Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

explorer.exe missing, Suspicious.Mystic


  • Please log in to reply

#1
JImRob

JImRob

    New Member

  • Member
  • Pip
  • 2 posts
Hello,

I have been attempting to resolve a problem with my computer where when I start up I have no taskbar, desktop icons, or ability to use a explorer window. To do anything I must Ctrl-Alt-Delete and use the New Task button, essentially Run, or use the cmd line. From what I have read and found I beleive that Norton triaged explorer.exe and who knows what else to attempt to stop a virus/malware infection. I think that this started on Monday night when norton started popping up that it had isolated threats probably about 5-6 in the span of 2 minutes, probably from a torrent file(I know, how stupid). Anyways I shut down the computer monday night and on tuesday I had the problem of no windows explorer.

I have since used a linux live cd to create a copy of the Documents and Settings folder on an external drive. Looking for people with similar problems led me here. I have done the 6 steps in the Malware Cleaning Guide and will post the logs below.

I have an original Windows xp disk and disks for most of my software, I am not opposed to doing a total reformat if needed as I have backed all the pertinent files, and it has been a 7+ years i think since the last time windows was installed. my main concern with this is making sure that whatever infection started this would not be created again from the backup files. this would also finally give me a chance to change the drive partions.

With all that in mind here's hoping I can get this resolved fairly quickly.
Here are the log files.... I have also pasted a log from Norton antivirus recent history

MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4447

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/19/2010 12:18:16 AM
mbam-log-2010-08-19 (00-18-16).txt

Scan type: Quick scan
Objects scanned: 142588
Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.


GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-19 09:58:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxlirpow.sys


---- System - GMER 1.0.15 ----

SSDT 8A176330 ZwAlertResumeThread
SSDT 8A176410 ZwAlertThread
SSDT 8A31FA30 ZwAllocateVirtualMemory
SSDT 8A172E98 ZwAssignProcessToJobObject
SSDT 8A72C890 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB3A0E210]
SSDT 8A173AA0 ZwCreateMutant
SSDT 8A172BB0 ZwCreateSymbolicLinkObject
SSDT 8A74F2C8 ZwCreateThread
SSDT 8A1732A8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB3A0E490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB3A0E9F0]
SSDT 8A784060 ZwDuplicateObject
SSDT 8A510738 ZwFreeVirtualMemory
SSDT 8A176A18 ZwImpersonateAnonymousToken
SSDT 8A176AF8 ZwImpersonateThread
SSDT 8A76F1B8 ZwLoadDriver
SSDT 8A752548 ZwMapViewOfSection
SSDT 8A1738A8 ZwOpenEvent
SSDT 8A7801B8 ZwOpenProcess
SSDT 8A179DF8 ZwOpenProcessToken
SSDT 8A1735D8 ZwOpenSection
SSDT 8A766078 ZwOpenThread
SSDT 8A172DA8 ZwProtectVirtualMemory
SSDT 8A21B368 ZwResumeThread
SSDT 8A222B38 ZwSetContextThread
SSDT 8A222BF8 ZwSetInformationProcess
SSDT 8A173388 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB3A0EC40]
SSDT 8A1737C8 ZwSuspendProcess
SSDT 8A753538 ZwSuspendThread
SSDT 8A74CF90 ZwTerminateProcess
SSDT 8A753618 ZwTerminateThread
SSDT 8A222E10 ZwUnmapViewOfSection
SSDT 8A69D0F8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 150 804E27BC 4 Bytes JMP 03F8DB61
? foqd.sys The system cannot find the file specified. !
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9CA7340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[604] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] ntdll.dll!RtlValidateUnicodeString + 554 7C9163BE 10 Bytes JMP 0260003A
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] ole32.dll!OleInitialize + E37 77500521 7 Bytes JMP 02600326
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] ole32.dll!CoImpersonateClient + 51 775156C0 7 Bytes JMP 026003DC
.text C:\Program Files\Internet Explorer\iexplore.exe[1340] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f sdcplh.sys

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs B2788400

---- EOF - GMER 1.0.15 ----


OTL

OTL logfile created on: 8/19/2010 10:01:27 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 10.61 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.91 Gb Total Space | 1.91 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive G: | 149.01 Gb Total Space | 9.21 Gb Free Space | 6.18% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUKACOVIC
Current User Name: Lukacovic Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/19 09:59:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/03/19 14:07:54 | 000,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
PRC - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/08/19 09:59:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe -- (NAV)
SRV - [2010/01/18 13:41:05 | 001,028,432 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/03/19 14:07:54 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\SiwIo.sys -- (SIWIO)
DRV - [2010/08/09 19:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/13 18:31:54 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100819.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 18:31:54 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100819.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/26 20:23:34 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/26 20:20:09 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/26 20:20:09 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 13:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100816.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/05 22:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 23:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 21:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 20:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 20:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 21:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/07/03 08:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 12:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/08/16 12:05:43 | 000,040,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2004/06/18 00:41:16 | 000,386,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netwg311.sys -- (netwg311)
DRV - [2004/03/11 22:16:32 | 000,062,865 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003/07/28 15:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/04 09:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 09:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/03/04 09:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/03/04 09:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003/01/13 10:19:26 | 000,249,344 | ---- | M] (Roxio) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/01/13 10:19:26 | 000,206,464 | ---- | M] (Roxio) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/01/13 10:19:26 | 000,118,422 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/01/13 10:19:26 | 000,064,208 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/01/13 10:19:26 | 000,024,839 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/01/13 10:19:26 | 000,022,758 | ---- | M] (Roxio) [Kernel | Disabled | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/01/13 10:19:26 | 000,021,654 | ---- | M] (Roxio) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/23 13:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 07:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 07:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.aceweb.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\ [2010/07/11 18:17:56 | 000,000,000 | ---D | M]

[2005/12/21 01:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.7fg\extensions
[2004/07/01 23:01:41 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.7fg\extensions\{641d8d09-7dda-4850-8228-ac0ab65e2ac9}
[2004/07/01 23:01:41 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.7fg\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2004/07/02 16:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.7fg\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2004/07/02 16:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.7fg\extensions\{d8bd53e7-7ad6-4fb0-9dea-ee0f111fb4c8}
[2004/07/02 16:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.7fg\extensions\{fb0cbf5b-695b-4322-8b49-5dedbfb946fc}

O1 HOSTS File: ([2001/08/23 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [EPSON Stylus NX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SCAPI: Flags = 1051650
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} https://ra.qwest.com...ad/tgctlins.cab (SupportSoft Installer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://ra.qwest.com...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1264128536140 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msansspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/06/11 04:58:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c5fb41db-83a3-11dd-b0b6-dd8215858789}\Shell\AutoRun\command - "" = Autoplay.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/19 09:59:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/19 00:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2010/08/19 00:03:39 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/08/19 00:02:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/19 00:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/19 00:00:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2010/08/18 23:52:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/08/18 22:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\FixO
[2010/08/18 18:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010/08/18 18:03:59 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/08/18 18:03:16 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/08/18 18:03:14 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/08/18 15:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ultradefrag-portable-4.3.0.bin.i386
[2010/08/18 15:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\music
[2010/08/18 14:57:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/08/18 11:02:33 | 000,000,000 | ---D | C] -- C:\.Trash-999
[2010/08/17 20:15:25 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/08/17 20:15:25 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/08/17 20:15:23 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/08/17 20:15:15 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/08/17 20:15:09 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/08/17 20:15:08 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/08/17 20:15:00 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/08/17 20:14:59 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/08/17 20:14:58 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/08/17 20:14:56 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/08/17 20:14:49 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/08/17 20:14:47 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/08/17 20:14:47 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/08/17 20:14:33 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010/08/17 20:14:08 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/08/17 20:14:03 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/08/17 20:13:57 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/08/17 20:13:55 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/08/17 20:13:55 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/08/17 20:13:53 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/08/17 20:13:53 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/08/17 20:13:53 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/08/17 20:13:52 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/08/17 20:13:50 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/08/17 20:13:41 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/08/17 20:13:41 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/08/17 20:13:39 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/08/17 20:13:24 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/08/17 20:13:23 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/08/17 20:13:23 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/08/17 20:13:22 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/08/17 20:13:22 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/08/17 20:13:22 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/08/17 20:13:21 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/08/17 20:13:20 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/08/17 20:13:16 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/08/17 20:13:15 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/08/17 20:13:02 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/08/17 20:12:55 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/08/17 20:12:47 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/08/17 20:12:46 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/08/17 20:12:46 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/08/17 20:12:46 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/08/17 20:12:45 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/08/17 20:12:43 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/08/17 20:12:42 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/08/17 20:12:42 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/08/17 20:12:41 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/08/17 20:12:40 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/08/17 20:12:40 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/08/17 20:12:11 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/08/17 20:12:10 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/08/17 20:12:10 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/08/17 20:12:10 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/08/17 20:12:09 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/08/17 20:12:09 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/08/17 20:12:08 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/08/17 20:12:07 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/08/17 20:12:05 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/08/17 20:12:05 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/08/17 20:12:04 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/08/17 20:12:03 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/08/17 20:12:03 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/08/17 20:12:02 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/08/17 20:12:02 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/08/17 20:12:01 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/08/17 20:12:01 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/08/17 20:12:00 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/08/17 20:11:54 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/08/17 20:11:53 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/08/17 20:11:52 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/08/17 20:11:52 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/08/17 20:11:51 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/08/17 20:11:50 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/08/17 20:11:50 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/08/17 20:11:25 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/08/17 20:11:22 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/08/17 20:11:16 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/08/17 20:11:01 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/08/17 20:10:58 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/08/17 20:10:57 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/08/17 20:10:57 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/08/17 20:10:57 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/08/17 20:10:56 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/08/17 20:10:54 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/08/17 20:10:53 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/08/17 20:10:50 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/08/17 20:10:48 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/08/17 20:10:47 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/08/17 20:10:46 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/08/17 18:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/08/16 16:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/08/16 16:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/16 00:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/08/14 11:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
[2010/08/05 14:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/08/05 14:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/07/23 14:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010/07/20 13:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/07/17 16:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.android
[2010/06/27 23:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Jims Photos
[2010/06/26 21:34:49 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symtdi.sys
[2010/06/26 21:34:49 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symtdiv.sys
[2010/06/26 21:34:48 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symefa.sys
[2010/06/26 21:34:46 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symds.sys
[2010/06/26 21:34:45 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\srtsp.sys
[2010/06/26 21:34:45 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\ironx86.sys
[2010/06/26 21:34:45 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\srtspx.sys
[2010/06/26 21:34:44 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\cchpx86.sys
[2010/06/26 21:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1107000.00C
[2010/06/26 20:23:34 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/26 20:23:34 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/26 20:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/06/26 20:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/06/26 20:16:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2010/06/26 20:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/06/26 20:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/06/26 20:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/06/26 20:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Symantec
[2010/06/26 20:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/06/26 20:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/06/26 20:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2010/06/26 20:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\Qwest
[2010/06/22 12:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/06/07 23:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2010/06/07 23:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/06/02 23:39:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/05/31 18:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010/05/31 18:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/31 18:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/31 18:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/31 18:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/05/31 18:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/05/31 16:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/05/29 14:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/05/29 14:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/05/29 14:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/05/29 14:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/05/25 18:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/24 11:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.javaws
[2010/05/24 11:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\PlotSoft
[2010/05/21 22:51:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/05/21 22:44:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/05/21 21:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/21 21:51:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/21 21:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/21 21:47:02 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/21 20:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/05/21 13:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/21 13:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/10 14:08:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2003/06/12 15:11:29 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/08/19 09:59:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/19 09:57:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1757981266-682003330-500UA.job
[2010/08/19 09:25:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/19 09:25:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/19 00:25:05 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/08/19 00:21:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/19 00:21:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/19 00:21:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/19 00:19:37 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/08/19 00:19:37 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/19 00:04:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/19 00:03:47 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/08/19 00:01:31 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/08/19 00:01:31 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/08/19 00:00:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2010/08/18 23:52:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/08/18 22:54:40 | 000,064,781 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FixO.exe
[2010/08/18 20:55:59 | 000,001,212 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/18 20:55:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/18 20:55:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/08/18 19:07:17 | 000,002,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/08/18 16:51:46 | 000,009,187 | ---- | M] () -- C:\fraglist.luar
[2010/08/18 15:58:33 | 000,361,993 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ultradefrag-portable-4.3.0.bin.i386.zip
[2010/08/18 15:29:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/17 13:57:00 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1757981266-682003330-500Core.job
[2010/08/17 00:37:54 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 19:42:25 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\96mls2.xls
[2010/08/16 16:05:29 | 001,298,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\soccerdbmls.xls
[2010/08/14 18:42:16 | 000,886,932 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\Cat.DB
[2010/08/13 04:33:18 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 04:11:20 | 000,541,482 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 04:11:20 | 000,469,654 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 04:11:20 | 000,081,438 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 15:36:01 | 000,027,310 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MLSopenarchive.odb
[2010/08/12 15:30:14 | 140,467,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/08/10 19:57:48 | 000,002,470 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/08/10 19:57:48 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/04 00:10:36 | 001,332,953 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NINE MILEskp.skp
[2010/08/02 03:53:59 | 001,342,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NINE MILEskp.skb
[2010/08/02 03:11:00 | 000,305,399 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\nine north.jpg
[2010/07/31 01:43:02 | 000,977,341 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\USSoccer_Best_Practices.pdf
[2010/07/30 01:46:06 | 012,179,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\programModels.mpg
[2010/07/26 14:41:49 | 006,884,309 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\jlukacovic_portfolio.pdf
[2010/07/25 17:14:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
[2010/07/23 16:13:34 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/07/22 16:12:02 | 000,301,011 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nine w.jpg
[2010/07/22 16:10:23 | 000,291,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nine e.jpg
[2010/07/11 18:27:09 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/11 18:06:38 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus Online.LNK
[2010/06/26 21:19:32 | 002,208,617 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RtR_2010.pdf
[2010/06/26 20:23:34 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/26 20:23:34 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/26 20:23:34 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/26 20:23:34 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/22 14:54:38 | 001,566,378 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\modeling_a_city.pdf
[2010/06/22 13:06:56 | 015,463,918 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Colorado Center.skp
[2010/06/07 23:17:20 | 000,063,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/07 23:11:43 | 000,822,562 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/06/02 14:16:09 | 000,607,609 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PDF_admnts53450018005.pdf
[2010/06/01 19:35:19 | 000,064,733 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bicycle-Transit-Center-1.jpg
[2010/05/31 18:27:15 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\OpenOffice.org 3.2.lnk
[2010/05/31 18:22:48 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/31 17:15:04 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/29 14:46:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/29 14:46:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/29 14:42:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/05/29 10:48:46 | 003,153,920 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb
[2010/05/24 17:38:26 | 000,000,453 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/24 11:54:18 | 000,033,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\jlukacovic_cv.pdf
[2010/05/22 20:50:50 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Wrigley at the Lukacovic's.doc
[2010/05/21 23:01:14 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WORD.lnk

========== Files Created - No Company Name ==========

[2067/02/24 15:21:18 | 000,079,947 | ---- | C] () -- C:\WINDOWS\fw20.vxd
[2010/08/19 00:24:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/08/19 00:04:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/19 00:01:31 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/08/19 00:01:31 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/08/18 22:54:39 | 000,064,781 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FixO.exe
[2010/08/18 20:56:47 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\OpenOffice.org 3.2.lnk
[2010/08/18 19:07:17 | 000,002,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/08/18 18:03:15 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/08/18 18:03:15 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/08/18 18:03:14 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/08/18 18:03:13 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/08/18 18:03:12 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/08/18 16:51:46 | 000,009,187 | ---- | C] () -- C:\fraglist.luar
[2010/08/18 15:58:31 | 000,361,993 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ultradefrag-portable-4.3.0.bin.i386.zip
[2010/08/18 14:43:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/17 20:13:55 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/08/17 20:13:54 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/08/17 20:13:54 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/08/17 20:12:32 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/08/17 20:12:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/08/17 20:12:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/08/17 20:12:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/08/17 20:12:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/08/17 20:12:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/08/17 20:12:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/08/17 20:12:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/08/17 20:12:28 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/08/17 20:12:28 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/08/17 20:12:28 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/08/17 20:12:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/08/17 20:12:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/08/17 20:12:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/08/17 20:12:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/08/17 20:12:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/08/17 20:12:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/08/17 20:12:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/08/17 20:12:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/08/17 20:12:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/08/17 20:12:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/08/17 20:12:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/08/17 20:12:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/08/17 20:12:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/08/17 20:12:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/08/17 20:12:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/08/17 20:12:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/08/17 20:12:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/08/17 20:12:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/08/17 20:12:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/08/17 20:12:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/08/17 20:12:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/08/17 20:12:21 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/08/17 20:12:21 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/08/17 20:12:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/08/17 20:12:20 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/08/17 20:12:20 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/08/17 20:12:20 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/08/17 20:12:20 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/08/17 20:12:19 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/08/17 20:12:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/08/17 20:12:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/08/17 20:12:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/08/17 20:12:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/08/17 20:12:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/08/17 20:12:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/08/17 20:12:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/08/17 20:12:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/08/17 20:12:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/08/17 20:12:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/08/17 20:12:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/08/17 20:12:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/08/17 20:12:14 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/08/17 20:12:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/08/17 20:12:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/08/17 20:12:13 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/08/17 20:12:13 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/08/17 20:12:13 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/08/17 20:12:00 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/08/17 20:11:58 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/08/17 20:11:41 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/08/17 20:11:41 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/08/17 20:11:41 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/08/17 20:11:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/08/17 20:11:40 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/08/17 20:11:39 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/08/17 20:11:39 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/08/17 20:11:38 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/08/17 20:11:37 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/08/17 20:11:28 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/08/16 16:05:29 | 001,298,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\soccerdbmls.xls
[2010/08/12 21:51:15 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\96mls2.xls
[2010/08/12 15:26:12 | 140,467,400 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/08/11 11:41:26 | 000,027,310 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MLSopenarchive.odb
[2010/08/02 03:11:00 | 000,305,399 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\nine north.jpg
[2010/07/31 01:43:02 | 000,977,341 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\USSoccer_Best_Practices.pdf
[2010/07/30 01:45:19 | 012,179,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\programModels.mpg
[2010/07/26 14:41:49 | 006,884,309 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\jlukacovic_portfolio.pdf
[2010/07/26 03:10:10 | 001,342,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NINE MILEskp.skb
[2010/07/23 16:13:34 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/07/22 18:30:00 | 001,332,953 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NINE MILEskp.skp
[2010/07/22 16:12:01 | 000,301,011 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\nine w.jpg
[2010/07/22 16:03:08 | 000,291,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\nine e.jpg
[2010/07/11 18:05:22 | 000,886,932 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\Cat.DB
[2010/06/26 21:34:49 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symnetv.cat
[2010/06/26 21:34:49 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symnetv.inf
[2010/06/26 21:34:48 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symnet.cat
[2010/06/26 21:34:48 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symnet.inf
[2010/06/26 21:34:46 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symefa.cat
[2010/06/26 21:34:46 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symds.cat
[2010/06/26 21:34:46 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symefa.inf
[2010/06/26 21:34:46 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symds.inf
[2010/06/26 21:34:45 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\srtspx.cat
[2010/06/26 21:34:45 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\srtsp.cat
[2010/06/26 21:34:45 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\srtspx.inf
[2010/06/26 21:34:45 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\srtsp.inf
[2010/06/26 21:34:44 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\iron.cat
[2010/06/26 21:34:44 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\cchpx86.cat
[2010/06/26 21:34:44 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\cchpx86.inf
[2010/06/26 21:34:44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\iron.inf
[2010/06/26 21:34:07 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\isolate.ini
[2010/06/26 21:19:28 | 002,208,617 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RtR_2010.pdf
[2010/06/26 20:23:34 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/26 20:23:34 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/26 20:23:14 | 000,001,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus Online.LNK
[2010/06/22 14:54:38 | 001,566,378 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\modeling_a_city.pdf
[2010/06/22 12:53:08 | 015,463,918 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Colorado Center.skp
[2010/06/07 23:10:49 | 000,088,566 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/07 23:10:48 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/06/02 14:16:08 | 000,607,609 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PDF_admnts53450018005.pdf
[2010/06/01 19:35:19 | 000,064,733 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bicycle-Transit-Center-1.jpg
[2010/05/31 18:22:48 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/29 14:42:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/05/29 10:48:44 | 003,153,920 | ---- | C] () -- C:\WINDOWS\System32\secsetup.sdb
[2010/05/24 11:38:53 | 000,033,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\jlukacovic_cv.pdf
[2010/05/21 23:01:14 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WORD.lnk
[2010/05/21 13:15:31 | 000,000,906 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/21 13:15:31 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/27 19:06:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSNX400.ini
[2009/02/08 15:31:39 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/10/10 14:08:30 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2008/10/10 14:08:17 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/10/10 14:08:17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/10/10 14:08:17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/07/28 12:22:55 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/10 18:43:03 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/10 18:42:40 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/11 17:29:15 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/20 12:27:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/09 17:19:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\bfcomega.ini
[2005/11/01 03:16:20 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/25 18:44:17 | 000,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2005/07/05 22:34:57 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WSIMFARM.INI
[2005/07/05 22:34:56 | 000,000,130 | ---- | C] () -- C:\WINDOWS\CLASSIC2.INI
[2005/07/05 22:34:52 | 000,027,136 | ---- | C] () -- C:\WINDOWS\VERMONT1.DLL
[2005/07/05 22:34:45 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2004/12/26 12:44:09 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2004/11/29 10:41:17 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/09/05 21:26:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/09/05 21:14:19 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2004/09/05 21:14:04 | 000,098,304 | R--- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2004/09/05 21:10:38 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2004/09/05 21:10:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/09/05 21:09:41 | 000,000,043 | ---- | C] () -- C:\WINDOWS\EP4180.ini
[2004/05/23 14:52:45 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/03/04 17:54:21 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/02/17 21:33:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2004/02/17 21:33:14 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2004/02/17 21:26:20 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Topo4.ini
[2003/12/27 14:26:00 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2003/12/20 03:16:31 | 000,001,447 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2003/07/28 16:35:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\KA.INI
[2003/07/10 15:02:49 | 000,003,080 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/06/22 03:52:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/06/18 22:26:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/06/16 17:00:47 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3m.DLL
[2003/06/16 02:38:47 | 000,000,192 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/06/16 00:31:50 | 000,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2003/06/12 15:38:35 | 000,099,840 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/06/12 15:16:11 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/06/12 15:11:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/06/12 15:11:54 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/06/12 15:11:31 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2003/06/12 15:11:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/06/12 15:11:29 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/06/11 05:54:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/06/11 05:19:08 | 000,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/13 14:21:58 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2001/08/23 13:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== LOP Check ==========

[2008/01/20 01:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2005/02/14 18:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeductionPro 2004-05
[2004/09/12 19:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2004/01/05 21:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FUJIFILM
[2009/09/14 22:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtopala
[2004/02/11 18:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/02/08 15:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nikon
[2007/03/10 21:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2010/05/31 18:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2008/07/28 12:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2004/09/05 21:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smart Panel
[2010/04/09 19:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2008/11/27 07:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2010/08/17 18:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/08/17 00:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/01/30 23:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2010/05/29 14:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/05/31 16:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/01/02 18:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/05/21 20:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/02/08 15:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/03/27 19:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/07/28 12:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/06/26 20:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2010/04/09 19:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/02/08 15:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/01/30 17:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/11 17:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2005/01/05 00:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{70FE9869-8D38-4EB3-8541-A735C2285CF7}
[2009/09/12 07:47:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/19 00:20:57 | 000,023,424 | ---- | M] () -- C:\aaw7boot.log
[2003/06/11 04:58:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/18 20:55:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/08/18 23:09:16 | 000,000,590 | ---- | M] () -- C:\check.txt
[2003/06/11 04:58:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/14 19:29:48 | 000,002,818 | ---- | M] () -- C:\Facilitator.log
[2010/08/18 16:51:46 | 000,009,187 | ---- | M] () -- C:\fraglist.luar
[2010/08/18 16:51:46 | 000,007,066 | ---- | M] () -- C:\fraglist.txt
[2003/06/11 04:58:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/02 18:49:24 | 000,001,880 | -H-- | M] () -- C:\IPH.PH
[2003/06/11 04:58:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/11/30 23:39:58 | 002,375,680 | ---- | M] () -- C:\My Money.mny
[2004/10/20 18:03:37 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/20 21:36:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/19 00:20:58 | 2146,746,368 | -HS- | M] () -- C:\pagefile.sys
[2010/06/26 20:35:55 | 000,000,062 | ---- | M] () -- C:\QwestInstaller.log
[2005/11/12 15:39:40 | 000,000,031 | ---- | M] () -- C:\ripvinyl.mix

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/06/11 04:58:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2002/02/11 22:00:00 | 000,013,824 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD3m.DLL
[2002/02/11 22:00:00 | 000,043,008 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP3m.DLL
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2007/02/09 16:09:06 | 000,001,690 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/06/10 22:01:38 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/06/10 22:01:38 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/06/10 22:01:38 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/20 21:45:59 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/10/20 20:30:32 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/10/20 20:30:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/19 00:00:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2010/08/18 22:54:40 | 000,064,781 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FixO.exe
[2010/08/19 00:03:47 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/08/12 15:30:14 | 140,467,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/08/19 09:59:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/18 23:52:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >
[2008/01/18 19:59:51 | 000,061,480 | ---- | M] () -- C:\WINDOWS\java\GoToAssistDownloadHelper.exe
[1 C:\WINDOWS\Java\*.tmp files -> C:\WINDOWS\Java\*.tmp -> ]

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-13 10:16:14
< End of report >

Norton Antivirus Recent history log

Category: Scan Results
Date & Time,Risk,Activity,Status,Task Name,Scan Time (d:h:m:s),Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped Files,Total Security Risks Detected,Total Security Risks Resolved,Total Security Risks Requiring Attention,Virus,Cookie,Virus Resolved,Cookie Resolved
8/19/2010 8:30 AM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:27,"4,200",855,309,"2,862",23,151,687,0,0,0,0,,,,
8/19/2010 4:33 AM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:35,"4,227",856,309,"2,888",23,151,688,0,0,0,0,,,,
8/18/2010 11:06 PM,Info,Custom scan results,Completed,Custom scan,0:00:00:04,5,5,0,0,0,0,0,0,0,0,0,,,,
8/18/2010 9:19 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:23,"3,780",826,313,"2,467",23,151,660,0,0,0,0,,,,
8/18/2010 6:35 PM,Info,Quick Scan results,Stopped,Quick Scan,0:00:15:43,0,0,0,0,0,0,0,0,0,0,0,,,,
8/18/2010 5:11 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:28,"4,763",863,313,"3,413",23,151,690,0,0,0,0,,,,
8/17/2010 2:56 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:39,"3,644",809,311,"2,350",23,151,645,22,0,0,0,,,,
8/17/2010 6:59 AM,Info,Idle Full System Scan results,Completed,Idle Full System Scan,0:03:02:54,"200,495","195,938",442,"3,186",777,152,"4,675",501,5,5,0,4,1,4,1
8/16/2010 7:56 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:59,"4,309",875,311,"2,949",23,151,703,0,0,0,0,,,,
8/14/2010 2:01 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:01,"4,716",947,310,"3,285",23,151,783,0,0,0,0,,,,
8/14/2010 2:20 AM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:37,"4,570",933,310,"3,153",23,151,770,0,0,0,0,,,,
8/13/2010 4:14 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:37,"4,345",860,310,"3,001",23,151,699,0,0,0,0,,,,
8/12/2010 7:03 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:40,"4,524",884,310,"3,156",23,151,723,0,0,0,0,,,,


Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action
8/18/2010 11:06 PM,High,fixo.bat (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
8/18/2010 11:06 PM,High,fixo.bat (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
8/18/2010 11:05 PM,High,fixo.bat (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
8/18/2010 11:05 PM,High,fixo.bat (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
8/18/2010 11:02 PM,High,fixo.bat (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
8/18/2010 10:55 PM,High,fixo.bat (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
8/18/2010 8:22 PM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/18/2010 8:21 PM,High,explorer.exe (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/18/2010 7:07 PM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Blocked,Resolved - No Action
8/18/2010 7:07 PM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/18/2010 6:03 PM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Blocked,Resolved - No Action
8/18/2010 6:02 PM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/18/2010 4:33 PM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/17/2010 3:55 AM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
8/17/2010 3:55 AM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
8/17/2010 3:55 AM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
8/17/2010 3:55 AM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
8/17/2010 3:54 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
8/16/2010 12:59 AM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/16/2010 12:58 AM,High,axromecsnw.tmp (Trojan Horse) detected by Auto-Protect,Blocked,Resolved - No Action
8/16/2010 12:57 AM,High,moercsaxwn.tmp (Downloader.Harnig!gen1) detected by Auto-Protect,Blocked,Resolved - No Action
8/16/2010 12:57 AM,High,321.tmp (Backdoor.Tidserv) detected by Auto-Protect,Blocked,Resolved - No Action
8/16/2010 12:57 AM,Medium,amsxwnorce.tmp (CoreGuardAntivirus2009) detected by Auto-Protect,Blocked,Resolved - No Action
8/16/2010 12:57 AM,High,322.tmp (Backdoor.Tidserv) detected by Auto-Protect,Blocked,Resolved - No Action
8/16/2010 12:57 AM,High,320.tmp (Backdoor.Tidserv) detected by Auto-Protect,Blocked,Resolved - No Action


Category: Quarantine
Date & Time,Risk,Activity,Status,Recommended Action
8/18/2010 8:22 PM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/18/2010 8:21 PM,High,explorer.exe (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/18/2010 7:07 PM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/18/2010 6:02 PM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/18/2010 4:33 PM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action
8/17/2010 3:55 AM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
8/17/2010 3:55 AM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
8/17/2010 3:55 AM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
8/17/2010 3:55 AM,High,Downloader detected by Virus scanner,Quarantined,Resolved - No Action
8/16/2010 12:59 AM,High,temp.tmp (Suspicious.Mystic) detected by Auto-Protect,Quarantined,Resolved - No Action


Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,Category,Risk Name,Attacking Computer,Destination Address,Source Address,Traffic Description,Attacker URL
8/19/2010 12:21 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/19/2010 12:21 AM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/19/2010 12:21 AM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 11:56 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 11:56 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 11:56 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:58 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:58 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:58 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:40 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:40 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:40 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:35 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:35 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:35 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:25 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:25 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:25 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:19 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:19 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 8:19 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 7:11 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 7:11 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 7:11 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 7:04 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 7:04 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 7:04 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 7:01 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 7:01 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 7:01 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 6:57 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 6:57 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 6:57 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 4:29 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 4:29 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/18/2010 4:29 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 9:00 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 9:00 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 9:00 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 8:51 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 8:51 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 8:51 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 8:48 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 8:48 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 8:48 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 8:41 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 8:41 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 8:41 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:57 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:57 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:57 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:20 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:20 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:20 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:19 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:19 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100816.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:19 PM,Info,Intrusion Prevention is monitoring 1269 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:01 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:01 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100813.004,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 7:01 PM,Info,Intrusion Prevention is monitoring 1268 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 6:18 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 6:18 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100813.004,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 6:18 PM,Info,Intrusion Prevention is monitoring 1268 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 6:15 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 6:15 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100813.004,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 6:15 PM,Info,Intrusion Prevention is monitoring 1268 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 5:30 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 5:30 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100813.004,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 5:30 PM,Info,Intrusion Prevention is monitoring 1268 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 5:10 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 5:10 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100813.004,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 5:10 PM,Info,Intrusion Prevention is monitoring 1268 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 2:39 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 2:39 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100813.004,Detected,No Action Required,Intrusion Prevention,,,,,,
8/17/2010 2:39 PM,Info,Intrusion Prevention is monitoring 1268 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/16/2010 12:57 AM,High,An intrusion attempt by 61.61.20.132 was blocked.,Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.132, 443","LUKACOVIC (192.168.0.4, 1821)",61.61.20.132,"TCP, https",
8/14/2010 6:50 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/14/2010 6:50 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100813.004,Detected,No Action Required,Intrusion Prevention,,,,,,
8/14/2010 6:50 PM,Info,Intrusion Prevention is monitoring 1268 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/14/2010 2:18 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/14/2010 2:18 AM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100813.004,Detected,No Action Required,Intrusion Prevention,,,,,,
8/14/2010 2:18 AM,Info,Intrusion Prevention is monitoring 1268 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
8/13/2010 10:52 PM,High,An intrusion attempt by 85.234.190.57 was blocked.,Blocked,No Action Required,,HTTP Eleonore Executable Download,"85.234.190.57, 80","LUKACOVIC (192.168.0.4, 3728)",85.234.190.57,"TCP, www-http",ccdfr.com/fm/x/l.php?s=0day&
8/13/2010 4:34 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
8/13/2010 4:34 AM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100809.001,Detected,No Action Required,Intrusion Prevention,,,,,,
8/13/2010 4:34 AM,Info,Intrusion Prevention is monitoring 1268 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,


Category: Download Insight
Date & Time,Risk,Activity,Status
8/19/2010 9:59 AM,Low,Download Insight analyzed OTL.exe,Access allowed
8/19/2010 12:03 AM,Info,Download Insight analyzed mbam-setup.exe,Access allowed
8/19/2010 12:00 AM,Info,Download Insight analyzed erunt-setup.exe,Access allowed
8/18/2010 11:52 PM,Info,Download Insight analyzed TFC.exe,Access allowed
8/18/2010 11:52 PM,Info,Download Insight analyzed TFC[1].exe,Access allowed
8/18/2010 6:40 PM,Info,Download Insight analyzed HiJackThis.msi,Access allowed
8/17/2010 6:42 PM,Info,Download Insight analyzed registrybooster[1].exe,Access allowed


Category: Norton Community Watch
Date & Time,Risk,Activity,Status,Recommended Action,Date Updated,Detailed Status,Submitted By,Description,Submission Details
8/19/2010 12:28 AM,Info,Norton Community Watch Feedback,Waiting,No Action Required,"Thursday, August 19, 2010 1:09 AM",Your item could not be submitted to Symantec at this time. Another attempt will be made shortly.,Norton AntiVirus Online,Norton Community Watch Feedback,"c:\documents and settings\administrator\desktop\gmer\gmer.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 07:09:10 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 11:51 PM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, August 19, 2010 12:58 AM",,Norton AntiVirus Online,IPS Detection Statistical Submission,"Signature ID: 23318 Local or Remote Attacker: 1 Remote Port: 2425 Local Port: 80 Protocol: 6 Signature Set Version: 20100816.001 Application Name: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Offending URL: oldtimer.geekstogo.com/TFC.exe Date Detected: Thu, 19 Aug 2010 05:51:48 GMT Application File Checksum: B60DDDD2D63CE41CB8C487FCFBB6419E Application File Information: 8.0.6001.18702 Network Data: 434D50520014000078DAEDCBB10AC2301804E08B9522A893D0C18788AB6B69237550314D973A74D09F225A02DAC1C7370AF50DDCEE83E3B8E1F679968E6360092002940A3D0A193A3901EB79586A86F8B3B18035C7CA94AE294C9A1BDB1487D2F9FBA5BF76F2D0ADC8EDD9FBD6EBB3EFA0A2EF6982E9EF54D9EDCA6D322D2FD9D5202222222222222222A23F7A03D8B11781 Sub-signature ID: 68920 Remote Address: 208.43.44.138 OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 06:58:04 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 11:44 PM,Info,Norton Community Watch Feedback,Waiting,No Action Required,"Thursday, August 19, 2010 12:58 AM",Your item could not be submitted to Symantec at this time. Another attempt will be made shortly.,Norton AntiVirus Online,Norton Community Watch Feedback,"c:\documents and settings\administrator\local settings\temp\rar$ex00.156\gmer.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 06:58:02 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 11:06 PM,Info,Statistical Submission: Trojan Horse,Submitted,No Action Required,"Thursday, August 19, 2010 12:52 AM",,Norton AntiVirus Online,Statistical Submission: Trojan Horse,"CSIDL_PROFILE\local settings\temp\rar$di28.453\fixo.batDetection Digest: 03 00 EA AF 01 01 01 03 00 18 C3 79 57 F5 4A A1 ...........yW.J. 3F 85 F7 A9 F4 26 B4 75 ED 00 00 00 00 49 20 1B ?....&.u.....I . DC 00 00 00 00 D5 2C 00 00 03 21 5D 63 04 03 00 ......,...!]c... 03 32 19 03 05 00 01 02 02 02 01 05 0A 00 57 69 .2............Wi 6E 52 41 52 2E 65 78 65 nRAR.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 06:51:49 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 11:05 PM,Info,Statistical Submission: Trojan Horse,Submitted,No Action Required,"Thursday, August 19, 2010 7:10 AM",,Norton AntiVirus Online,Statistical Submission: Trojan Horse,"CSIDL_PROFILE\local settings\temp\rar$di21.343\fixo.batDetection Digest: 03 00 EA AF 01 01 01 03 00 18 C3 79 57 F5 4A A1 ...........yW.J. 3F 85 F7 A9 F4 26 B4 75 ED 00 00 00 00 49 20 1B ?....&.u.....I . DC 00 00 00 00 D5 2C 00 00 03 21 5D 63 04 03 00 ......,...!]c... 01 32 19 03 05 00 01 02 02 02 01 05 0A 00 57 69 .2............Wi 6E 52 41 52 2E 65 78 65 nRAR.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 06:51:06 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 11:02 PM,Info,Statistical Submission: Trojan Horse,Submitted,No Action Required,"Thursday, August 19, 2010 7:10 AM",,Norton AntiVirus Online,Statistical Submission: Trojan Horse,"CSIDL_PROFILE\desktop\fixo\fixo\fixo.batDetection Digest: 03 00 EA AF 01 01 01 03 00 18 C3 79 57 F5 4A A1 ...........yW.J. 3F 85 F7 A9 F4 26 B4 75 ED 00 00 00 00 49 20 1B ?....&.u.....I . DC 00 00 00 00 D5 2C 00 00 03 21 5D 63 04 03 00 ......,...!]c... 00 32 19 03 05 00 01 02 02 02 01 05 0A 00 57 69 .2............Wi 6E 52 41 52 2E 65 78 65 nRAR.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 06:50:23 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 10:55 PM,Info,Statistical Submission: Trojan Horse,Submitted,No Action Required,"Thursday, August 19, 2010 7:10 AM",,Norton AntiVirus Online,Statistical Submission: Trojan Horse,"CSIDL_PROFILE\desktop\fixo\fixo.batDetection Digest: 03 00 EA AF 01 01 01 02 00 18 C3 79 57 F5 4A A1 ...........yW.J. 3F 85 F7 A9 F4 26 B4 75 ED 00 00 00 00 49 20 1B ?....&.u.....I . DC 00 00 00 00 D5 2C 00 00 03 21 5D 63 04 03 00 ......,...!]c... 00 32 19 03 05 00 01 02 02 02 01 .2......... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 06:50:01 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 7:07 PM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 9:17 PM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 03 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 30 A2 66 1D 04 03 00 ...M#....0.f.... 00 32 19 03 05 00 01 02 02 02 01 05 0C 00 77 69 .2............wi 6E 6C 6F 67 6F 6E 2E 65 78 65 nlogon.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 03:17:21 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 7:05 PM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 9:17 PM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 03 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 30 A2 66 1D 04 03 00 ...M#....0.f.... 00 32 19 03 05 00 01 02 02 02 01 05 0C 00 77 69 .2............wi 6E 6C 6F 67 6F 6E 2E 65 78 65 nlogon.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 03:17:18 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 7:01 PM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 9:17 PM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 03 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 30 A2 66 1D 04 03 00 ...M#....0.f.... 00 32 19 03 05 00 01 02 02 02 01 05 0C 00 77 69 .2............wi 6E 6C 6F 67 6F 6E 2E 65 78 65 nlogon.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 03:17:08 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 6:57 PM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 9:17 PM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 03 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 30 A2 66 1D 04 03 00 ...M#....0.f.... 00 32 19 03 05 00 01 02 02 02 01 05 0C 00 77 69 .2............wi 6E 6C 6F 67 6F 6E 2E 65 78 65 nlogon.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 03:16:57 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 6:03 PM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 9:16 PM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 03 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 30 A2 66 1D 04 03 00 ...M#....0.f.... 00 32 19 03 05 00 01 02 02 02 01 05 0C 00 77 69 .2............wi 6E 6C 6F 67 6F 6E 2E 65 78 65 nlogon.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 03:16:55 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 6:01 PM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 9:16 PM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 03 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 30 A2 66 1D 04 03 00 ...M#....0.f.... 00 32 19 03 05 00 01 02 02 02 01 05 0C 00 77 69 .2............wi 6E 6C 6F 67 6F 6E 2E 65 78 65 nlogon.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Thu, 19 Aug 2010 03:16:43 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 4:38 PM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Wednesday, August 18, 2010 4:42 PM",,Norton AntiVirus Online,Norton Community Watch Feedback,"c:\documents and settings\administrator\desktop\ultradefrag-portable-4.3.0.bin.i386\ultradefrag-portable-4.3.0.i386\udefrag-gui-config.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Wed, 18 Aug 2010 22:41:49 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 4:33 PM,Info,Sample Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 4:41 PM",,Norton AntiVirus Online,Sample Submission: Suspicious.Mystic,"CSIDL_SYSTEM\dllcache\explorer.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Wed, 18 Aug 2010 22:41:45 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 4:33 PM,Info,Sample Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 4:41 PM",,Norton AntiVirus Online,Sample Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmp OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Wed, 18 Aug 2010 22:41:38 GMT Product:Norton AntiVirus 17.7.0.12"
8/18/2010 4:30 PM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Wednesday, August 18, 2010 4:41 PM",,Norton AntiVirus Online,Norton Community Watch Feedback,"c:\documents and settings\administrator\desktop\ultradefrag-portable-4.3.0.bin.i386\ultradefrag-portable-4.3.0.i386\ultradefrag.exe OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Wed, 18 Aug 2010 22:41:11 GMT Product:Norton AntiVirus 17.7.0.12"
8/17/2010 9:15 PM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 4:41 PM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 02 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 30 A2 66 1D 04 03 00 ...M#....0.f.... 00 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Wed, 18 Aug 2010 22:41:08 GMT Product:Norton AntiVirus 17.7.0.12"
8/17/2010 9:00 PM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 4:41 PM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 02 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 30 A2 66 1D 04 03 00 ...M#....0.f.... 00 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Wed, 18 Aug 2010 22:41:02 GMT Product:Norton AntiVirus 17.7.0.12"
8/17/2010 8:53 PM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 4:41 PM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 02 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 30 A2 66 1D 04 03 00 ...M#....0.f.... 00 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Wed, 18 Aug 2010 22:41:01 GMT Product:Norton AntiVirus 17.7.0.12"
8/17/2010 8:15 PM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Wednesday, August 18, 2010 4:41 PM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_SYSTEM\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 02 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 30 A2 66 1D 04 03 00 ...M#....0.f.... 00 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Wed, 18 Aug 2010 22:41:01 GMT Product:Norton AntiVirus 17.7.0.12"
8/17/2010 3:55 AM,Info,Statistical Submission: Downloader,Submitted,No Action Required,"Tuesday, August 17, 2010 10:18 AM",,Norton AntiVirus Online,Statistical Submission: Downloader,"javaupdatemanager.class Detection Digest: 03 00 EA AF 01 01 01 02 00 DB C0 AD B9 A3 7A 7D ..............z} 6D F2 1C 88 9B B8 2F FC 51 00 00 00 00 06 3B E7 m...../.Q.....;. C6 00 00 00 00 78 15 00 00 E5 26 9A 67 04 03 00 .....x....&.g... 01 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Tue, 17 Aug 2010 10:14:45 GMT Product:Norton AntiVirus 17.7.0.12"
8/17/2010 3:55 AM,Info,Statistical Submission: Downloader,Submitted,No Action Required,"Tuesday, August 17, 2010 10:18 AM",,Norton AntiVirus Online,Statistical Submission: Downloader,"javaupdateapplication.class Detection Digest: 03 00 EA AF 01 01 01 02 00 65 18 D0 BC FD C8 F7 .........e...... 40 03 F8 95 A7 F8 BA 85 8C 00 00 00 00 B7 1A 37 @..............7 F5 00 00 00 00 6E 02 00 00 B5 10 B9 81 04 03 00 .....n.......... 00 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Tue, 17 Aug 2010 10:15:05 GMT Product:Norton AntiVirus 17.7.0.12"
8/17/2010 3:55 AM,Info,Statistical Submission: Downloader,Submitted,No Action Required,"Tuesday, August 17, 2010 4:14 AM",,Norton AntiVirus Online,Statistical Submission: Downloader,"javaupdatemanager.class Detection Digest: 03 00 EA AF 01 01 01 02 00 DB C0 AD B9 A3 7A 7D ..............z} 6D F2 1C 88 9B B8 2F FC 51 00 00 00 00 06 3B E7 m...../.Q.....;. C6 00 00 00 00 78 15 00 00 E5 26 9A 67 04 03 00 .....x....&.g... 01 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Tue, 17 Aug 2010 10:14:40 GMT Product:Norton AntiVirus 17.7.0.12"
8/17/2010 3:55 AM,Info,Statistical Submission: Downloader,Submitted,No Action Required,"Tuesday, August 17, 2010 4:14 AM",,Norton AntiVirus Online,Statistical Submission: Downloader,"javaupdateapplication.class Detection Digest: 03 00 EA AF 01 01 01 02 00 65 18 D0 BC FD C8 F7 .........e...... 40 03 F8 95 A7 F8 BA 85 8C 00 00 00 00 B7 1A 37 @..............7 F5 00 00 00 00 6E 02 00 00 B5 10 B9 81 04 03 00 .....n.......... 00 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Tue, 17 Aug 2010 10:14:31 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 4:39 PM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Tuesday, August 17, 2010 4:18 AM",,Norton AntiVirus Online,IPS Detection Statistical Submission,"Signature ID: 23318 Local or Remote Attacker: 1 Remote Port: 2174 Local Port: 80 Protocol: 6 Signature Set Version: 20100813.004 Application Name: \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\APPLICATION\CHROME.EXE Offending URL: software-files-l.cnet.com/s/software/11/32/83/46/wrar393.exe?e=1282019942&h=e9fe7218a8f45d59471caba90c0571c8&lop=link&ptype=1901&ontid=2250&siteId=4&edId=3&spi=cb1720272c479d46cd76402a262bb519&pid=11328346&psid=10007677&fileName=wrar393.exe Date Detected: Mon, 16 Aug 2010 22:39:10 GMT Application File Checksum: AE4FDCD118E80F22F122AAAD87E92769 Application File Information: 0.0.0.0 Network Data: 434D50520014000078DAEDD0CB4AC3401406E0131537DE1682A00F30BB762E99643242284523EDC25BAA08BA286932A5C1B4094DA0FA5EBE8BAFE3B46811572EDC08E783E164203F877FAECECFBA5BDB002700B009E038766ED8B39C5BF61C3D01F87BF6E6EC81FD0D1EE008E2E8F63E1ADC0D7B51F73C8A87717411C5513C699AEA94D2AC5CCC8A32C9DAE9CC34EDB49C529731DE12C26343D9E28C31E52BD59E34D3A2535779988EB8124C28914AA533E9A799F2251389F0C568E4710DCEEE6AF1311CFE5CDCBB1EDCD5E5B8592473D31AE785A95BC57A2D3807ABDC1BECAF7337DDB87B39E898908B4030AEB51464121A3D364AF02009C6D2CB3C2D154F9351A259CA3CFB1990A2ACC2229F3D93AA79AD6C58334ECA599367E1B215A9F3C6F4B3501293D9E192DFB422954D73EE8AC0953EA9EAE5EDF369C8B2C9553235E1629ECC5DEDB6CD8B016773D5E61D76D66DEEE33EADE9D70350CEA92B68E052E9D36FC9FFD8F6F21110420821841042082184D0DFF8008C42ADA9 Sub-signature ID: 68918 Remote Address: 68.142.122.114 OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Tue, 17 Aug 2010 01:53:08 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 12:59 AM,Info,Sample Submission: Suspicious.Mystic,Submitted,No Action Required,"Monday, August 16, 2010 2:02 AM",,Norton AntiVirus Online,Sample Submission: Suspicious.Mystic,"CSIDL_WINDOWS\temp.tmp OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Mon, 16 Aug 2010 08:02:19 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 12:58 AM,Info,Statistical Submission: Trojan Horse,Submitted,No Action Required,"Monday, August 16, 2010 2:02 AM",,Norton AntiVirus Online,Statistical Submission: Trojan Horse,"CSIDL_PROFILE\local settings\temp\axromecsnw.tmpDetection Digest: 03 00 EA AF 01 01 01 02 00 05 05 37 1F 3A 0F 9A ...........7.:.. 0C 26 06 F8 A6 EF 53 5C CF 00 00 00 00 52 2B F7 .&....S\.....R+. F7 05 56 A7 3E 00 00 00 00 E9 4D 69 08 04 03 00 ..V.>.....Mi.... 01 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Mon, 16 Aug 2010 08:02:19 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 12:57 AM,Info,Statistical Submission: Suspicious.Mystic,Submitted,No Action Required,"Monday, August 16, 2010 2:02 AM",,Norton AntiVirus Online,Statistical Submission: Suspicious.Mystic,"CSIDL_WINDOWS\temp.tmpDetection Digest: 03 00 EA AF 0A 01 00 02 00 00 00 00 00 83 AC 71 ...............q 92 E8 8B 4D 23 00 00 00 00 5E 3F DF 74 04 03 00 ...M#....^?.t... 05 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Mon, 16 Aug 2010 08:02:18 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 12:57 AM,Info,Statistical Submission: Downloader.Harnig!gen1,Submitted,No Action Required,"Monday, August 16, 2010 2:02 AM",,Norton AntiVirus Online,Statistical Submission: Downloader.Harnig!gen1,"CSIDL_PROFILE\local settings\temp\moercsaxwn.tmpDetection Digest: 03 00 EA AF 04 01 00 02 00 00 00 00 00 CE 8B C8 ................ 9C ED EF 93 82 00 00 00 00 B1 9F 00 8D 04 03 00 ................ 04 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Mon, 16 Aug 2010 08:02:09 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 12:57 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Monday, August 16, 2010 2:02 AM",,Norton AntiVirus Online,IPS Detection Statistical Submission,"Signature ID: 23615 Local or Remote Attacker: 2 Remote Port: 443 Local Port: 1821 Protocol: 6 Signature Set Version: 20100813.004 Application Name: \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WAMXSREOCN.TMP Offending URL: Date Detected: Mon, 16 Aug 2010 06:57:47 GMT Network Data: 4E444341040600001A00000003000001010000008C00000001000000000000003F5C0000A90E010030818902818100B37CCD3C94B837849CD26474FBC6494630E17E99D7C43B2DC4876DC33EEC7E52612166C8B7CB2DBE4FDA5183DFDF7F561F97B2377140F1014D2DF8ECA80C1F5D50152AF28BC6BAB557B843B0A5C84E35D628DC01B65578EC7A1CBC5FA9B1A18757F3DFEA6219D1A4B82A9150BBAEA3D54158ED02E912C628B012F6F2E619A3450203010001 Sub-signature ID: 69289 Remote Address: 61.61.20.132 OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Mon, 16 Aug 2010 08:02:04 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 12:57 AM,Info,Statistical Submission: Backdoor.Tidserv,Submitted,No Action Required,"Monday, August 16, 2010 2:02 AM",,Norton AntiVirus Online,Statistical Submission: Backdoor.Tidserv,"CSIDL_PROFILE\local settings\temp\320.tmpDetection Digest: 03 00 EA AF 01 01 01 02 00 FA F3 DA 7C B4 B2 6B ............|..k F7 75 EE 40 BA D5 91 07 BA 00 00 00 00 83 AC 71 [email protected] 92 10 D9 B3 57 00 00 00 00 CE 72 C1 73 04 03 00 ....W.....r.s... 01 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Mon, 16 Aug 2010 08:02:03 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 12:57 AM,Info,Statistical Submission: Backdoor.Tidserv,Submitted,No Action Required,"Monday, August 16, 2010 2:02 AM",,Norton AntiVirus Online,Statistical Submission: Backdoor.Tidserv,"CSIDL_PROFILE\local settings\temp\322.tmpDetection Digest: 03 00 EA AF 01 01 01 02 00 FA F3 DA 7C B4 B2 6B ............|..k F7 75 EE 40 BA D5 91 07 BA 00 00 00 00 83 AC 71 [email protected] 92 10 D9 B3 57 00 00 00 00 CE 72 C1 73 04 03 00 ....W.....r.s... 01 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Mon, 16 Aug 2010 08:02:03 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 12:57 AM,Info,Statistical Submission: Backdoor.Tidserv,Submitted,No Action Required,"Monday, August 16, 2010 2:02 AM",,Norton AntiVirus Online,Statistical Submission: Backdoor.Tidserv,"CSIDL_PROFILE\local settings\temp\321.tmpDetection Digest: 03 00 EA AF 01 01 01 02 00 FA F3 DA 7C B4 B2 6B ............|..k F7 75 EE 40 BA D5 91 07 BA 00 00 00 00 83 AC 71 [email protected] 92 10 D9 B3 57 00 00 00 00 CE 72 C1 73 04 03 00 ....W.....r.s... 03 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Mon, 16 Aug 2010 08:02:02 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 12:57 AM,Info,Statistical Submission: CoreGuardAntivirus2009,Submitted,No Action Required,"Monday, August 16, 2010 2:02 AM",,Norton AntiVirus Online,Statistical Submission: CoreGuardAntivirus2009,"CSIDL_PROFILE\local settings\temp\amsxwnorce.tmpDetection Digest: 03 00 EA AF 09 02 01 02 00 B1 7D BB 66 34 24 D5 ..........}.f4$. 8E 82 84 72 59 D9 F4 E4 1F 00 00 00 00 22 54 5A ...rY........\"TZ 62 15 38 CA 32 00 00 00 00 11 60 17 8C 04 03 00 b.8.2.....`..... 00 32 19 03 03 00 01 02 02 .2....... OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Mon, 16 Aug 2010 08:02:01 GMT Product:Norton AntiVirus 17.7.0.12"
8/16/2010 12:57 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Monday, August 16, 2010 2:02 AM",,Norton AntiVirus Online,Norton Community Watch Feedback,"c:\documents and settings\administrator\local settings\temp\wamxsreocn.tmp OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Mon, 16 Aug 2010 08:01:59 GMT Product:Norton AntiVirus 17.7.0.12"
8/13/2010 10:52 PM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Saturday, August 14, 2010 2:18 AM",,Norton AntiVirus Online,IPS Detection Statistical Submission,"Signature ID: 23511 Local or Remote Attacker: 2 Remote Port: 80 Local Port: 3728 Protocol: 6 Signature Set Version: 20100809.001 Application Name: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\JAVA\JRE6\BIN\JAVAW.EXE Offending URL: ccdfr.com/fm/x/l.php?s=0day& Date Detected: Sat, 14 Aug 2010 04:52:39 GMT Application File Checksum: B427962BDB196D132AF50F6C7B78380D Application File Information: 6.0.180.7 Network Data: 434D50520014000078DAEDCA410A824018C5F137295114B570D7015A3A1DA08821076C61E5A89B5A4828D222496A5327ED3A0D465EA0EDFBC1C7C783FF2ED828B70FCC00388010F6F7EC89EFC6FB042C5DBBC41836C3101E8C8E339DA479A855A04D1EEE93B428CAEAEE17B71A62DA76034CBAEEA08C8A92F563B528CFAF3984D3161E465D9199ADAC6AF99457BFB934BF323A82888888888888888888FEF001BAD31DA4 Sub-signature ID: 66620 Remote Address: 85.234.190.57 OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Sat, 14 Aug 2010 08:18:33 GMT Product:Norton AntiVirus 17.7.0.12"
8/13/2010 10:52 PM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Saturday, August 14, 2010 2:18 AM",,Norton AntiVirus Online,IPS Detection Statistical Submission,"Signature ID: 23318 Local or Remote Attacker: 1 Remote Port: 3728 Local Port: 80 Protocol: 6 Signature Set Version: 20100809.001 Application Name: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\JAVA\JRE6\BIN\JAVAW.EXE Offending URL: ccdfr.com/fm/x/l.php?s=0day& Date Detected: Sat, 14 Aug 2010 04:52:39 GMT Application File Checksum: B427962BDB196D132AF50F6C7B78380D Application File Information: 6.0.180.7 Network Data: 434D50520014000078DAEDCACD0A82401885E1331951F4B7105A74012DB5659B8821076C61D68C6E6A21A1488B24A94DDD7D839137D0F63CF0F171E0DD075BD9ED0173000E2084FD1D7BE2BB313B03ABB15D62049B6100175A1D5365922C5432503A0B6393E479513EBCFC5E414C9BAE8F49DB1DA49691D93CD7CBE2F25E40384DE162D816A9DEF965E5BFFC9B575FEB5F199D404444444444444444447FF80021641CE8 Sub-signature ID: 68920 Remote Address: 85.234.190.57 OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Sat, 14 Aug 2010 08:18:29 GMT Product:Norton AntiVirus 17.7.0.12"
8/13/2010 5:37 AM,Info,IPS Statistical Submission,Submitted,No Action Required,"Friday, August 13, 2010 6:06 AM",,Norton AntiVirus Online,IPS Statistical Submission,"Signature ID: DLLMM Signature Set Version: 20100809.001 Application Name: C:\WINDOWS\system32\mshtml.dll Date Detected: Fri, 13 Aug 2010 11:37:45 GMT Application File Checksum: D4DF8DBDB4D0E4B2807E30B42C8E9979 Application File Information: 8.0.6001.18939 Flags: 0x00000001 OS-Country:1 OS-Language:English Processor:x86 Family 15 Model 2 Stepping 4 System:Windows XP build 2600 Service Pack 3 Platform-GUID:EE290B34-8191-11DF-B155-000347E699B7 DateSubmitted:Fri, 13 Aug 2010 12:06:47 GMT Product:Norton AntiVirus 17.7.0.12"


Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
8/19/2010 10:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 10:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2132,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2776,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,688,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 8:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 8:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,4028,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 7:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 7:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3580,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 6:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 6:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2428,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 5:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 5:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,464,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 4:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 4:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1252,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 3:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 3:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1804,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 2:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 2:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3896,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 1:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 1:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3992,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 12:28 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Thursday, August 19, 2010 12:28 AM",C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\GMER\GMER.EXE,3864,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Access Process Data,Unauthorized access blocked
8/19/2010 12:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 12:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2776,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,836,Open Process Token,Unauthorized access blocked
8/19/2010 12:21 AM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Thursday, August 19, 2010 12:21 AM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,924,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2432,Duplicate Object,Unauthorized access blocked
8/19/2010 12:08 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Thursday, August 19, 2010 12:08 AM",C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE,3004,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,368,Access Process Data,Unauthorized access blocked
8/19/2010 12:05 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Thursday, August 19, 2010 12:05 AM",C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE,3004,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,3640,Access Process Data,Unauthorized access blocked
8/19/2010 12:05 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Thursday, August 19, 2010 12:05 AM",C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE,3004,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,368,Access Process Data,Unauthorized access blocked
8/19/2010 12:00 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 19, 2010 12:00 AM",C:\WINDOWS\SYSTEM32\CTFMON.EXE,2564,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,3640,Open Process Token,Unauthorized access blocked
8/18/2010 11:57 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Wednesday, August 18, 2010 11:57 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,920,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,3640,Duplicate Object,Unauthorized access blocked
8/18/2010 11:57 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 11:57 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3700,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,368,Open Process Token,Unauthorized access blocked
8/18/2010 11:57 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 11:57 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,380,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,368,Open Process Token,Unauthorized access blocked
8/18/2010 11:54 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 11:54 PM",C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\TFC.EXE,3788,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Access Process Data,Unauthorized access blocked
8/18/2010 11:52 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 11:52 PM",C:\WINDOWS\SYSTEM32\CTFMON.EXE,2212,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2624,Open Process Token,Unauthorized access blocked
8/18/2010 11:46 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 11:46 PM",C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.156\GMER.EXE,2688,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2624,Access Process Data,Unauthorized access blocked
8/18/2010 11:46 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 11:46 PM",C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.156\GMER.EXE,2688,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2624,Access Process Data,Unauthorized access blocked
8/18/2010 11:46 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 11:46 PM",C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.156\GMER.EXE,2688,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Access Process Data,Unauthorized access blocked
8/18/2010 11:46 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 11:46 PM",C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.156\GMER.EXE,2688,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Access Process Data,Unauthorized access blocked
8/18/2010 11:46 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 11:46 PM",C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.156\GMER.EXE,2688,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\mcui32.exe,3376,Access Process Data,Unauthorized access blocked
8/18/2010 11:46 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 11:46 PM",C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.156\GMER.EXE,2688,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\mcui32.exe,3376,Access Process Data,Unauthorized access blocked
8/18/2010 11:44 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 11:44 PM",C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.156\GMER.EXE,2688,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Access Process Data,Unauthorized access blocked
8/18/2010 11:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 11:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2768,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Open Process Token,Unauthorized access blocked
8/18/2010 10:56 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 10:56 PM",C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\FIXO\PROCESS.EXE,2524,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Open Process Token,Unauthorized access blocked
8/18/2010 10:36 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 10:36 PM",C:\WINDOWS\INSTALLER\MSI13.TMP,2484,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Access Process Data,Unauthorized access blocked
8/18/2010 10:35 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 10:35 PM",C:\WINDOWS\INSTALLER\MSI13.TMP,2484,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Access Process Data,Unauthorized access blocked
8/18/2010 10:35 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 10:35 PM",C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,3392,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Access Process Data,Unauthorized access blocked
8/18/2010 10:35 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 10:35 PM",C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,3392,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Access Process Data,Unauthorized access blocked
8/18/2010 10:35 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Wednesday, August 18, 2010 10:35 PM",C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,3392,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Access Process Data,Unauthorized access blocked
8/18/2010 10:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 10:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2332,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Open Process Token,Unauthorized access blocked
8/18/2010 9:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 9:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1504,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1132,Open Process Token,Unauthorized access blocked
8/18/2010 8:58 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Wednesday, August 18, 2010 8:58 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,920,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2624,Duplicate Object,Unauthorized access blocked
8/18/2010 7:05 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 7:05 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3848,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,576,Open Process Token,Unauthorized access blocked
8/18/2010 7:05 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Wednesday, August 18, 2010 7:05 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,912,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,3504,Duplicate Object,Unauthorized access blocked
8/18/2010 6:53 PM,Medium,Unauthorized access blocked (Send Terminate Message to Window),Blocked,No Action Required,"Wednesday, August 18, 2010 6:53 PM",C:\WINDOWS\SYSTEM32\CTFMON.EXE,2104,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,592,Send Terminate Message to Window,Unauthorized access blocked
8/18/2010 6:40 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 6:40 PM",C:\WINDOWS\SYSTEM32\CTFMON.EXE,2104,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,592,Open Process Token,Unauthorized access blocked
8/18/2010 6:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 6:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3632,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,820,Open Process Token,Unauthorized access blocked
8/18/2010 5:54 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Wednesday, August 18, 2010 5:54 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,928,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,592,Duplicate Object,Unauthorized access blocked
8/18/2010 5:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 5:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2828,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,820,Open Process Token,Unauthorized access blocked
8/18/2010 4:29 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Wednesday, August 18, 2010 4:29 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,928,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,592,Duplicate Object,Unauthorized access blocked
8/18/2010 4:29 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Wednesday, August 18, 2010 4:29 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1312,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,820,Open Process Token,Unauthorized access blocked
8/17/2010 9:16 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, August 17, 2010 9:16 PM",C:\WINDOWS\SYSTEM32\DRWTSN32.EXE,336,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,816,Access Process Data,Unauthorized access blocked
8/17/2010 9:14 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 9:14 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1716,Duplicate Object,Unauthorized access blocked
8/17/2010 9:14 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 9:14 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1204,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,816,Open Process Token,Unauthorized access blocked
8/17/2010 9:00 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 9:00 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,564,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,444,Open Process Token,Unauthorized access blocked
8/17/2010 8:53 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 8:53 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2464,Duplicate Object,Unauthorized access blocked
8/17/2010 8:53 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, August 17, 2010 8:53 PM",C:\WINDOWS\SYSTEM32\DRWTSN32.EXE,3400,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,840,Access Process Data,Unauthorized access blocked
8/17/2010 8:51 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 8:51 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2464,Duplicate Object,Unauthorized access blocked
8/17/2010 8:48 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 8:48 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2540,Duplicate Object,Unauthorized access blocked
8/17/2010 8:41 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 8:41 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,912,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2468,Duplicate Object,Unauthorized access blocked
8/17/2010 8:17 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, August 17, 2010 8:17 PM",C:\WINDOWS\SYSTEM32\DRWTSN32.EXE,1828,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1108,Access Process Data,Unauthorized access blocked
8/17/2010 8:09 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 8:09 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2532,Duplicate Object,Unauthorized access blocked
8/17/2010 7:57 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 7:57 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2532,Duplicate Object,Unauthorized access blocked
8/17/2010 7:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 7:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3384,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1048,Open Process Token,Unauthorized access blocked
8/17/2010 7:24 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 7:24 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2484,Duplicate Object,Unauthorized access blocked
8/17/2010 7:21 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 7:21 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2484,Duplicate Object,Unauthorized access blocked
8/17/2010 7:01 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 7:01 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2512,Duplicate Object,Unauthorized access blocked
8/17/2010 6:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 6:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3788,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1104,Open Process Token,Unauthorized access blocked
8/17/2010 6:18 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 6:18 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2596,Duplicate Object,Unauthorized access blocked
8/17/2010 6:15 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 6:15 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2600,Duplicate Object,Unauthorized access blocked
8/17/2010 5:30 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 5:30 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2576,Duplicate Object,Unauthorized access blocked
8/17/2010 5:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 5:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2716,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1104,Open Process Token,Unauthorized access blocked
8/17/2010 5:10 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 5:10 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2052,Duplicate Object,Unauthorized access blocked
8/17/2010 4:52 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 4:52 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2656,Duplicate Object,Unauthorized access blocked
8/17/2010 4:49 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 4:49 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2672,Duplicate Object,Unauthorized access blocked
8/17/2010 4:40 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 4:40 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2672,Duplicate Object,Unauthorized access blocked
8/17/2010 4:35 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 4:35 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2672,Duplicate Object,Unauthorized access blocked
8/17/2010 4:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 4:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1392,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,676,Open Process Token,Unauthorized access blocked
8/17/2010 3:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 3:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,4088,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,676,Open Process Token,Unauthorized access blocked
8/17/2010 2:40 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 2:40 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2100,Duplicate Object,Unauthorized access blocked
8/17/2010 2:40 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 2:40 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,708,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,676,Open Process Token,Unauthorized access blocked
8/17/2010 2:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 2:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3256,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 1:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 1:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,636,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 12:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 12:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,4000,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 11:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 11:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2504,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 10:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 10:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,4016,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,128,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2296,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 8:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 8:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3320,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 7:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 7:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3684,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 6:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 6:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3008,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 5:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 5:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3144,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 4:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 4:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2992,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 3:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 3:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2448,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 2:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 2:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1696,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 1:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 1:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3392,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,364,Open Process Token,Unauthorized access blocked
8/17/2010 1:03 AM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Tuesday, August 17, 2010 1:03 AM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,908,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,2996,Duplicate Object,Unauthorized access blocked
8/17/2010 12:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, August 17, 2010 12:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2324,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 11:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 11:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2776,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 10:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 10:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1960,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 9:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 9:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3940,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 8:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 8:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3392,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 7:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 7:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1872,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 6:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 6:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2620,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 5:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 5:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1820,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 4:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 4:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,604,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 3:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 3:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2520,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 2:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 2:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2184,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 1:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 1:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1580,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 12:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 12:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2800,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 11:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 11:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,596,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 10:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 10:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2704,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2836,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2548,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 8:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 8:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2800,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 7:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 7:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3724,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 6:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 6:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1044,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 5:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 5:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2900,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 4:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 4:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3592,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 3:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 3:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2204,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 2:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 2:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3864,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 1:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 1:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3892,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/16/2010 12:58 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 12:58 AM",C:\WINDOWS\SYSTEM32\CTFMON.EXE,3012,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,3684,Open Process Token,Unauthorized access blocked
8/16/2010 12:58 AM,Medium,Unauthorized access blocked (Send Terminate Message to Window),Blocked,No Action Required,"Monday, August 16, 2010 12:58 AM",C:\WINDOWS\SYSTEM32\CTFMON.EXE,3012,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,3684,Send Terminate Message to Window,Unauthorized access blocked
8/16/2010 12:43 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Monday, August 16, 2010 12:43 AM",C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE,3520,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Access Process Data,Unauthorized access blocked
8/16/2010 12:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Monday, August 16, 2010 12:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,776,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 11:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 11:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3004,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 10:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 10:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2180,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 9:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 9:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2992,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 8:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 8:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2504,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 7:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 7:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3164,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 6:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 6:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1340,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 5:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 5:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1620,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 4:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 4:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2980,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 3:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 3:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3520,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 2:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 2:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2544,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 1:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 1:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3376,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 12:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 12:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1480,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 11:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 11:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2940,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 10:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 10:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3820,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3528,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2952,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 8:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 8:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2396,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 7:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 7:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3108,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 6:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 6:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,744,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 5:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 5:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3792,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 4:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 4:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2176,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 3:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 3:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1900,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 2:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 2:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,688,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 1:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 1:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1140,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/15/2010 12:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Sunday, August 15, 2010 12:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3136,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/14/2010 11:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 11:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3064,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/14/2010 10:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 10:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2228,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/14/2010 9:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 9:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3696,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/14/2010 8:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 8:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3124,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/14/2010 7:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 7:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2976,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/14/2010 6:51 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Saturday, August 14, 2010 6:51 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,904,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,3684,Duplicate Object,Unauthorized access blocked
8/14/2010 6:51 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 6:51 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3820,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,420,Open Process Token,Unauthorized access blocked
8/14/2010 6:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 6:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1936,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 5:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 5:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3944,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 4:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 4:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2836,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 3:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 3:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1268,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 2:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 2:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2292,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 1:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 1:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3824,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 12:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 12:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3244,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 11:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 11:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2636,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 10:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 10:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2548,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3344,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3996,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 8:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 8:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3232,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 7:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 7:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3456,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 6:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 6:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2608,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 5:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 5:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1372,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 4:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 4:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3556,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 3:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 3:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3332,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 2:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 2:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2140,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 1:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 1:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2660,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/14/2010 12:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Saturday, August 14, 2010 12:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1564,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 11:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 11:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2456,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 10:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 10:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3108,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 9:48 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Friday, August 13, 2010 9:48 PM",C:\WINDOWS\SYSTEM32\DRWTSN32.EXE,420,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Access Process Data,Unauthorized access blocked
8/13/2010 9:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 9:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3152,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 8:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 8:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2472,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 7:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 7:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1352,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 7:17 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Friday, August 13, 2010 7:17 PM",C:\WINDOWS\SYSTEM32\DRWTSN32.EXE,2576,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Access Process Data,Unauthorized access blocked
8/13/2010 6:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 6:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2784,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 5:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 5:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,416,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 4:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 4:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3236,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 3:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 3:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1604,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 2:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 2:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2088,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 1:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 1:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,4024,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 12:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 12:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3932,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 11:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 11:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3868,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 10:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 10:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1272,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3992,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 9:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 9:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,892,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 8:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 8:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2064,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 7:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 7:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3944,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 6:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 6:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,1272,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 5:36 AM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Friday, August 13, 2010 5:36 AM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,912,\Device\HarddiskVolume1\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,1424,Duplicate Object,Unauthorized access blocked
8/13/2010 5:35 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 5:35 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2076,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 5:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 5:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3792,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,396,Open Process Token,Unauthorized access blocked
8/13/2010 4:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 4:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3240,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/13/2010 4:09 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Friday, August 13, 2010 4:09 AM",C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,1656,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Access Process Data,Unauthorized access blocked
8/13/2010 4:09 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Friday, August 13, 2010 4:09 AM",C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,1656,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Access Process Data,Unauthorized access blocked
8/13/2010 4:09 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Friday, August 13, 2010 4:09 AM",C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,1656,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Access Process Data,Unauthorized access blocked
8/13/2010 4:09 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Friday, August 13, 2010 4:09 AM",C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,1656,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,3700,Access Process Data,Unauthorized access blocked
8/13/2010 4:09 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Friday, August 13, 2010 4:09 AM",C:\WINDOWS\SYSTEM32\MSIEXEC.EXE,1656,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Access Process Data,Unauthorized access blocked
8/13/2010 4:03 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Friday, August 13, 2010 4:03 AM",C:\WINDOWS\SYSTEM32\MRT.EXE,684,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Access Process Data,Unauthorized access blocked
8/13/2010 4:03 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Friday, August 13, 2010 4:03 AM",C:\WINDOWS\SYSTEM32\MRT.EXE,684,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Access Process Data,Unauthorized access blocked
8/13/2010 3:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 3:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,984,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/13/2010 2:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 2:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3492,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/13/2010 1:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 1:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2144,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/13/2010 12:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Friday, August 13, 2010 12:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3444,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 11:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 11:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3564,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 10:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 10:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,604,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 9:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 9:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3428,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 8:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 8:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3664,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 7:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 7:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,524,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 6:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 6:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2340,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 5:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 5:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,312,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 4:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 4:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,2324,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 3:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 3:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3992,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 2:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 2:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3752,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 1:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 1:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,284,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 12:25 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 12:25 PM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,252,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked
8/12/2010 11:25 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Thursday, August 12, 2010 11:25 AM",C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,3564,C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe,424,Open Process Token,Unauthorized access blocked


Category: Silent Mode
Date & Time,Risk,Activity,Status
8/17/2010 12:59 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/17/2010 12:38 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/17/2010 12:31 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/17/2010 12:10 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/17/2010 12:10 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/16/2010 11:48 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/16/2010 11:48 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/16/2010 11:24 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/16/2010 5:30 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/16/2010 5:07 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/16/2010 5:03 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/16/2010 4:42 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/16/2010 4:37 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/16/2010 4:11 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/16/2010 4:11 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/16/2010 4:07 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/16/2010 1:49 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/16/2010 1:33 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/16/2010 1:33 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/16/2010 1:28 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/16/2010 12:28 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/16/2010 12:07 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/16/2010 12:06 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/15/2010 11:45 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/15/2010 11:45 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/15/2010 11:24 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/15/2010 11:24 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/15/2010 11:01 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/15/2010 10:59 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/15/2010 10:59 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/15/2010 8:43 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/15/2010 8:37 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/15/2010 8:36 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/15/2010 8:32 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/15/2010 1:52 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/15/2010 1:31 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/15/2010 12:16 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 11:55 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 11:54 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 11:36 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 11:32 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 11:32 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 11:32 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 11:10 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 4:58 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 4:46 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 4:44 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 4:22 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 4:21 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 4:21 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 1:57 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 1:36 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 1:35 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 1:14 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 1:10 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 12:47 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 12:46 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 12:22 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 12:17 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 11:56 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 1:54 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 1:31 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 1:31 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 1:09 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 1:09 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/14/2010 12:45 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/14/2010 12:10 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 11:48 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 11:17 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 11:14 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 11:13 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 10:54 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 10:54 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 10:54 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 10:50 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 10:30 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 10:29 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 10:10 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 10:10 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 10:10 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 10:10 PM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 10:07 PM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 1:56 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 1:40 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 1:40 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 1:38 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 1:37 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 1:35 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
8/13/2010 1:35 AM,Info,A program exited full-screen mode. Silent Mode is off.,Completed
8/13/2010 1:34 AM,Info,A program entered full-screen mode. Silent Mode is on.,Completed
  • 0

Advertisements


#2
JImRob

JImRob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Sorry I forgot the extras log file from OTL

OTL Extras logfile created on: 8/19/2010 10:01:27 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 10.61 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.91 Gb Total Space | 1.91 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive G: | 149.01 Gb Total Space | 9.21 Gb Free Space | 6.18% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUKACOVIC
Current User Name: Lukacovic Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- C:\WINDOWS\system32\mshta.exe "" (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8080:TCP" = 8080:TCP:*:Enabled:localhost
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player -- File not found
"C:\Program Files\Kazaa Lite\KazaaLite.kpp" = C:\Program Files\Kazaa Lite\KazaaLite.kpp:*:Disabled:Kazaa Lite -- File not found
"C:\Program Files\Savings Bond Wizard\SBWizard.exe" = C:\Program Files\Savings Bond Wizard\SBWizard.exe:*:Enabled:Savings Bond Wizard -- (U.S. Department of the Treasury)
"C:\Program Files\Propel Accelerator\propelac.exe" = C:\Program Files\Propel Accelerator\propelac.exe:*:Enabled:Start Propel Accelerator ISPWest Edition -- File not found
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Disabled:AOL Instant Messenger -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\FreeSpace\FS.exe" = C:\Program Files\FreeSpace\FS.exe:*:Enabled:FreeSpace -- File not found
"C:\Program Files\Microsoft Games\FS2002\fs2002.exe" = C:\Program Files\Microsoft Games\FS2002\fs2002.exe:*:Disabled:Microsoft Flight Simulator Module -- File not found
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50F81341-82CC-458C-A66D-ADC42D25D727}" = Topo USA 5.0
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.76
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C7F0B319-2FD0-473F-AC6C-E74035AF85D0}" = TaxCut Colorado 2008
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5CC4DB1-A066-4220-B168-24A0BBDE676B}" = H&R Block Colorado 2009
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A4E6B2-D45F-4EB1-8C3A-6EB8D45A31C9}" = ClientTools
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"AceWeb Internet" = AceWeb Internet
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"CANONBJ_Deinstall_CNMCP3m.DLL" = Canon S520
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0
"EPSON Scanner" = EPSON Scan
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"Home Legal Advisor" = Home Legal Advisor
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® Network Connections Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Uninstall Presto! BizCard 4.1 Eng" = Presto! BizCard 4.1 Eng
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2010 9:07:56 PM | Computer Name = LUKACOVIC | Source = Windows Search Service | ID = 3025
Description = Critical error 9 occurred, and the index was shut down. The system
is probably low on resources. Free up resources and restart the service. Context:
Application, SystemIndex Catalog Details: Insufficient system resources exist to
complete the requested service. (0x800705aa)

Error - 8/18/2010 9:07:56 PM | Computer Name = LUKACOVIC | Source = Windows Search Service | ID = 3033
Description = A new queue file cannot be created. Context: Application, SystemIndex
Catalog Details: Insufficient system resources exist to complete the requested service.
(0x800705aa)

Error - 8/18/2010 9:07:56 PM | Computer Name = LUKACOVIC | Source = Windows Search Service | ID = 3025
Description = Critical error 10 occurred, and the index was shut down. The system
is probably low on resources. Free up resources and restart the service. Context:
Application, SystemIndex Catalog Details: Insufficient system resources exist to
complete the requested service. (0x800705aa)

Error - 8/18/2010 9:07:57 PM | Computer Name = LUKACOVIC | Source = Windows Search Service | ID = 10021
Description = Could not get performance counter registry info for WSearchIdxPi for
instance due to the following error: The operation completed successfully.
0x0.

Error - 8/18/2010 9:07:59 PM | Computer Name = LUKACOVIC | Source = Windows Search Service | ID = 3026
Description = Advise Status Change failed. The system is probably low on resources.
Free up resources and restart the service. Context: Application, SystemIndex Catalog

Details:
The
object was not found. (0x80041815)

Error - 8/18/2010 9:11:29 PM | Computer Name = LUKACOVIC | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/18/2010 9:11:59 PM | Computer Name = LUKACOVIC | Source = Windows Search Service | ID = 10021
Description = Could not get performance counter registry info for WSearchIdxPi for
instance due to the following error: The operation completed successfully.
0x0.

Error - 8/18/2010 9:12:01 PM | Computer Name = LUKACOVIC | Source = Windows Search Service | ID = 1006
Description = The Windows Search Service has failed to create the SystemIndex search
index. Internal error <0, 0x80070013, Could not detect if setup run previously>.


Error - 8/18/2010 11:01:39 PM | Computer Name = LUKACOVIC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 8/18/2010 11:01:47 PM | Computer Name = LUKACOVIC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 8/18/2010 10:59:03 PM | Computer Name = LUKACOVIC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 8/19/2010 1:54:11 AM | Computer Name = LUKACOVIC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/19/2010 1:54:11 AM | Computer Name = LUKACOVIC | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/19/2010 1:54:11 AM | Computer Name = LUKACOVIC | Source = Service Control Manager | ID = 7034
Description = The EPSON V5 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/19/2010 1:54:11 AM | Computer Name = LUKACOVIC | Source = Service Control Manager | ID = 7034
Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/19/2010 1:54:11 AM | Computer Name = LUKACOVIC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/19/2010 1:54:11 AM | Computer Name = LUKACOVIC | Source = Service Control Manager | ID = 7034
Description = The SupportSoft RemoteAssist service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/19/2010 1:56:52 AM | Computer Name = LUKACOVIC | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 8/19/2010 9:52:43 AM | Computer Name = LUKACOVIC | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on
the same network as the interface with IP address 192.168.0.4. The allocator has
disabled itself on the interface in order to avoid confusing DHCP clients.

Error - 8/19/2010 9:52:43 AM | Computer Name = LUKACOVIC | Source = ipnathlp | ID = 30009
Description = The DHCP allocator encountered a network error while attempting to
reply on IP address 240.49.70.102 to a request from a client. The data is the error
code.


< End of report >


Thanks Again

Jim
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP