Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe, audio ads, trojan webkit!html


  • This topic is locked This topic is locked
20 replies to this topic

#1 BeatlesFanatic9

BeatlesFanatic9

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 11 August 2012 - 09:17 PM

Dear Experts,

I have been having multiple problems with my computer. About a month ago it started after I clicked on something on my facebook, (later learning it was probably a virus) and I was told I need to update my adobe flash player which might have been a fake. I have been constantly experiencing every 15 minutes phantom audio ads from out of nowhere even when I have no programs opened. The only way to stop it is going through my task manager and deleting one of the multiple iexplore.exe that are open. Also my Norton Internet Security keeps blocking this thing called Web Attack: Exploit Kit Redirect attacker: Traffixeng.com

It also keeps blocking this thing called Web Attack: Mass Iframe Injection Website 10 attacker: served-by.arcadeoldies.com/www/delivery/afr.php
Applicaton path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

Also Norton keeps alerting me every 5 mins about blocking this thing called Trojan Webkit!html.

Sometimes when I restart the computer it runs scan disk for errors without me telling it to.

Here is my logs. Thank you.

(I have posted this before but for some reason, I was not aware of the notifications until I checked my e-mail today. In the top right hand corner, by my profile, it said I had 0 replies.)


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Jack King at 16:43:49 on 2012-08-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1116 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Documents and Settings\Jack King\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Jack King\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
uRun: [Sonic RecordNow! Deluxe]
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\jack king\local settings\application data\akamai\netsession_win.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HPWPTOOLBOX] c:\program files\hewlett-packard\hp business inkjet 2800 series\toolbox\HPWPTBX.exe "-i"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\jackki~1\startm~1\programs\startup\dialog~1.lnk - c:\program files\vcom\powerdesk\pddlghlp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342651866000
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E2DF9E63-EE16-41BA-BD5F-A13638FE942E} : DhcpNameServer = 192.168.1.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [1979-12-31 251194]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-10 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-10 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-10 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120801.001\IDSXpx86.sys [2012-8-1 369632]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-7-31 106656]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120801.037\NAVENG.SYS [2012-8-2 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120801.037\NAVEX15.SYS [2012-8-2 1589752]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-4-4 19056]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-1 250056]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-3-20 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2012-08-02 06:33:24 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{77762868-2edd-4363-8a3b-72753c8a9a78}\offreg.dll
2012-07-31 10:50:30 6891424 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{77762868-2edd-4363-8a3b-72753c8a9a78}\mpengine.dll
2012-07-28 21:55:48 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-28 21:55:48 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-26 05:34:19 -------- d-----w- c:\program files\ESET
2012-07-24 05:05:44 -------- d-----w- c:\documents and settings\jack king\application data\SpeedyPC Software
2012-07-24 05:05:44 -------- d-----w- c:\documents and settings\jack king\application data\DriverCure
2012-07-24 05:05:24 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-07-23 06:45:33 -------- d-----w- c:\program files\Oracle
2012-07-23 06:45:21 772544 ------w- c:\windows\system32\npDeployJava1.dll
2012-07-23 06:45:21 687600 ------w- c:\windows\system32\deployJava1.dll
2012-07-23 06:45:21 143872 ------w- c:\windows\system32\javacpl.cpl
2012-07-23 06:42:27 -------- d-----w- c:\documents and settings\jack king\local settings\application data\Adobe
2012-07-23 06:38:47 -------- d-----w- c:\windows\system32\Adobe
2012-07-23 06:38:11 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-23 06:38:11 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-07-22 21:15:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-21 07:01:37 -------- d-----w- c:\windows\SxsCaPendDel
2012-07-21 05:13:30 275696 ------w- c:\windows\system32\mucltui.dll
2012-07-21 05:13:30 214256 ------w- c:\windows\system32\muweb.dll
2012-07-21 05:13:30 17136 ------w- c:\windows\system32\mucltui.dll.mui
2012-07-21 01:55:25 -------- d-----w- c:\documents and settings\jack king\local settings\application data\ESET
2012-07-21 01:55:25 -------- d-----w- c:\documents and settings\jack king\application data\ESET
2012-07-20 19:31:11 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-07-20 19:31:08 -------- d-----w- c:\program files\Security Task Manager
2012-07-20 19:03:29 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-07-20 06:38:16 -------- d-----w- c:\program files\AVAST Software
2012-07-20 06:38:16 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-07-20 03:05:23 6891424 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-07-20 03:05:08 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-20 01:23:26 -------- d-----w- c:\program files\PC Tools
2012-07-20 01:19:12 203088 ------w- c:\windows\system32\drivers\PCTSD.sys
2012-07-20 01:19:12 -------- d-----w- c:\program files\common files\PC Tools
2012-07-20 00:11:23 -------- d-----w- c:\documents and settings\jack king\local settings\application data\NPE
2012-07-20 00:08:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-20 00:08:48 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-19 05:58:15 -------- d-----w- c:\documents and settings\jack king\application data\Curiolab
2012-07-19 05:56:07 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-07-19 05:56:06 -------- d-----w- c:\documents and settings\jack king\application data\TestApp
2012-07-19 02:52:26 -------- d-----w- c:\program files\Trojan Remover
2012-07-19 01:55:18 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-07-19 01:55:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-18 05:17:36 605968 ------w- c:\windows\system32\ztv7z.dll
2012-07-18 05:17:35 77312 ------w- c:\windows\system32\ztvunace26.dll
2012-07-18 05:17:35 77072 ------w- c:\windows\system32\ztvcabinet.dll
2012-07-18 05:17:35 75264 ------w- c:\windows\system32\unacev2.dll
2012-07-18 05:17:35 185616 ------w- c:\windows\system32\ztvunrar39.dll
2012-07-18 05:17:35 169744 ------w- c:\windows\system32\ztvunrar36.dll
2012-07-18 05:17:35 153088 ------w- c:\windows\system32\UNRAR3.dll
2012-07-18 05:17:31 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2012-07-06 16:09:36 -------- d-----w- c:\documents and settings\jack king\local settings\application data\Sun
2012-07-05 19:25:24 -------- d-----w- c:\documents and settings\jack king\application data\Malwarebytes
2012-07-05 19:25:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ------w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ------w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ------w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ------w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 07:59:29 94208 ------w- c:\windows\DUMP2f7c.tmp
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 16:44:40.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 12 August 2012 - 03:11 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your Malware problems.

"by my profile, it said I had 0 replies.)" - the zero means that you have no Private messages and has nothing to do with replies to your topic



I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 12 August 2012 - 06:20 PM

Hi, Gringo. I ran this in regular mode. Since I will have to disable Norton to run Combofix, should I run it in safe mode?

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Windows Defender
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 12 August 2012 - 07:21 PM

keeo it in normal mode



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 12 August 2012 - 10:57 PM

ComboFix 12-08-10.02 - Jack King 08/12/2012 23:24:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1442 [GMT -4:00]
Running from: c:\documents and settings\Jack King\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jack King\WINDOWS
C:\drvrtmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-12 08:24 . 2012-08-12 08:24 -------- d-----w- c:\documents and settings\Jack King\Application Data\FreeHideIP
2012-08-12 08:24 . 2012-08-12 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeHideIP
2012-08-10 06:12 . 2012-07-16 06:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A57A25ED-F248-4BD4-8F2A-B8EC30BE354C}\mpengine.dll
2012-07-28 21:55 . 2012-07-28 21:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-28 17:17 . 2012-07-28 21:54 -------- d-s---w- c:\documents and settings\TEMP
2012-07-26 05:34 . 2012-07-26 05:34 -------- d-----w- c:\program files\ESET
2012-07-24 05:05 . 2012-07-24 05:05 -------- d-----w- c:\documents and settings\Jack King\Application Data\SpeedyPC Software
2012-07-24 05:05 . 2012-07-24 05:05 -------- d-----w- c:\documents and settings\Jack King\Application Data\DriverCure
2012-07-24 05:05 . 2012-07-24 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-07-23 06:46 . 2012-07-23 06:46 -------- d-----w- c:\program files\Common Files\Java
2012-07-23 06:45 . 2012-07-23 06:45 -------- d-----w- c:\program files\Oracle
2012-07-23 06:45 . 2012-07-23 06:44 687600 ------w- c:\windows\system32\deployJava1.dll
2012-07-23 06:45 . 2012-07-06 02:07 143872 ------w- c:\windows\system32\javacpl.cpl
2012-07-23 06:45 . 2012-07-06 02:06 772544 ------w- c:\windows\system32\npDeployJava1.dll
2012-07-23 06:44 . 2012-07-23 06:44 -------- d-----w- c:\program files\Java
2012-07-23 06:42 . 2012-07-23 06:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-07-23 06:42 . 2012-07-23 06:54 -------- d-----w- c:\documents and settings\Jack King\Local Settings\Application Data\Adobe
2012-07-23 06:38 . 2012-07-23 06:39 -------- d-----w- c:\windows\system32\Adobe
2012-07-23 06:38 . 2012-08-03 03:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-23 06:38 . 2012-08-03 03:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-23 06:34 . 2012-07-23 06:34 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-23 06:28 . 2012-07-23 06:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-22 21:15 . 2012-07-22 21:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-21 07:01 . 2012-07-21 07:23 -------- d-----w- c:\windows\SxsCaPendDel
2012-07-21 05:13 . 2012-06-02 19:18 275696 ------w- c:\windows\system32\mucltui.dll
2012-07-21 05:13 . 2012-06-02 19:18 214256 ------w- c:\windows\system32\muweb.dll
2012-07-21 01:55 . 2012-07-21 01:55 -------- d-----w- c:\documents and settings\Jack King\Local Settings\Application Data\ESET
2012-07-21 01:55 . 2012-07-21 01:55 -------- d-----w- c:\documents and settings\Jack King\Application Data\ESET
2012-07-21 01:55 . 2012-07-21 01:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-07-20 19:31 . 2012-07-23 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-07-20 19:31 . 2012-07-20 19:31 -------- d-----w- c:\program files\Security Task Manager
2012-07-20 19:03 . 2012-07-20 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-07-20 06:38 . 2012-07-20 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-20 06:38 . 2012-07-20 06:38 -------- d-----w- c:\program files\AVAST Software
2012-07-20 03:05 . 2012-07-16 06:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-20 03:05 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-20 03:04 . 2012-07-20 03:04 -------- d-----w- c:\program files\Windows Defender
2012-07-20 02:58 . 2012-07-28 21:55 -------- d-----w- c:\documents and settings\Administrator
2012-07-20 01:23 . 2012-07-20 02:49 -------- d-----w- c:\program files\PC Tools
2012-07-20 01:19 . 2012-07-20 02:49 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-20 01:19 . 2012-05-11 15:14 203088 ------w- c:\windows\system32\drivers\PCTSD.sys
2012-07-20 00:11 . 2012-07-20 01:13 -------- d-----w- c:\documents and settings\Jack King\Local Settings\Application Data\NPE
2012-07-20 00:08 . 2012-07-20 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-20 00:08 . 2012-07-20 04:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-19 05:58 . 2012-07-19 05:58 -------- d-----w- c:\documents and settings\Jack King\Application Data\Curiolab
2012-07-19 05:56 . 2012-07-20 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-07-19 05:56 . 2012-07-19 05:56 -------- d-----w- c:\documents and settings\Jack King\Application Data\TestApp
2012-07-19 02:52 . 2012-07-20 20:22 -------- d-----w- c:\program files\Trojan Remover
2012-07-19 01:55 . 2012-07-19 01:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 01:55 . 2012-07-03 17:46 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-07-18 05:17 . 2012-06-15 20:33 605968 ------w- c:\windows\system32\ztv7z.dll
2012-07-18 05:17 . 2012-06-15 20:39 169744 ------w- c:\windows\system32\ztvunrar36.dll
2012-07-18 05:17 . 2012-06-15 20:35 185616 ------w- c:\windows\system32\ztvunrar39.dll
2012-07-18 05:17 . 2012-06-15 20:33 77072 ------w- c:\windows\system32\ztvcabinet.dll
2012-07-18 05:17 . 2005-08-26 05:50 77312 ------w- c:\windows\system32\ztvunace26.dll
2012-07-18 05:17 . 2003-02-03 00:06 153088 ------w- c:\windows\system32\UNRAR3.dll
2012-07-18 05:17 . 2002-03-06 05:00 75264 ------w- c:\windows\system32\unacev2.dll
2012-07-18 05:17 . 2012-07-18 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2003-07-16 16:45 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-04-04 23:01 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2003-07-16 16:31 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2009-08-06 23:23 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 04:32 . 2003-07-16 16:37 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2011-04-04 22:29 22040 ------w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-04-04 22:29 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-04-04 22:29 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2011-04-04 22:29 15384 ------w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-04-04 22:29 45080 ------w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2011-04-04 22:29 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2011-04-04 22:29 15384 ------w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2011-04-04 22:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2003-07-16 16:19 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2011-04-04 22:29 17944 ------w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-04-04 22:29 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-04-04 22:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 07:59 . 2011-04-04 17:54 94208 ------w- c:\windows\DUMP2f7c.tmp
2012-05-31 13:22 . 2003-03-20 20:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2003-07-16 16:45 916992 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-12 1465280]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"Akamai NetSession Interface"="c:\documents and settings\Jack King\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-06-08 3784704]
"HPWPTOOLBOX"="c:\program files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" [2004-11-26 327680]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\Jack King\Start Menu\Programs\Startup\
Dialog Helper.lnk - c:\program files\VCOM\PowerDesk\pddlghlp.exe [2004-8-2 40960]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Documents and Settings\\Jack King\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [12/31/1979 8:00 PM 251194]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008030.006\SymEFA.sys [10/10/2011 8:49 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008030.006\BHDrvx86.sys [10/10/2011 8:49 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008030.006\cchpx86.sys [10/10/2011 8:48 PM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120810.001\IDSXpx86.sys [8/10/2012 9:51 PM 369632]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [10/10/2011 8:49 PM 117648]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 11:18 AM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 6:20 AM 106656]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/6/2011 1:24 AM 47360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/1/2012 6:58 AM 250056]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/20/2012 10:48 PM 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 03:42]
.
2012-08-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Sonic RecordNow! Deluxe - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Akamai - c:\program files\common files\akamai\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-12 23:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3896)
c:\windows\system32\WININET.dll
c:\program files\VCOM\PowerDesk\pddlghlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-08-12 23:39:56
ComboFix-quarantined-files.txt 2012-08-13 03:39
.
Pre-Run: 45,094,555,648 bytes free
Post-Run: 64,393,932,800 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E48542FEED3061359851F551FCE95EB3

Ok I ran the Combofix in normal mode and here is the Log. Now images and icons in IE are replaced with red X's everywhere. I also noticed during the scan it said it deleted c:\documents and settings\Jack King\WINDOWS? Should I be worried? Im not going to restart my computer until I hear from you. Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 12 August 2012 - 11:45 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 13 August 2012 - 12:42 AM

Here is my TDSSKiller log.

01:31:47.0078 3952 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
01:31:49.0078 3952 ============================================================
01:31:49.0078 3952 Current date / time: 2012/08/13 01:31:49.0078
01:31:49.0078 3952 SystemInfo:
01:31:49.0078 3952
01:31:49.0078 3952 OS Version: 5.1.2600 ServicePack: 3.0
01:31:49.0078 3952 Product type: Workstation
01:31:49.0078 3952 ComputerName: JACKWS
01:31:49.0078 3952 UserName: Jack King
01:31:49.0078 3952 Windows directory: C:\WINDOWS
01:31:49.0078 3952 System windows directory: C:\WINDOWS
01:31:49.0078 3952 Processor architecture: Intel x86
01:31:49.0078 3952 Number of processors: 2
01:31:49.0078 3952 Page size: 0x1000
01:31:49.0078 3952 Boot type: Normal boot
01:31:49.0078 3952 ============================================================
01:31:51.0015 3952 Drive \Device\Harddisk0\DR0 - Size: 0x222EE65000 (136.73 Gb), SectorSize: 0x200, Cylinders: 0x45B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
01:31:51.0015 3952 ============================================================
01:31:51.0015 3952 \Device\Harddisk0\DR0:
01:31:51.0015 3952 MBR partitions:
01:31:51.0015 3952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11171F79
01:31:51.0015 3952 ============================================================
01:31:51.0031 3952 C: <-> \Device\Harddisk0\DR0\Partition0
01:31:51.0031 3952 ============================================================
01:31:51.0031 3952 Initialize success
01:31:51.0031 3952 ============================================================
01:34:30.0687 0288 ============================================================
01:34:30.0687 0288 Scan started
01:34:30.0687 0288 Mode: Manual;
01:34:30.0687 0288 ============================================================
01:34:30.0890 0288 a320raid (03452f97489b3528c57b4344fde6dfc9) C:\WINDOWS\system32\drivers\a320raid.sys
01:34:30.0890 0288 a320raid - ok
01:34:30.0906 0288 Abiosdsk - ok
01:34:30.0906 0288 abp480n5 - ok
01:34:30.0921 0288 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:34:30.0921 0288 ACPI - ok
01:34:30.0937 0288 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:34:30.0937 0288 ACPIEC - ok
01:34:30.0984 0288 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:34:30.0984 0288 AdobeFlashPlayerUpdateSvc - ok
01:34:31.0000 0288 adpu160m - ok
01:34:31.0015 0288 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
01:34:31.0015 0288 aeaudio - ok
01:34:31.0031 0288 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:34:31.0031 0288 aec - ok
01:34:31.0046 0288 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:34:31.0046 0288 AFD - ok
01:34:31.0062 0288 Aha154x - ok
01:34:31.0062 0288 aic78u2 - ok
01:34:31.0078 0288 aic78xx - ok
01:34:31.0078 0288 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:34:31.0093 0288 Alerter - ok
01:34:31.0093 0288 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:34:31.0093 0288 ALG - ok
01:34:31.0109 0288 AliIde - ok
01:34:31.0109 0288 amsint - ok
01:34:31.0125 0288 AnyDVD (593e7ffedb1037bb559dd25b66a3a1b5) C:\WINDOWS\system32\Drivers\AnyDVD.sys
01:34:31.0140 0288 AnyDVD - ok
01:34:31.0156 0288 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
01:34:31.0156 0288 AppMgmt - ok
01:34:31.0187 0288 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:34:31.0187 0288 Arp1394 - ok
01:34:31.0187 0288 asc - ok
01:34:31.0187 0288 asc3350p - ok
01:34:31.0203 0288 asc3550 - ok
01:34:31.0234 0288 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:34:31.0250 0288 aspnet_state - ok
01:34:31.0250 0288 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:34:31.0265 0288 AsyncMac - ok
01:34:31.0265 0288 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:34:31.0265 0288 atapi - ok
01:34:31.0281 0288 Atdisk - ok
01:34:31.0296 0288 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:34:31.0296 0288 Atmarpc - ok
01:34:31.0312 0288 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:34:31.0312 0288 AudioSrv - ok
01:34:31.0328 0288 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:34:31.0328 0288 audstub - ok
01:34:31.0343 0288 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:34:31.0343 0288 Beep - ok
01:34:31.0390 0288 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
01:34:31.0390 0288 BHDrvx86 - ok
01:34:31.0421 0288 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:34:31.0437 0288 BITS - ok
01:34:31.0453 0288 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:34:31.0453 0288 Browser - ok
01:34:31.0484 0288 catchme - ok
01:34:31.0500 0288 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:34:31.0500 0288 cbidf2k - ok
01:34:31.0531 0288 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\WINDOWS\System32\Drivers\NIS\1008030.006\ccHPx86.sys
01:34:31.0546 0288 ccHP - ok
01:34:31.0546 0288 cd20xrnt - ok
01:34:31.0562 0288 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:34:31.0562 0288 Cdaudio - ok
01:34:31.0578 0288 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:34:31.0593 0288 Cdfs - ok
01:34:31.0609 0288 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:34:31.0609 0288 Cdrom - ok
01:34:31.0609 0288 Changer - ok
01:34:31.0625 0288 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:34:31.0640 0288 CiSvc - ok
01:34:31.0656 0288 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:34:31.0656 0288 ClipSrv - ok
01:34:31.0703 0288 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:34:31.0718 0288 clr_optimization_v2.0.50727_32 - ok
01:34:31.0734 0288 CmdIde - ok
01:34:31.0734 0288 COMSysApp - ok
01:34:31.0750 0288 Cpqarray - ok
01:34:31.0765 0288 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:34:31.0765 0288 CryptSvc - ok
01:34:31.0765 0288 dac2w2k - ok
01:34:31.0781 0288 dac960nt - ok
01:34:31.0796 0288 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:34:31.0812 0288 DcomLaunch - ok
01:34:31.0828 0288 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:34:31.0843 0288 Dhcp - ok
01:34:31.0859 0288 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:34:31.0859 0288 Disk - ok
01:34:31.0859 0288 dmadmin - ok
01:34:31.0906 0288 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:34:31.0921 0288 dmboot - ok
01:34:31.0937 0288 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:34:31.0937 0288 dmio - ok
01:34:31.0937 0288 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:34:31.0937 0288 dmload - ok
01:34:31.0953 0288 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:34:31.0953 0288 dmserver - ok
01:34:31.0968 0288 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:34:31.0968 0288 DMusic - ok
01:34:31.0984 0288 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
01:34:31.0984 0288 Dnscache - ok
01:34:32.0000 0288 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:34:32.0015 0288 Dot3svc - ok
01:34:32.0015 0288 dpti2o - ok
01:34:32.0031 0288 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:34:32.0031 0288 drmkaud - ok
01:34:32.0046 0288 E1000 (bb98a47faf8b6a99202290c1e7d49d36) C:\WINDOWS\system32\DRIVERS\e1000325.sys
01:34:32.0046 0288 E1000 - ok
01:34:32.0062 0288 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:34:32.0062 0288 EapHost - ok
01:34:32.0125 0288 eeCtrl (85b8b4032a895a746d46a288a9b30ded) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
01:34:32.0125 0288 eeCtrl - ok
01:34:32.0156 0288 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
01:34:32.0156 0288 ElbyCDIO - ok
01:34:32.0156 0288 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
01:34:32.0171 0288 ElbyDelay - ok
01:34:32.0171 0288 EraserUtilRebootDrv (b5a8a04a6e5b4e86b95b1553aa918f5f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
01:34:32.0187 0288 EraserUtilRebootDrv - ok
01:34:32.0187 0288 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:34:32.0187 0288 ERSvc - ok
01:34:32.0203 0288 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:34:32.0218 0288 Eventlog - ok
01:34:32.0234 0288 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
01:34:32.0234 0288 EventSystem - ok
01:34:32.0250 0288 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:34:32.0250 0288 Fastfat - ok
01:34:32.0265 0288 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:34:32.0281 0288 FastUserSwitchingCompatibility - ok
01:34:32.0281 0288 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:34:32.0296 0288 Fdc - ok
01:34:32.0312 0288 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:34:32.0312 0288 Fips - ok
01:34:32.0312 0288 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:34:32.0312 0288 Flpydisk - ok
01:34:32.0328 0288 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:34:32.0343 0288 FltMgr - ok
01:34:32.0375 0288 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:34:32.0375 0288 FontCache3.0.0.0 - ok
01:34:32.0390 0288 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:34:32.0390 0288 Fs_Rec - ok
01:34:32.0406 0288 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:34:32.0406 0288 Ftdisk - ok
01:34:32.0421 0288 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:34:32.0421 0288 Gpc - ok
01:34:32.0453 0288 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:34:32.0453 0288 helpsvc - ok
01:34:32.0453 0288 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
01:34:32.0468 0288 HidServ - ok
01:34:32.0468 0288 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:34:32.0468 0288 hidusb - ok
01:34:32.0484 0288 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:34:32.0484 0288 hkmsvc - ok
01:34:32.0500 0288 hpn - ok
01:34:32.0515 0288 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:34:32.0531 0288 HTTP - ok
01:34:32.0531 0288 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:34:32.0546 0288 HTTPFilter - ok
01:34:32.0546 0288 i2omgmt - ok
01:34:32.0546 0288 i2omp - ok
01:34:32.0562 0288 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
01:34:32.0562 0288 i8042prt - ok
01:34:32.0609 0288 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:34:32.0625 0288 idsvc - ok
01:34:32.0703 0288 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120810.001\IDSxpx86.sys
01:34:32.0734 0288 IDSxpx86 - ok
01:34:32.0781 0288 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:34:32.0781 0288 Imapi - ok
01:34:32.0796 0288 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:34:32.0796 0288 ImapiService - ok
01:34:32.0812 0288 ini910u - ok
01:34:32.0812 0288 IntelIde - ok
01:34:32.0843 0288 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:34:32.0843 0288 intelppm - ok
01:34:32.0859 0288 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:34:32.0859 0288 ip6fw - ok
01:34:32.0875 0288 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:34:32.0875 0288 IpFilterDriver - ok
01:34:32.0875 0288 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:34:32.0875 0288 IpInIp - ok
01:34:32.0906 0288 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:34:32.0906 0288 IpNat - ok
01:34:32.0921 0288 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:34:32.0921 0288 IPSec - ok
01:34:32.0921 0288 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:34:32.0937 0288 IRENUM - ok
01:34:32.0937 0288 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:34:32.0953 0288 isapnp - ok
01:34:33.0015 0288 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
01:34:33.0015 0288 JavaQuickStarterService - ok
01:34:33.0031 0288 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:34:33.0046 0288 Kbdclass - ok
01:34:33.0046 0288 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:34:33.0046 0288 kbdhid - ok
01:34:33.0062 0288 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:34:33.0062 0288 kmixer - ok
01:34:33.0078 0288 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:34:33.0078 0288 KSecDD - ok
01:34:33.0093 0288 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
01:34:33.0109 0288 lanmanserver - ok
01:34:33.0125 0288 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
01:34:33.0125 0288 lanmanworkstation - ok
01:34:33.0140 0288 lbrtfdc - ok
01:34:33.0203 0288 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:34:33.0218 0288 LmHosts - ok
01:34:33.0296 0288 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
01:34:33.0296 0288 MDM - ok
01:34:33.0312 0288 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:34:33.0312 0288 Messenger - ok
01:34:33.0328 0288 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:34:33.0328 0288 mnmdd - ok
01:34:33.0343 0288 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
01:34:33.0343 0288 mnmsrvc - ok
01:34:33.0359 0288 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:34:33.0359 0288 Modem - ok
01:34:33.0375 0288 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:34:33.0375 0288 Mouclass - ok
01:34:33.0390 0288 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:34:33.0390 0288 mouhid - ok
01:34:33.0406 0288 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:34:33.0406 0288 MountMgr - ok
01:34:33.0421 0288 mraid35x - ok
01:34:33.0437 0288 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:34:33.0437 0288 MRxDAV - ok
01:34:33.0468 0288 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:34:33.0468 0288 MRxSmb - ok
01:34:33.0484 0288 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
01:34:33.0484 0288 MSDTC - ok
01:34:33.0500 0288 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:34:33.0500 0288 Msfs - ok
01:34:33.0500 0288 MSIServer - ok
01:34:33.0515 0288 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:34:33.0515 0288 MSKSSRV - ok
01:34:33.0531 0288 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:34:33.0531 0288 MSPCLOCK - ok
01:34:33.0546 0288 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:34:33.0546 0288 MSPQM - ok
01:34:33.0546 0288 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:34:33.0546 0288 mssmbios - ok
01:34:33.0562 0288 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:34:33.0562 0288 Mup - ok
01:34:33.0593 0288 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:34:33.0593 0288 napagent - ok
01:34:33.0656 0288 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120812.007\NAVENG.SYS
01:34:33.0656 0288 NAVENG - ok
01:34:33.0828 0288 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120812.007\NAVEX15.SYS
01:34:33.0890 0288 NAVEX15 - ok
01:34:33.0984 0288 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:34:33.0984 0288 NDIS - ok
01:34:34.0000 0288 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:34:34.0000 0288 NdisTapi - ok
01:34:34.0015 0288 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:34:34.0015 0288 Ndisuio - ok
01:34:34.0031 0288 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:34:34.0031 0288 NdisWan - ok
01:34:34.0046 0288 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:34:34.0046 0288 NDProxy - ok
01:34:34.0062 0288 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:34:34.0062 0288 NetBIOS - ok
01:34:34.0078 0288 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:34:34.0093 0288 NetBT - ok
01:34:34.0109 0288 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:34:34.0109 0288 NetDDE - ok
01:34:34.0109 0288 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:34:34.0125 0288 NetDDEdsdm - ok
01:34:34.0125 0288 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:34:34.0125 0288 Netlogon - ok
01:34:34.0156 0288 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:34:34.0156 0288 Netman - ok
01:34:34.0203 0288 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:34:34.0203 0288 NetTcpPortSharing - ok
01:34:34.0218 0288 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:34:34.0218 0288 NIC1394 - ok
01:34:34.0234 0288 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
01:34:34.0250 0288 Nla - ok
01:34:34.0296 0288 Norton Internet Security (64c89db40949fd0e7c8ff303676a91f1) C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
01:34:34.0296 0288 Norton Internet Security - ok
01:34:34.0312 0288 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:34:34.0312 0288 Npfs - ok
01:34:34.0343 0288 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:34:34.0359 0288 Ntfs - ok
01:34:34.0375 0288 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
01:34:34.0375 0288 NtLmSsp - ok
01:34:34.0406 0288 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:34:34.0421 0288 NtmsSvc - ok
01:34:34.0421 0288 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
01:34:34.0437 0288 NuidFltr - ok
01:34:34.0453 0288 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:34:34.0453 0288 Null - ok
01:34:34.0531 0288 nv (074922194144c3b48c65c3392da42209) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:34:34.0562 0288 nv - ok
01:34:34.0640 0288 NVSvc (25c8a8149bb541f35ea2f5733221fd6a) C:\WINDOWS\System32\nvsvc32.exe
01:34:34.0640 0288 NVSvc - ok
01:34:34.0671 0288 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:34:34.0671 0288 NwlnkFlt - ok
01:34:34.0687 0288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:34:34.0687 0288 NwlnkFwd - ok
01:34:34.0718 0288 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:34:34.0718 0288 ohci1394 - ok
01:34:34.0750 0288 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
01:34:34.0750 0288 OMCI - ok
01:34:34.0796 0288 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:34:34.0796 0288 ose - ok
01:34:34.0812 0288 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:34:34.0812 0288 Parport - ok
01:34:34.0812 0288 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:34:34.0828 0288 PartMgr - ok
01:34:34.0843 0288 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:34:34.0843 0288 ParVdm - ok
01:34:34.0843 0288 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:34:34.0843 0288 PCI - ok
01:34:34.0843 0288 PCIDump - ok
01:34:34.0859 0288 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:34:34.0859 0288 PCIIde - ok
01:34:34.0875 0288 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:34:34.0890 0288 Pcmcia - ok
01:34:34.0890 0288 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
01:34:34.0890 0288 pcouffin - ok
01:34:34.0906 0288 PDCOMP - ok
01:34:34.0906 0288 PDFRAME - ok
01:34:34.0921 0288 PDRELI - ok
01:34:34.0921 0288 PDRFRAME - ok
01:34:34.0921 0288 perc2 - ok
01:34:34.0937 0288 perc2hib - ok
01:34:34.0984 0288 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:34:34.0984 0288 PlugPlay - ok
01:34:35.0015 0288 Pml Driver HPZ12 (f9d3bb81bdf8b279e1f37282cd52a9b5) C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
01:34:35.0015 0288 Pml Driver HPZ12 - ok
01:34:35.0031 0288 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:34:35.0031 0288 PolicyAgent - ok
01:34:35.0046 0288 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:34:35.0046 0288 PptpMiniport - ok
01:34:35.0062 0288 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
01:34:35.0062 0288 Processor - ok
01:34:35.0062 0288 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:34:35.0062 0288 ProtectedStorage - ok
01:34:35.0078 0288 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:34:35.0078 0288 PSched - ok
01:34:35.0078 0288 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:34:35.0078 0288 Ptilink - ok
01:34:35.0093 0288 PxHelp20 (b5dfb86a6caeae9b2bf3dedb43be6393) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:34:35.0093 0288 PxHelp20 - ok
01:34:35.0093 0288 ql1080 - ok
01:34:35.0109 0288 Ql10wnt - ok
01:34:35.0109 0288 ql12160 - ok
01:34:35.0125 0288 ql1240 - ok
01:34:35.0125 0288 ql1280 - ok
01:34:35.0140 0288 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:34:35.0140 0288 RasAcd - ok
01:34:35.0156 0288 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:34:35.0156 0288 RasAuto - ok
01:34:35.0171 0288 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:34:35.0171 0288 Rasl2tp - ok
01:34:35.0187 0288 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:34:35.0203 0288 RasMan - ok
01:34:35.0203 0288 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:34:35.0203 0288 RasPppoe - ok
01:34:35.0203 0288 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:34:35.0203 0288 Raspti - ok
01:34:35.0234 0288 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:34:35.0234 0288 Rdbss - ok
01:34:35.0234 0288 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:34:35.0234 0288 RDPCDD - ok
01:34:35.0265 0288 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:34:35.0265 0288 rdpdr - ok
01:34:35.0296 0288 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
01:34:35.0296 0288 RDPWD - ok
01:34:35.0312 0288 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:34:35.0312 0288 RDSessMgr - ok
01:34:35.0328 0288 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:34:35.0328 0288 redbook - ok
01:34:35.0343 0288 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:34:35.0343 0288 RemoteAccess - ok
01:34:35.0359 0288 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
01:34:35.0359 0288 RemoteRegistry - ok
01:34:35.0375 0288 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
01:34:35.0390 0288 RpcLocator - ok
01:34:35.0406 0288 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
01:34:35.0421 0288 RpcSs - ok
01:34:35.0437 0288 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
01:34:35.0453 0288 RSVP - ok
01:34:35.0453 0288 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:34:35.0453 0288 SamSs - ok
01:34:35.0468 0288 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:34:35.0468 0288 SCardSvr - ok
01:34:35.0500 0288 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:34:35.0500 0288 Schedule - ok
01:34:35.0515 0288 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:34:35.0515 0288 Secdrv - ok
01:34:35.0515 0288 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:34:35.0531 0288 seclogon - ok
01:34:35.0531 0288 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
01:34:35.0531 0288 SENS - ok
01:34:35.0546 0288 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:34:35.0546 0288 serenum - ok
01:34:35.0562 0288 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:34:35.0562 0288 Serial - ok
01:34:35.0578 0288 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:34:35.0578 0288 Sfloppy - ok
01:34:35.0609 0288 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
01:34:35.0609 0288 SharedAccess - ok
01:34:35.0625 0288 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:34:35.0625 0288 ShellHWDetection - ok
01:34:35.0640 0288 Simbad - ok
01:34:35.0671 0288 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
01:34:35.0687 0288 smwdm - ok
01:34:35.0687 0288 Sparrow - ok
01:34:35.0750 0288 spkrmon (4a205d78d17e6234986ddcd0da2761e9) C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
01:34:35.0750 0288 spkrmon - ok
01:34:35.0765 0288 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:34:35.0765 0288 splitter - ok
01:34:35.0781 0288 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
01:34:35.0781 0288 Spooler - ok
01:34:35.0796 0288 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:34:35.0796 0288 sr - ok
01:34:35.0828 0288 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
01:34:35.0828 0288 srservice - ok
01:34:35.0875 0288 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\NIS\1008030.006\SRTSP.SYS
01:34:35.0875 0288 SRTSP - ok
01:34:35.0875 0288 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\NIS\1008030.006\SRTSPX.SYS
01:34:35.0875 0288 SRTSPX - ok
01:34:35.0921 0288 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:34:35.0921 0288 Srv - ok
01:34:35.0937 0288 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
01:34:35.0953 0288 SSDPSRV - ok
01:34:36.0000 0288 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
01:34:36.0015 0288 stisvc - ok
01:34:36.0031 0288 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:34:36.0031 0288 swenum - ok
01:34:36.0046 0288 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:34:36.0046 0288 swmidi - ok
01:34:36.0046 0288 SwPrv - ok
01:34:36.0062 0288 symc810 - ok
01:34:36.0062 0288 symc8xx - ok
01:34:36.0078 0288 SYMDNS - ok
01:34:36.0093 0288 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\NIS\1008030.006\SYMEFA.SYS
01:34:36.0109 0288 SymEFA - ok
01:34:36.0125 0288 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
01:34:36.0125 0288 SymEvent - ok
01:34:36.0140 0288 SYMFW (a8c45c36309ee066f9191e511f88ed76) C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMFW.SYS
01:34:36.0140 0288 SYMFW - ok
01:34:36.0156 0288 SYMIDS (f4db00bc0c25be3e05d4bbb8637cc3a3) C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMIDS.SYS
01:34:36.0156 0288 SYMIDS - ok
01:34:36.0156 0288 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
01:34:36.0171 0288 SymIM - ok
01:34:36.0171 0288 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
01:34:36.0171 0288 SymIMMP - ok
01:34:36.0187 0288 SYMNDIS (06a8ecfc68d61a26a67f0e96ff1ca9cc) C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMNDIS.SYS
01:34:36.0187 0288 SYMNDIS - ok
01:34:36.0187 0288 SYMREDRV - ok
01:34:36.0203 0288 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
01:34:36.0203 0288 SYMTDI - ok
01:34:36.0203 0288 sym_hi - ok
01:34:36.0218 0288 sym_u3 - ok
01:34:36.0234 0288 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:34:36.0234 0288 sysaudio - ok
01:34:36.0250 0288 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
01:34:36.0250 0288 SysmonLog - ok
01:34:36.0281 0288 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
01:34:36.0281 0288 TapiSrv - ok
01:34:36.0312 0288 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:34:36.0328 0288 Tcpip - ok
01:34:36.0328 0288 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:34:36.0343 0288 TDPIPE - ok
01:34:36.0343 0288 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:34:36.0343 0288 TDTCP - ok
01:34:36.0359 0288 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:34:36.0359 0288 TermDD - ok
01:34:36.0390 0288 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
01:34:36.0390 0288 TermService - ok
01:34:36.0406 0288 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:34:36.0406 0288 Themes - ok
01:34:36.0421 0288 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
01:34:36.0437 0288 TlntSvr - ok
01:34:36.0437 0288 TosIde - ok
01:34:36.0515 0288 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
01:34:36.0531 0288 TrkWks - ok
01:34:36.0546 0288 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:34:36.0546 0288 Udfs - ok
01:34:36.0546 0288 ultra - ok
01:34:36.0578 0288 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:34:36.0593 0288 Update - ok
01:34:36.0609 0288 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
01:34:36.0609 0288 upnphost - ok
01:34:36.0609 0288 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
01:34:36.0609 0288 UPS - ok
01:34:36.0625 0288 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:34:36.0640 0288 usbccgp - ok
01:34:36.0656 0288 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:34:36.0656 0288 usbehci - ok
01:34:36.0656 0288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:34:36.0656 0288 usbhub - ok
01:34:36.0671 0288 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:34:36.0687 0288 USBSTOR - ok
01:34:36.0687 0288 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:34:36.0703 0288 usbuhci - ok
01:34:36.0718 0288 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:34:36.0718 0288 VgaSave - ok
01:34:36.0718 0288 ViaIde - ok
01:34:36.0734 0288 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:34:36.0734 0288 VolSnap - ok
01:34:36.0750 0288 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
01:34:36.0765 0288 VSS - ok
01:34:36.0781 0288 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
01:34:36.0781 0288 W32Time - ok
01:34:36.0796 0288 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:34:36.0796 0288 Wanarp - ok
01:34:36.0812 0288 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
01:34:36.0828 0288 WDC_SAM - ok
01:34:36.0859 0288 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
01:34:36.0859 0288 WDDMService - ok
01:34:36.0890 0288 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
01:34:36.0890 0288 Wdf01000 - ok
01:34:37.0000 0288 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
01:34:37.0031 0288 WDFME - ok
01:34:37.0093 0288 WDICA - ok
01:34:37.0109 0288 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:34:37.0109 0288 wdmaud - ok
01:34:37.0125 0288 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
01:34:37.0140 0288 WDSC - ok
01:34:37.0156 0288 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
01:34:37.0171 0288 WebClient - ok
01:34:37.0187 0288 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
01:34:37.0187 0288 WinDefend - ok
01:34:37.0218 0288 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:34:37.0234 0288 winmgmt - ok
01:34:37.0250 0288 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
01:34:37.0250 0288 WinUSB - ok
01:34:37.0265 0288 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
01:34:37.0265 0288 WmdmPmSN - ok
01:34:37.0296 0288 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
01:34:37.0312 0288 Wmi - ok
01:34:37.0328 0288 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
01:34:37.0343 0288 WmiApSrv - ok
01:34:37.0375 0288 WMZuneComm (017695393afffed8de58abd1b085be6d) c:\Program Files\Zune\WMZuneComm.exe
01:34:37.0390 0288 WMZuneComm - ok
01:34:37.0406 0288 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:34:37.0406 0288 WS2IFSL - ok
01:34:37.0421 0288 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
01:34:37.0421 0288 wscsvc - ok
01:34:37.0453 0288 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
01:34:37.0453 0288 wuauserv - ok
01:34:37.0468 0288 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:34:37.0468 0288 WudfPf - ok
01:34:37.0468 0288 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:34:37.0484 0288 WudfRd - ok
01:34:37.0500 0288 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
01:34:37.0500 0288 WudfSvc - ok
01:34:37.0531 0288 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
01:34:37.0546 0288 WZCSVC - ok
01:34:37.0562 0288 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
01:34:37.0562 0288 xmlprov - ok
01:34:37.0578 0288 zumbus (ae279cd76b38fc079eec3ca6d65a5926) C:\WINDOWS\system32\DRIVERS\zumbus.sys
01:34:37.0578 0288 zumbus - ok
01:34:37.0625 0288 ZuneBusEnum (37f339b64f19e2775284ed7161b96683) c:\Program Files\Zune\ZuneBusEnum.exe
01:34:37.0625 0288 ZuneBusEnum - ok
01:34:37.0875 0288 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) c:\Program Files\Zune\ZuneNss.exe
01:34:37.0953 0288 ZuneNetworkSvc - ok
01:34:38.0000 0288 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
01:34:38.0015 0288 ZuneWlanCfgSvc - ok
01:34:38.0031 0288 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:34:38.0343 0288 \Device\Harddisk0\DR0 - ok
01:34:38.0343 0288 Boot (0x1200) (60e1a313285547f0f1fa29a0e0a2d6c9) \Device\Harddisk0\DR0\Partition0
01:34:38.0343 0288 \Device\Harddisk0\DR0\Partition0 - ok
01:34:38.0343 0288 ============================================================
01:34:38.0343 0288 Scan finished
01:34:38.0343 0288 ============================================================
01:34:38.0359 3964 Detected object count: 0
01:34:38.0359 3964 Actual detected object count: 0

#8 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 13 August 2012 - 01:08 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 01:43:40
-----------------------------
01:43:40.625 OS Version: Windows 5.1.2600 Service Pack 3
01:43:40.625 Number of processors: 2 586 0x401
01:43:40.625 ComputerName: JACKWS UserName:
01:43:41.156 Initialize success
01:45:17.359 AVAST engine defs: 12081201
01:45:48.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\a320raid1Port2Path0Target0Lun0
01:45:48.625 Disk 0 Vendor: FUJITSU_ 5E03 Size: 140014MB BusType: 1
01:45:48.640 Disk 0 MBR read successfully
01:45:48.640 Disk 0 MBR scan
01:45:48.656 Disk 0 Windows XP default MBR code
01:45:48.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140003 MB offset 63
01:45:48.656 Disk 0 scanning sectors +286728120
01:45:48.703 Disk 0 scanning C:\WINDOWS\system32\drivers
01:45:57.171 Service scanning
01:46:07.968 Modules scanning
01:46:10.937 Disk 0 trace - called modules:
01:46:10.937 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll a320raid.sys
01:46:10.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d9aab8]
01:46:10.937 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Scsi\a320raid1Port2Path0Target0Lun0[0x89d4ba38]
01:46:11.359 AVAST engine scan C:\WINDOWS
01:46:19.984 AVAST engine scan C:\WINDOWS\system32
01:48:18.593 AVAST engine scan C:\WINDOWS\system32\drivers
01:48:32.781 AVAST engine scan C:\Documents and Settings\Jack King
01:54:38.031 AVAST engine scan C:\Documents and Settings\All Users
02:02:27.406 Scan finished successfully
02:05:06.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jack King\Desktop\MBR.dat"
02:05:06.421 The log file has been saved successfully to "C:\Documents and Settings\Jack King\Desktop\aswMBR.txt"


Here is my awsMBR log. So far I have not had any alerts from Norton, seems to be good so far. None of the programs I have run have asked me to restart my computer, hence I still haven't restarted my computer yet.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 13 August 2012 - 01:55 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 13 August 2012 - 03:20 AM

ComboFix 12-08-10.02 - Jack King 08/13/2012 3:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1261 [GMT -4:00]
Running from: c:\documents and settings\Jack King\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jack King\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-12 08:24 . 2012-08-12 08:24 -------- d-----w- c:\documents and settings\Jack King\Application Data\FreeHideIP
2012-08-12 08:24 . 2012-08-12 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeHideIP
2012-08-10 06:12 . 2012-07-16 06:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A57A25ED-F248-4BD4-8F2A-B8EC30BE354C}\mpengine.dll
2012-07-28 21:55 . 2012-07-28 21:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-28 17:17 . 2012-07-28 21:54 -------- d-s---w- c:\documents and settings\TEMP
2012-07-26 05:34 . 2012-07-26 05:34 -------- d-----w- c:\program files\ESET
2012-07-24 05:05 . 2012-07-24 05:05 -------- d-----w- c:\documents and settings\Jack King\Application Data\SpeedyPC Software
2012-07-24 05:05 . 2012-07-24 05:05 -------- d-----w- c:\documents and settings\Jack King\Application Data\DriverCure
2012-07-24 05:05 . 2012-07-24 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-07-23 06:46 . 2012-07-23 06:46 -------- d-----w- c:\program files\Common Files\Java
2012-07-23 06:45 . 2012-07-23 06:45 -------- d-----w- c:\program files\Oracle
2012-07-23 06:45 . 2012-07-23 06:44 687600 ------w- c:\windows\system32\deployJava1.dll
2012-07-23 06:45 . 2012-07-06 02:07 143872 ------w- c:\windows\system32\javacpl.cpl
2012-07-23 06:45 . 2012-07-06 02:06 772544 ------w- c:\windows\system32\npDeployJava1.dll
2012-07-23 06:44 . 2012-07-23 06:44 -------- d-----w- c:\program files\Java
2012-07-23 06:42 . 2012-07-23 06:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-07-23 06:42 . 2012-07-23 06:54 -------- d-----w- c:\documents and settings\Jack King\Local Settings\Application Data\Adobe
2012-07-23 06:38 . 2012-07-23 06:39 -------- d-----w- c:\windows\system32\Adobe
2012-07-23 06:38 . 2012-08-03 03:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-23 06:38 . 2012-08-03 03:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-23 06:34 . 2012-07-23 06:34 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-23 06:28 . 2012-07-23 06:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-22 21:15 . 2012-07-22 21:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-21 07:01 . 2012-07-21 07:23 -------- d-----w- c:\windows\SxsCaPendDel
2012-07-21 05:13 . 2012-06-02 19:18 275696 ------w- c:\windows\system32\mucltui.dll
2012-07-21 05:13 . 2012-06-02 19:18 214256 ------w- c:\windows\system32\muweb.dll
2012-07-21 01:55 . 2012-07-21 01:55 -------- d-----w- c:\documents and settings\Jack King\Local Settings\Application Data\ESET
2012-07-21 01:55 . 2012-07-21 01:55 -------- d-----w- c:\documents and settings\Jack King\Application Data\ESET
2012-07-21 01:55 . 2012-07-21 01:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-07-20 19:31 . 2012-07-23 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-07-20 19:31 . 2012-07-20 19:31 -------- d-----w- c:\program files\Security Task Manager
2012-07-20 19:03 . 2012-07-20 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-07-20 06:38 . 2012-07-20 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-20 06:38 . 2012-07-20 06:38 -------- d-----w- c:\program files\AVAST Software
2012-07-20 03:05 . 2012-07-16 06:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-20 03:05 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-20 03:04 . 2012-07-20 03:04 -------- d-----w- c:\program files\Windows Defender
2012-07-20 02:58 . 2012-07-28 21:55 -------- d-----w- c:\documents and settings\Administrator
2012-07-20 01:23 . 2012-07-20 02:49 -------- d-----w- c:\program files\PC Tools
2012-07-20 01:19 . 2012-07-20 02:49 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-20 01:19 . 2012-05-11 15:14 203088 ------w- c:\windows\system32\drivers\PCTSD.sys
2012-07-20 00:11 . 2012-07-20 01:13 -------- d-----w- c:\documents and settings\Jack King\Local Settings\Application Data\NPE
2012-07-20 00:08 . 2012-07-20 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-20 00:08 . 2012-07-20 04:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-19 05:58 . 2012-07-19 05:58 -------- d-----w- c:\documents and settings\Jack King\Application Data\Curiolab
2012-07-19 05:56 . 2012-07-20 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-07-19 05:56 . 2012-07-19 05:56 -------- d-----w- c:\documents and settings\Jack King\Application Data\TestApp
2012-07-19 02:52 . 2012-07-20 20:22 -------- d-----w- c:\program files\Trojan Remover
2012-07-19 01:55 . 2012-07-19 01:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 01:55 . 2012-07-03 17:46 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-07-18 05:17 . 2012-06-15 20:33 605968 ------w- c:\windows\system32\ztv7z.dll
2012-07-18 05:17 . 2012-06-15 20:39 169744 ------w- c:\windows\system32\ztvunrar36.dll
2012-07-18 05:17 . 2012-06-15 20:35 185616 ------w- c:\windows\system32\ztvunrar39.dll
2012-07-18 05:17 . 2012-06-15 20:33 77072 ------w- c:\windows\system32\ztvcabinet.dll
2012-07-18 05:17 . 2005-08-26 05:50 77312 ------w- c:\windows\system32\ztvunace26.dll
2012-07-18 05:17 . 2003-02-03 00:06 153088 ------w- c:\windows\system32\UNRAR3.dll
2012-07-18 05:17 . 2002-03-06 05:00 75264 ------w- c:\windows\system32\unacev2.dll
2012-07-18 05:17 . 2012-07-18 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2003-07-16 16:45 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-04-04 23:01 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2003-07-16 16:31 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2009-08-06 23:23 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 04:32 . 2003-07-16 16:37 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2011-04-04 22:29 22040 ------w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-04-04 22:29 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-04-04 22:29 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2011-04-04 22:29 15384 ------w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-04-04 22:29 45080 ------w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2011-04-04 22:29 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2011-04-04 22:29 15384 ------w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2011-04-04 22:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2003-07-16 16:19 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2011-04-04 22:29 17944 ------w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-04-04 22:29 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-04-04 22:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 07:59 . 2011-04-04 17:54 94208 ------w- c:\windows\DUMP2f7c.tmp
2012-05-31 13:22 . 2003-03-20 20:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2003-07-16 16:45 916992 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-12 1465280]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"Akamai NetSession Interface"="c:\documents and settings\Jack King\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-06-08 3784704]
"HPWPTOOLBOX"="c:\program files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" [2004-11-26 327680]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\Jack King\Start Menu\Programs\Startup\
Dialog Helper.lnk - c:\program files\VCOM\PowerDesk\pddlghlp.exe [2004-8-2 40960]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Documents and Settings\\Jack King\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [12/31/1979 8:00 PM 251194]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008030.006\SymEFA.sys [10/10/2011 8:49 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008030.006\BHDrvx86.sys [10/10/2011 8:49 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008030.006\cchpx86.sys [10/10/2011 8:48 PM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120810.001\IDSXpx86.sys [8/10/2012 9:51 PM 369632]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [10/10/2011 8:49 PM 117648]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 11:18 AM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 6:20 AM 106656]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/6/2011 1:24 AM 47360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/1/2012 6:58 AM 250056]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/20/2012 10:48 PM 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 56393466
*Deregistered* - 56393466
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 03:42]
.
2012-08-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 04:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3896)
c:\windows\system32\WININET.dll
c:\program files\VCOM\PowerDesk\pddlghlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\System32\nvcpl.dll
.
Completion time: 2012-08-13 04:08:10
ComboFix-quarantined-files.txt 2012-08-13 08:08
ComboFix2.txt 2012-08-13 03:39
.
Pre-Run: 64,011,550,720 bytes free
Post-Run: 64,297,410,560 bytes free
.
- - End Of File - - 007CF396CC3815CF0476CCDD4A008C7D

Here is the Combofix Log. Everything seems ok but I still have red X's in all the boxes in IE8. (Example the Add Reply button is replaced with a red X aswell as all buttons) So far no alerts from Norton or any extra iexplore.exe showing up in the task manager.

#11 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 13 August 2012 - 10:34 PM

Is there more that needs to be done? And what about the red X's?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 16 August 2012 - 09:39 AM

very sorry for not reprehending


I want you to run the zip file from here - http://www.winhelponline.com/articles/202/1/PNG-images-are-not-displayed-on-Web-sites-in-Internet-Explorer.html


let me know if this worked
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 16 August 2012 - 05:36 PM

I had reinstalled IE8 which seemed to have fixed the Red Xs problem. Do I still need to run the zip file?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 17 August 2012 - 07:15 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
FrostWire 4.21.5
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.





Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 18 August 2012 - 12:53 AM

Here is my MBAM and HiJackThis log.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.18.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jack King :: JACKWS [administrator]

8/18/2012 12:47:49 AM
mbam-log-2012-08-18 (00-47-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215718
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:05:37 AM, on 8/18/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Documents and Settings\Jack King\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Jack King\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jack King\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPWPTOOLBOX] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe "-i"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Jack King\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
O4 - Global Startup: PrintKey-Pro.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342651866000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344893350406
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 7539 bytes


Everything seems ok (No extra iexplore.exe in task manager, no phantom audio ads from out of nowhere, no constant alerts from norton about constant attacks). The only problem I have now is at times on you tube or other flash player related videos or games, I will get a white screen with an exclamation point in the video box. When I get one it goes to all of the other ones I have opened. Then when I hit refresh I get this message in the video box "The Adobe Flash Player or an HTML5 supported browser is required for video playback." Thanks for all the help so far.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users