C:\Windows\system32\DRIVERS\netr73.sys Address: 0x8C223000 Size: 495616 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\Windows\System32\Drivers\Npfs.SYS Address: 0x8BDE4000 Size: 57344 File Visible: - Signed: - Status: - Name: nsiproxy.sys Image Path: C:\Windows\system32\drivers\nsiproxy.sys Address: 0x8C664000 Size: 40960 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: C:\Windows\System32\Drivers\Ntfs.sys Address: 0x83607000 Size: 1110016 File Visible: - Signed: - Status: - Name: ntkrnlpa.exe Image Path: C:\Windows\system32\ntkrnlpa.exe Address: 0x82812000 Size: 3903488 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\Windows\System32\Drivers\Null.SYS Address: 0x8BFF0000 Size: 28672 File Visible: - Signed: - Status: - Name: nwifi.sys Image Path: C:\Windows\system32\DRIVERS\nwifi.sys Address: 0xA88CD000 Size: 172032 File Visible: - Signed: - Status: - Name: pacer.sys Image Path: C:\Windows\system32\DRIVERS\pacer.sys Address: 0x8C360000 Size: 90112 File Visible: - Signed: - Status: - Name: partmgr.sys Image Path: C:\Windows\System32\drivers\partmgr.sys Address: 0x80712000 Size: 61440 File Visible: - Signed: - Status: - Name: pci.sys Image Path: C:\Windows\system32\drivers\pci.sys Address: 0x806EB000 Size: 159744 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: C:\Windows\system32\drivers\pciide.sys Address: 0x8078F000 Size: 28672 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\Windows\system32\DRIVERS\PCIIDEX.SYS Address: 0x80781000 Size: 57344 File Visible: - Signed: - Status: - Name: peauth.sys Image Path: C:\Windows\system32\drivers\peauth.sys Address: 0xA964E000 Size: 909312 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x82812000 Size: 3903488 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\Windows\system32\drivers\portcls.sys Address: 0x8BFBA000 Size: 184320 File Visible: - Signed: - Status: - Name: PSHED.dll Image Path: C:\Windows\system32\PSHED.dll Address: 0x80470000 Size: 69632 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: C:\Windows\System32\Drivers\PxHelp20.sys Address: 0x80600000 Size: 35648 File Visible: - Signed: - Status: - Name: RapportKELL.sys Image Path: C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys Address: 0x8C657000 Size: 51456 File Visible: - Signed: - Status: - Name: RapportPG.sys Image Path: C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys Address: 0x8C642000 Size: 83840 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\Windows\System32\DRIVERS\rasacd.sys Address: 0x8BDF2000 Size: 36864 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys Address: 0x835CD000 Size: 94208 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys Address: 0x835EF000 Size: 61440 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\Windows\system32\DRIVERS\raspptp.sys Address: 0x805EB000 Size: 81920 File Visible: - Signed: - Status: - Name: rassstp.sys Image Path: C:\Windows\system32\DRIVERS\rassstp.sys Address: 0x8BC0D000 Size: 86016 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x82812000 Size: 3903488 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\Windows\system32\DRIVERS\rdbss.sys Address: 0x8C606000 Size: 245760 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys Address: 0x8BE00000 Size: 32768 File Visible: - Signed: - Status: - Name: rdpdr.sys Image Path: C:\Windows\system32\DRIVERS\rdpdr.sys Address: 0x8BC22000 Size: 561152 File Visible: - Signed: - Status: - Name: rdpencdd.sys Image Path: C:\Windows\system32\drivers\rdpencdd.sys Address: 0x8BDD1000 Size: 32768 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA9776000 Size: 49152 File Visible: No Signed: - Status: - Name: rspndr.sys Image Path: C:\Windows\system32\DRIVERS\rspndr.sys Address: 0xA8901000 Size: 77824 File Visible: - Signed: - Status: - Name: RTKVHDA.sys Image Path: C:\Windows\system32\drivers\RTKVHDA.sys Address: 0x8BE0A000 Size: 1767872 File Visible: - Signed: - Status: - Name: SASDIFSV.SYS Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS Address: 0x8C3CB000 Size: 24576 File Visible: - Signed: - Status: - Name: SASKUTIL.sys Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys Address: 0x8C3AA000 Size: 135168 File Visible: - Signed: - Status: - Name: secdrv.SYS Image Path: C:\Windows\System32\Drivers\secdrv.SYS Address: 0xA9754000 Size: 40960 File Visible: - Signed: - Status: - Name: smb.sys Image Path: C:\Windows\system32\DRIVERS\smb.sys Address: 0x8C304000 Size: 81920 File Visible: - Signed: - Status: - Name: spldr.sys Image Path: C:\Windows\System32\Drivers\spldr.sys Address: 0x8374F000 Size: 32768 File Visible: - Signed: - Status: - Name: spsys.sys Image Path: C:\Windows\system32\drivers\spsys.sys Address: 0xA880E000 Size: 716800 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\Windows\System32\DRIVERS\srv.sys Address: 0xA9602000 Size: 311296 File Visible: - Signed: - Status: - Name: srv2.sys Image Path: C:\Windows\System32\DRIVERS\srv2.sys Address: 0x837C8000 Size: 159744 File Visible: - Signed: - Status: - Name: srvnet.sys Image Path: C:\Windows\System32\DRIVERS\srvnet.sys Address: 0xA897F000 Size: 118784 File Visible: - Signed: - Status: - Name: storport.sys Image Path: C:\Windows\system32\DRIVERS\storport.sys Address: 0x83581000 Size: 266240 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\Windows\system32\DRIVERS\swenum.sys Address: 0x8BCD1000 Size: 4992 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\Windows\System32\drivers\tcpip.sys Address: 0x8340D000 Size: 946176 File Visible: - Signed: - Status: - Name: tcpipreg.sys Image Path: C:\Windows\System32\drivers\tcpipreg.sys Address: 0xA975E000 Size: 49152 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\Windows\system32\DRIVERS\TDI.SYS Address: 0x835C2000 Size: 45056 File Visible: - Signed: - Status: - Name: tdx.sys Image Path: C:\Windows\system32\DRIVERS\tdx.sys Address: 0x8C20D000 Size: 90112 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\Windows\system32\DRIVERS\termdd.sys Address: 0x8BCAB000 Size: 65536 File Visible: - Signed: - Status: - Name: TSDDD.dll Image Path: C:\Windows\System32\TSDDD.dll Address: 0x818D0000 Size: 36864 File Visible: - Signed: - Status: - Name: tunmp.sys Image Path: C:\Windows\system32\DRIVERS\tunmp.sys Address: 0x837F3000 Size: 36864 File Visible: - Signed: - Status: - Name: umbus.sys Image Path: C:\Windows\system32\DRIVERS\umbus.sys Address: 0x8BD07000 Size: 53248 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\Windows\system32\DRIVERS\USBD.SYS Address: 0x8C29C000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\Windows\system32\DRIVERS\usbehci.sys Address: 0x8B400000 Size: 61440 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\Windows\system32\DRIVERS\usbhub.sys Address: 0x8BD14000 Size: 212992 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS Address: 0x8BBBC000 Size: 253952 File Visible: - Signed: - Status: - Name: usbuhci.sys Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys Address: 0x8BBB1000 Size: 45056 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\Windows\System32\drivers\vga.sys Address: 0x8BDA4000 Size: 49152 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS Address: 0x8BDB0000 Size: 135168 File Visible: - Signed: - Status: - Name: volmgr.sys Image Path: C:\Windows\system32\drivers\volmgr.sys Address: 0x80721000 Size: 61440 File Visible: - Signed: - Status: - Name: volmgrx.sys Image Path: C:\Windows\System32\drivers\volmgrx.sys Address: 0x80730000 Size: 303104 File Visible: - Signed: - Status: - Name: volsnap.sys Image Path: C:\Windows\system32\drivers\volsnap.sys Address: 0x83716000 Size: 233472 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\Windows\system32\DRIVERS\wanarp.sys Address: 0x8C397000 Size: 77824 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\Windows\System32\drivers\watchdog.sys Address: 0x8BB69000 Size: 53248 File Visible: - Signed: - Status: - Name: Wdf01000.sys Image Path: C:\Windows\system32\drivers\Wdf01000.sys Address: 0x8060B000 Size: 507904 File Visible: - Signed: - Status: - Name: WDFLDR.SYS Image Path: C:\Windows\system32\drivers\WDFLDR.SYS Address: 0x80687000 Size: 53248 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0x816B0000 Size: 2105344 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\Windows\System32\win32k.sys Address: 0x816B0000 Size: 2105344 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\Windows\system32\drivers\WMILIB.SYS Address: 0x806DA000 Size: 36864 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x82812000 Size: 3903488 File Visible: - Signed: - Status: - OOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/07/25 00:35 Program Version: Version 1.3.2.0 Windows Version: Windows Vista SP1 ================================================== Hidden Services ------------------- ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/07/25 00:35 Program Version: Version 1.3.2.0 Windows Version: Windows Vista SP1 ================================================== Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\svchost.exe PID: 260 Status: - Path: C:\Windows\System32\smss.exe PID: 464 Status: - Path: C:\Windows\System32\csrss.exe PID: 532 Status: - Path: C:\Windows\System32\wininit.exe PID: 576 Status: - Path: C:\Windows\System32\csrss.exe PID: 588 Status: - Path: C:\Windows\System32\winlogon.exe PID: 648 Status: - Path: C:\Windows\System32\services.exe PID: 668 Status: - Path: C:\Windows\System32\lsass.exe PID: 680 Status: - Path: C:\Windows\System32\lsm.exe PID: 692 Status: - Path: C:\Windows\System32\hkcmd.exe PID: 848 Status: - Path: C:\Windows\System32\svchost.exe PID: 912 Status: - Path: C:\Program Files\AVG\AVG8\avgrsx.exe PID: 920 Status: - Path: C:\Program Files\Java\jre6\bin\jusched.exe PID: 948 Status: - Path: C:\Windows\System32\svchost.exe PID: 980 Status: - Path: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PID: 1028 Status: - Path: C:\Windows\System32\svchost.exe PID: 1148 Status: - Path: C:\Windows\System32\wbem\unsecapp.exe PID: 1156 Status: - Path: C:\Windows\System32\svchost.exe PID: 1168 Status: - Path: C:\Windows\System32\svchost.exe PID: 1228 Status: - Path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe PID: 1240 Status: - Path: C:\Windows\System32\svchost.exe PID: 1276 Status: - Path: C:\Program Files\Spyware Doctor\pctsTray.exe PID: 1312 Status: - Path: C:\Windows\System32\svchost.exe PID: 1320 Status: - Path: C:\Windows\System32\audiodg.exe PID: 1432 Status: Locked to the Windows API! Path: C:\Windows\System32\svchost.exe PID: 1532 Status: - Path: C:\Windows\System32\SLsvc.exe PID: 1596 Status: - Path: C:\Windows\System32\wbem\WmiPrvSE.exe PID: 1604 Status: - Path: C:\Windows\System32\igfxsrvc.exe PID: 1612 Status: - Path: C:\Windows\System32\svchost.exe PID: 1652 Status: - Path: C:\Windows\System32\svchost.exe PID: 1868 Status: - Path: C:\Windows\System32\spoolsv.exe PID: 2040 Status: - Path: C:\Program Files\Spyware Doctor\pctsAuxs.exe PID: 2224 Status: - Path: C:\Program Files\Spyware Doctor\pctsSvc.exe PID: 2256 Status: - Path: C:\Windows\System32\svchost.exe PID: 2308 Status: - Path: C:\Windows\System32\svchost.exe PID: 2340 Status: - Path: C:\Windows\System32\SearchIndexer.exe PID: 2392 Status: - Path: C:\Windows\System32\igfxpers.exe PID: 2416 Status: - Path: C:\Windows\System32\svchost.exe PID: 2488 Status: - Path: C:\Windows\System32\wuauclt.exe PID: 2604 Status: - Path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PID: 2640 Status: - Path: C:\Program Files\Windows Media Player\wmpnetwk.exe PID: 2676 Status: - Path: C:\Program Files\Mozilla Firefox\firefox.exe PID: 2936 Status: - Path: C:\Windows\RtHDVCpl.exe PID: 3144 Status: - Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe PID: 3196 Status: - Path: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PID: 3204 Status: - Path: C:\Program Files\AVG\AVG8\avgtray.exe PID: 3228 Status: - Path: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe PID: 3636 Status: - Path: C:\Windows\System32\taskeng.exe PID: 3700 Status: - Path: C:\Program Files\Windows Media Player\wmpnscfg.exe PID: 3724 Status: - Path: C:\Windows\System32\dwm.exe PID: 3820 Status: - Path: C:\Windows\explorer.exe PID: 3860 Status: - Path: C:\Users\Big Si\AppData\Local\Google\Update\GoogleUpdate.exe PID: 4012 Status: - Path: C:\Users\Big Si\Desktop\RootRepeal.exe PID: 4024 Status: - Path: C:\Windows\System32\mobsync.exe PID: 4072 Status: - Path: C:\Windows\System32\SearchProtocolHost.exe PID: 4636 Status: - Path: C:\Windows\System32\SearchFilterHost.exe PID: 4664 Status: - OTL log OTL logfile created on: 25/07/2009 12:36:20 AM - Run 1 OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Big Si\Downloads Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1012.45 Mb Total Physical Memory | 273.96 Mb Available Physical Memory | 27.06% Memory free 2.24 Gb Paging File | 0.94 Gb Available in Paging File | 42.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.96 Gb Total Space | 50.62 Gb Free Space | 36.43% Space Free | Partition Type: NTFS Drive D: | 149.01 Gb Total Space | 148.91 Gb Free Space | 99.93% Space Free | Partition Type: NTFS Drive E: | 10.00 Gb Total Space | 6.56 Gb Free Space | 65.62% Space Free | Partition Type: NTFS Drive F: | 659.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PCSBSSDT5 Current User Name: Big Si Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe () PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation) PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation) PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe () PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) PRC - C:\Users\Big Si\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Big Si\Downloads\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe () SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (KService [Auto | Stopped]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.) SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions) SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions) SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (AvgLdx86 [system | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86 [system | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (cmdGuard [system | Running]) -- C:\Windows\System32\DRIVERS\cmdguard.sys (COMODO) DRV - (cmdHlp [system | Running]) -- C:\Windows\System32\DRIVERS\cmdhlp.sys (COMODO) DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (e1express [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation) DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation) DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (iaStor [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation) DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (IKFileSec [boot | Running]) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.) DRV - (IKSysFlt [On_Demand | Stopped]) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.) DRV - (IKSysSec [On_Demand | Stopped]) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.) DRV - (Inspect [system | Running]) -- C:\Windows\System32\DRIVERS\inspect.sys (COMODO) DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (netr73 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\netr73.sys (Ralink Technology, Corp.) DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (PxHelp20 [boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV - (RapportKELL [system | Running]) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.) DRV - (RapportPG [system | Running]) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (SASDIFSV [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (usbbus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\lgusbbus.sys (LG Electronics Inc.) DRV - (UsbDiag [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.) DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (vsdatant [On_Demand | Stopped]) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kent.ac.uk/student/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/17 08:21:41 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/24 03:30:07 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/19 11:14:09 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/24 00:24:05 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/03/01 14:48:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/07/24 00:24:05 | 00,000,000 | ---D | M] [2008/11/04 01:00:28 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Extensions [2008/11/04 01:00:28 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/07/24 08:01:49 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions [2009/07/08 07:45:33 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37} [2009/06/30 22:50:26 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E} [2008/07/30 02:58:15 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1} [2008/07/30 02:54:38 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66} [2008/11/04 01:10:33 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2008/05/14 23:49:04 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66} [2009/07/02 08:01:18 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/06/30 22:51:58 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected] [2009/06/03 15:49:45 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected](27).com [2009/07/02 08:01:19 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected] [2009/07/08 07:45:18 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected] [2009/07/08 07:45:18 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected] [2009/03/11 19:34:35 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected] [2009/06/30 23:04:43 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected] [2009/06/25 22:14:08 | 00,007,976 | ---- | M] () -- C:\Users\Big Si\AppData\Roaming\Mozilla\FireFox\Profiles\4p5b4vyi.default\searchplugins\oneriot-social-web-search.xml [2009/07/24 08:01:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/07/19 11:14:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/12/16 20:28:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/03/28 00:52:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/07/19 11:13:51 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/07/19 11:13:51 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2008/02/27 17:57:38 | 00,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll [2009/03/09 06:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2007/09/28 18:53:46 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007/09/28 18:54:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009/07/19 11:13:56 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/01/14 15:43:30 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/01/14 15:44:04 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2008/01/14 15:42:59 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009/06/24 13:14:16 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2009/06/24 13:14:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/06/24 13:14:16 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2009/06/24 13:14:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/06/24 13:14:16 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2009/06/24 13:14:16 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/06/24 13:14:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/06/24 13:14:16 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: (318388 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 10922 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe () O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iSTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Google Update] C:\Users\Big Si\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: kent.ac.uk ([webct] https in Trusted sites) O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/x-internet-signup - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll () O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004/05/06 04:02:21 | 00,000,145 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\rsrc\Autorun.exe -- [2000/01/17 17:28:36 | 00,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>) O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- [2004/07/09 12:08:36 | 00,472,576 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/07/25 00:31:41 | 00,000,014 | ---- | C] () -- C:\Users\Big Si\Desktop\settings.dat [2009/07/25 00:25:11 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/07/24 21:46:07 | 00,001,709 | ---- | C] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk [2009/07/24 21:45:59 | 00,000,292 | ---- | C] () -- C:\Windows\vtmb.ini [2009/07/24 03:19:58 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2009/07/24 03:19:57 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2009/07/24 03:19:56 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2009/07/24 03:19:56 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2009/07/24 03:19:56 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2009/07/24 03:19:56 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2009/07/24 03:19:51 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2009/07/24 03:19:47 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2009/07/24 03:03:50 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll [2009/07/24 03:03:44 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll [2009/07/24 03:03:42 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2009/07/24 03:03:12 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2009/07/24 03:02:59 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2009/07/22 21:09:01 | 00,004,487 | ---- | C] () -- C:\Users\Big Si\Desktop\cobb.jpg [2009/07/16 19:23:32 | 00,294,912 | ---- | C] () -- C:\Users\Big Si\Documents\Database1.accdb [2009/07/15 00:35:50 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2009/07/15 00:35:49 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2009/07/15 00:35:49 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2009/07/15 00:35:46 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2009/07/14 00:21:56 | 00,015,707 | ---- | C] () -- C:\Users\Big Si\Documents\I have vast experience in delivering an excellent standard of customer service.docx [2009/07/12 22:38:38 | 00,033,280 | ---- | C] () -- C:\Users\Big Si\Documents\surgery casework.doc [2009/07/12 21:39:46 | 00,469,504 | ---- | C] ( ) -- C:\Users\Big Si\Desktop\RootRepeal.exe [2009/07/08 01:43:16 | 00,010,614 | ---- | C] () -- C:\Users\Big Si\Documents\right here we go.docx [2009/07/01 04:13:55 | 00,000,858 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-505280420-2691023175-4179455115-1000Core.job [2009/06/30 22:57:40 | 00,001,475 | ---- | C] () -- C:\Users\Big Si\Desktop\Launch Cooliris.lnk [2009/06/30 22:57:37 | 00,000,000 | ---D | C] -- C:\Users\Big Si\AppData\Local\Cooliris [2009/06/28 21:29:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector [2009/03/08 22:03:33 | 00,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll [2009/03/08 22:03:33 | 00,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll [2009/03/08 22:03:33 | 00,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll [2009/03/08 22:03:33 | 00,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll [2009/02/23 23:32:36 | 00,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll [2008/04/25 06:11:04 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008/04/25 06:11:04 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008/04/22 19:47:19 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008/01/02 17:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008/01/02 17:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008/01/02 17:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2007/11/24 03:57:17 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/11/24 03:57:17 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007/11/24 03:57:17 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007/10/18 10:12:20 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll [2007/10/04 19:33:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2007/10/04 19:33:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2007/09/28 18:56:22 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007/09/28 18:53:06 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2006/11/07 20:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini [2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/09/17 00:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/09/17 00:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2005/09/23 13:52:14 | 00,207,872 | ---- | C] () -- C:\Windows\System32\OneWay.dll [2002/06/02 16:05:40 | 00,038,912 | ---- | C] () -- C:\Windows\System32\1Way.dll ========== Files - Modified Within 30 Days ========== [2009/07/25 00:33:16 | 00,000,014 | ---- | M] () -- C:\Users\Big Si\Desktop\settings.dat [2009/07/25 00:30:30 | 00,469,504 | ---- | M] ( ) -- C:\Users\Big Si\Desktop\RootRepeal.exe [2009/07/25 00:07:09 | 00,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E2CE5761-1AA0-474D-B0F4-3BA691DE2C0E}.job [2009/07/24 23:52:59 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/07/24 23:52:59 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/07/24 23:52:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/07/24 23:52:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/07/24 23:52:48 | 10,623,91808 | -HS- | M] () -- C:\hiberfil.sys [2009/07/24 23:44:29 | 00,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-505280420-2691023175-4179455115-1000.job [2009/07/24 21:46:07 | 00,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk [2009/07/24 21:45:59 | 00,000,292 | ---- | M] () -- C:\Windows\vtmb.ini [2009/07/24 13:54:14 | 02,667,969 | -H-- | M] () -- C:\Users\Big Si\AppData\Local\IconCache.db [2009/07/24 07:55:21 | 00,118,712 | ---- | M] () -- C:\Users\Big Si\AppData\Local\GDIPFONTCACHEV1.DAT [2009/07/24 03:55:05 | 00,424,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/24 03:34:31 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini [2009/07/23 22:23:30 | 39,197,810 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/07/23 22:23:30 | 00,040,937 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/07/23 19:28:29 | 00,001,672 | ---- | M] () -- C:\Users\Big Si\Desktop\CCleaner.lnk [2009/07/22 21:30:11 | 00,000,547 | ---- | M] () -- C:\Users\Big Si\Documents\My Sharing Folders.lnk [2009/07/22 21:09:59 | 00,004,487 | ---- | M] () -- C:\Users\Big Si\Desktop\cobb.jpg [2009/07/22 18:00:01 | 00,000,410 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Big Si.job [2009/07/19 23:08:28 | 00,318,388 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009/07/19 08:49:53 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2009/07/17 01:16:49 | 00,002,090 | ---- | M] () -- C:\Users\Big Si\Desktop\Google Chrome.lnk [2009/07/16 19:26:03 | 00,294,912 | ---- | M] () -- C:\Users\Big Si\Documents\Database1.accdb [2009/07/16 00:36:20 | 00,033,280 | ---- | M] () -- C:\Users\Big Si\Documents\surgery casework.doc [2009/07/14 00:22:53 | 00,015,707 | ---- | M] () -- C:\Users\Big Si\Documents\I have vast experience in delivering an excellent standard of customer service.docx [2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/07/08 01:43:25 | 00,010,614 | ---- | M] () -- C:\Users\Big Si\Documents\right here we go.docx [2009/07/07 16:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe [2009/07/06 19:44:39 | 00,317,482 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090719-230827.backup [2009/07/01 04:13:55 | 00,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-505280420-2691023175-4179455115-1000Core.job [2009/06/30 22:57:40 | 00,001,475 | ---- | M] () -- C:\Users\Big Si\Desktop\Launch Cooliris.lnk [2009/06/30 22:46:32 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2009/06/30 08:19:23 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Big Si\Desktop\Mark Thomas - MTCP - s01e03 - Mark Stands As An MP.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Big Si\Desktop\ftp-bccathouse.avi:TOC.WMV @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C31F31E6 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:1CA73D29 < End of report > right , i think that everything i was asked? so any issues?
  11. ok ping results Packets: sent = 4, Received = 4, lost = 0 (0% loss) round trip times min = 186ms, max= 188ms, avg = 187 ms
  12. If you don't know if you're using OpenDNS you probably aren't. This seems rather strange. The computers that are able to access Facebook, do they have all the same programs, etc installed? For example, did you run CCleaner on those machines? I've seen CCleaner remove stuff it shouldn't occasionally. And to clarify, this only happens on Facebook? No other site at all (currently)? B yup only face book, one of the machines doesnt even have ccleaner so it cant be that
  13. Screen shot would definitely be helpful. If you can find a way to provide one that would be great. Nonetheless, what Firefox plugins are you using? Can you access the site using Firefox (Safe Mode)? Also, do you use OpenDNS? B dont know. how would i find out? right its definitely a wireless issue, as all 3 computers that have a wireless connection are experiencing the same facebook problem (1 uses vista, 2 use xp, and all of them use different versions of fire fox) where as the only computer that uses a hardwire connection has no problem at all
  14. Screen shot would definitely be helpful. If you can find a way to provide one that would be great. Nonetheless, what Firefox plugins are you using? Can you access the site using Firefox (Safe Mode)? Also, do you use OpenDNS? B dont know. how would i find out?