Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unkown problem, 15 minute startup then slows and freezes


  • This topic is locked This topic is locked
25 replies to this topic

#1 the_tone

the_tone

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 16 February 2012 - 08:12 PM

my computer takes forever to start up, literally 15 minutes before I can reliably open anything.
eventually it will start to run somewhat efficiently.
then if left running for awhile it will start to slow down and become basically unusable without a restart... 15 minutes at least.

thanks for any help in advance.

Tony

Gringo, you out there? PM coming your way...

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 PM

Posted 16 February 2012 - 08:20 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 16 February 2012 - 08:36 PM

Hey Gringo, that was fast! Thanks again for your help.
I had no problems downloading and running defogger or dds.
Here are the logs you requested:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by user at 20:31:55 on 2012-02-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.233 [GMT -5:00]
.
AV: Norton Internet Security Netbook Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://online.bethpage.coop/Loans.aspx?acctID=8
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.0.13\ips\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Disk Monitor] c:\program files\ic\card reader driver v1.9e\Disk_Monitor.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BYR_AGENT] c:\documents and settings\all users\application data\lgmobileax\byr_client\VZWNotiAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/user/Application%20Data/Smilebox/OzDesktopImporter.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F45D62E3-444C-4B33-A9D6-2472594B9EA6} : DhcpNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\9vlkxjfq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\coffplgn_2011_7_5_2\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\user\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\9vlkxjfq.default\extensions\2020player_ikea@2020technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\user\desktop\picasa3\npPicasa3.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Add to Amazon Wish List Button: amznUWL2@amazon.com - %profile%\extensions\amznUWL2@amazon.com
FF - Ext: 20-20 3D Viewer - IKEA: 2020Player_IKEA@2020Technologies.com - %profile%\extensions\2020Player_IKEA@2020Technologies.com
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\IPSFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\coFFPlgn_2011_7_5_2
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207000.00d\symds.sys [2012-1-30 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207000.00d\symefa.sys [2012-1-30 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys [2012-1-30 136312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-23 2253120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20120215.002\IDSXpx86.sys [2012-2-15 356280]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-10-19 30560]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20120216.004\NAVENG.SYS [2012-2-16 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20120216.004\NAVEX15.SYS [2012-2-16 1576312]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
.
=============== Created Last 30 ================
.
2012-02-16 13:10:17 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:10:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-31 02:44:32 744568 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symefa.sys
2012-01-31 02:44:32 516216 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\srtsp.sys
2012-01-31 02:44:32 50168 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\srtspx.sys
2012-01-31 02:44:32 369784 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symtdi.sys
2012-01-31 02:44:32 340088 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symds.sys
2012-01-31 02:44:32 331384 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys
2012-01-31 02:44:32 299640 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symnets.sys
2012-01-31 02:44:31 136312 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys
2012-01-31 02:44:02 -------- d-----w- c:\windows\system32\drivers\nis\1207000.00D
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 15:10:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 22:45:55 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-12-23 22:45:55 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-12-23 22:45:50 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-12-19 08:13:37 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13:37 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13:36 17408 ----a-w- c:\windows\system32\corpol.dll
2011-12-02 23:27:42 103784 ----a-w- c:\documents and settings\user\GoToAssistDownloadHelper.exe
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-60MHB5 rev.10.02E04 -> Harddisk0\DR0 -> \Device\0000006d
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce™ IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F0EAB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006e[0x86F35990]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006c[0x86F16030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 20:33:06.95 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/4/2009 5:22:41 PM
System Uptime: 2/16/2012 7:30:35 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-M55SLI-S4
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket M2 | 2010/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 50.297 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 160.227 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is FIXED (NTFS) - 466 GiB total, 89.593 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1027: 11/18/2011 10:32:08 PM - System Checkpoint
RP1028: 11/19/2011 11:12:10 PM - System Checkpoint
RP1029: 11/20/2011 11:37:48 PM - System Checkpoint
RP1030: 11/22/2011 8:02:43 AM - System Checkpoint
RP1031: 11/23/2011 10:53:53 AM - System Checkpoint
RP1032: 11/24/2011 10:58:11 AM - System Checkpoint
RP1033: 11/25/2011 10:58:54 AM - System Checkpoint
RP1034: 11/26/2011 11:12:18 AM - Printer Driver Lexmark X74-X75 Installed
RP1035: 11/26/2011 12:04:07 PM - Printer Driver Lexmark X74-X75 Installed
RP1036: 11/26/2011 12:09:54 PM - Installed Java™ 6 Update 29
RP1037: 11/26/2011 12:27:06 PM - Printer Driver Lexmark X74-X75 Installed
RP1038: 11/26/2011 12:33:13 PM - Printer Driver Lexmark X74-X75 Installed
RP1039: 11/26/2011 12:33:31 PM - Printer Driver Lexmark X74-X75 Installed
RP1040: 11/26/2011 12:38:46 PM - Printer Driver Lexmark X74-X75 Installed
RP1041: 11/27/2011 2:32:56 PM - System Checkpoint
RP1042: 11/28/2011 2:57:37 PM - System Checkpoint
RP1043: 11/29/2011 5:57:00 PM - System Checkpoint
RP1044: 11/30/2011 6:19:35 PM - System Checkpoint
RP1045: 12/1/2011 7:15:53 PM - System Checkpoint
RP1046: 12/2/2011 8:29:35 PM - System Checkpoint
RP1047: 12/4/2011 8:18:11 AM - System Checkpoint
RP1048: 12/5/2011 5:33:33 PM - System Checkpoint
RP1049: 12/6/2011 6:06:44 PM - System Checkpoint
RP1050: 12/7/2011 6:43:54 PM - System Checkpoint
RP1051: 12/8/2011 8:00:05 PM - System Checkpoint
RP1052: 12/9/2011 9:00:19 PM - System Checkpoint
RP1053: 12/10/2011 11:16:06 PM - System Checkpoint
RP1054: 12/12/2011 2:53:49 PM - System Checkpoint
RP1055: 12/13/2011 4:30:44 PM - System Checkpoint
RP1056: 12/14/2011 5:00:40 PM - System Checkpoint
RP1057: 12/15/2011 5:43:57 PM - System Checkpoint
RP1058: 12/15/2011 9:07:15 PM - Software Distribution Service 3.0
RP1059: 12/16/2011 11:20:55 PM - System Checkpoint
RP1060: 12/18/2011 12:11:32 AM - System Checkpoint
RP1061: 12/19/2011 12:14:07 PM - System Checkpoint
RP1062: 12/20/2011 9:47:47 PM - System Checkpoint
RP1063: 12/22/2011 1:42:22 PM - System Checkpoint
RP1064: 12/23/2011 2:49:00 PM - System Checkpoint
RP1065: 12/24/2011 3:59:48 PM - System Checkpoint
RP1066: 12/25/2011 5:13:18 PM - System Checkpoint
RP1067: 12/26/2011 6:22:46 PM - System Checkpoint
RP1068: 12/27/2011 6:37:36 PM - System Checkpoint
RP1069: 12/28/2011 7:56:43 PM - System Checkpoint
RP1070: 12/29/2011 8:18:43 PM - System Checkpoint
RP1071: 12/30/2011 11:28:35 AM - Removed ABBYY FineReader 5.0 Sprint
RP1072: 12/30/2011 11:30:43 AM - Removed LG Verizon United Drivers.
RP1073: 12/30/2011 11:30:50 AM - Removed LG Verizon United Drivers.
RP1074: 12/30/2011 11:32:16 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP1075: 12/30/2011 11:32:50 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP1076: 12/30/2011 11:33:53 AM - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
RP1077: 12/31/2011 2:33:24 PM - System Checkpoint
RP1078: 12/31/2011 9:02:01 PM - Software Distribution Service 3.0
RP1079: 1/1/2012 9:47:34 PM - System Checkpoint
RP1080: 1/2/2012 10:15:09 PM - System Checkpoint
RP1081: 1/4/2012 2:33:13 PM - System Checkpoint
RP1082: 1/4/2012 9:00:20 PM - Software Distribution Service 3.0
RP1083: 1/5/2012 9:26:22 PM - System Checkpoint
RP1084: 1/6/2012 10:13:04 PM - System Checkpoint
RP1085: 1/8/2012 12:12:47 AM - System Checkpoint
RP1086: 1/9/2012 12:44:02 AM - System Checkpoint
RP1087: 1/10/2012 10:50:01 AM - System Checkpoint
RP1088: 1/11/2012 2:10:33 PM - System Checkpoint
RP1089: 1/11/2012 3:42:24 PM - Installed DING!
RP1090: 1/11/2012 9:00:32 PM - Software Distribution Service 3.0
RP1091: 1/12/2012 10:00:11 PM - System Checkpoint
RP1092: 1/13/2012 10:04:56 PM - System Checkpoint
RP1093: 1/14/2012 11:04:17 PM - System Checkpoint
RP1094: 1/16/2012 8:26:19 AM - System Checkpoint
RP1095: 1/17/2012 4:38:32 PM - System Checkpoint
RP1096: 1/18/2012 8:00:15 PM - System Checkpoint
RP1097: 1/19/2012 8:15:43 PM - System Checkpoint
RP1098: 1/20/2012 8:43:43 PM - System Checkpoint
RP1099: 1/21/2012 9:47:10 PM - System Checkpoint
RP1100: 1/22/2012 10:20:40 PM - System Checkpoint
RP1101: 1/23/2012 10:33:21 PM - System Checkpoint
RP1102: 1/24/2012 10:46:52 PM - System Checkpoint
RP1103: 1/25/2012 9:07:27 PM - Software Distribution Service 3.0
RP1104: 1/27/2012 7:44:01 PM - System Checkpoint
RP1105: 1/28/2012 7:52:22 PM - System Checkpoint
RP1106: 1/29/2012 8:47:22 PM - System Checkpoint
RP1107: 1/30/2012 8:58:42 PM - System Checkpoint
RP1108: 1/31/2012 9:29:39 PM - System Checkpoint
RP1109: 2/1/2012 10:25:10 PM - System Checkpoint
RP1110: 2/2/2012 10:34:09 PM - System Checkpoint
RP1111: 2/4/2012 1:01:54 PM - System Checkpoint
RP1112: 2/5/2012 3:14:53 PM - System Checkpoint
RP1113: 2/6/2012 3:23:52 PM - System Checkpoint
RP1114: 2/7/2012 9:25:24 PM - System Checkpoint
RP1115: 2/9/2012 8:03:34 AM - System Checkpoint
RP1116: 2/10/2012 9:01:02 AM - System Checkpoint
RP1117: 2/11/2012 10:47:20 AM - System Checkpoint
RP1118: 2/12/2012 12:53:11 PM - System Checkpoint
RP1119: 2/13/2012 7:11:17 PM - System Checkpoint
RP1120: 2/14/2012 8:43:15 PM - System Checkpoint
RP1121: 2/15/2012 10:45:40 PM - System Checkpoint
RP1122: 2/16/2012 6:57:37 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Agere Systems PCI Soft Modem
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belarc Advisor 8.2
BitZipper 2010
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Costco Photo Organizer
Coupon Printer for Windows
DataPilot Trial
DING!
DivX Setup
Dropbox
Facebook Plug-In
FaxTools
GIMP 2.6.6
Google Talk Plugin
GoToMeeting 5.0.0.799
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IC Card Reader Driver v1.9e
Image Resizer Powertoy for Windows XP
iTunes
Java Auto Updater
Java™ 6 Update 29
Lexmark X74-X75
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.6.26)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
MyCar-Monitor 4.2.0.4
Norton Internet Security
NVIDIA Control Panel 285.58
NVIDIA Drivers
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA Update 1.5.20
NVIDIA Update Components
OverDrive Media Console
Picasa 3
Pivot Stickfigure Animator
Portal
Portal 2
QuickTime
Realtek AC'97 Audio
Seagate Manager Installer
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.3
SPORE™
Spotify
Steam
System Requirements Lab
TeamViewer 7
The Incredible Machine: Even More Contraptions
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/9/2012 7:42:04 PM, error: Dhcp [1002] - The IP address lease 192.168.1.214 for the Network Card with network address 0016E682245B has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/9/2012 7:36:39 PM, error: Dhcp [1002] - The IP address lease 192.168.1.47 for the Network Card with network address 0016E682245B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 PM

Posted 16 February 2012 - 08:48 PM

Hello


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 16 February 2012 - 09:09 PM

Okay...

when I clicked on your "reset dma" script, it opened a notepad box with, i am assuming, your script in it...
when I saved it to my desktop and right clicked it, it did not give me a "run" option.

so i went to the website you indicated and checked the dma status of my primary and secondary IDE channels:

primary IDE channel... DMA if available/(current)ultra DMA mode 4 (on both device 0 and 1)
secondary IDE channel... DMA if available/(current)not applicable (on both device 0 and 1)

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 PM

Posted 16 February 2012 - 09:12 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 16 February 2012 - 10:25 PM

it took two attempts for combofix to complete...
I walked away from the computer during the first attempt after installing the recovery console and scanning started.
when I came back CHKDSK was running.
I let it complete... there was no combofix log evident, so I ran it again.

Possibly my antivirus reactivated, i had only disabled it for an hour earlier...

anyway, it ran completely the second time and the log follows:

ComboFix 12-02-16.02 - user 02/16/2012 21:55:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.356 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\user\LOCALS~1\Temp\{7B4A9DDD-1A46-4F38-B8E6-2D333F1E4600}\ISSetup.dll
c:\docume~1\user\LOCALS~1\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\_ISUSER.DLL
c:\docume~1\user\LOCALS~1\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\DPSGMod.dll
c:\docume~1\user\LOCALS~1\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\DpSGMod2.dll
c:\docume~1\user\LOCALS~1\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\DpUsbDriverWarning.exe
c:\docume~1\user\LOCALS~1\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\Driver_Message2K.exe
c:\docume~1\user\LOCALS~1\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\Driver_MessageXP.exe
c:\docume~1\user\LOCALS~1\Temp\TeamViewer\Version7\TeamViewer_.exe
c:\docume~1\user\LOCALS~1\Temp\Temporary Directory 4 for setupmapcreator.zip\_ISDEL.EXE
c:\documents and settings\user\g2mdlhlpx.exe
c:\documents and settings\user\GoToAssistDownloadHelper.exe
c:\documents and settings\user\Local Settings\Temp\{7B4A9DDD-1A46-4F38-B8E6-2D333F1E4600}\ISSetup.dll
c:\documents and settings\user\Local Settings\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\_ISUSER.DLL
c:\documents and settings\user\Local Settings\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\DPSGMod.dll
c:\documents and settings\user\Local Settings\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\DpSGMod2.dll
c:\documents and settings\user\Local Settings\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\DpUsbDriverWarning.exe
c:\documents and settings\user\Local Settings\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\Driver_Message2K.exe
c:\documents and settings\user\Local Settings\Temp\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}\Driver_MessageXP.exe
c:\documents and settings\user\Local Settings\Temp\TeamViewer\Version7\TeamViewer_.exe
c:\documents and settings\user\Local Settings\Temp\Temporary Directory 4 for setupmapcreator.zip\_ISDEL.EXE
c:\documents and settings\user\WINDOWS
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET192A.tmp
c:\windows\system32\SET192B.tmp
c:\windows\system32\SET197C.tmp
c:\windows\system32\SET1981.tmp
c:\windows\system32\SET1999.tmp
c:\windows\system32\SET199B.tmp
c:\windows\system32\SET19AA.tmp
L:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-16 13:10 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:10 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-31 02:44 . 2012-01-31 13:11 -------- d-----w- c:\windows\system32\drivers\NIS\1207000.00D
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-10-08 12:01 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 20:42 . 2012-01-11 20:42 8192 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}\Icon84031A18.exe
2012-01-04 15:10 . 2011-06-25 14:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:13 . 2004-10-08 12:01 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2004-10-08 12:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2004-10-08 12:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2004-10-08 12:01 17408 ----a-w- c:\windows\system32\corpol.dll
2011-11-25 21:57 . 2004-10-08 12:01 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Disk Monitor"="c:\program files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe" [2003-06-18 466944]
"AGRSMMSG"="AGRSMMSG.exe" [2006-04-28 89542]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BYR_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2011-06-14 392280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\documents and settings\user\Application Data\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207000.00D\symds.sys [1/30/2012 9:44 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207000.00D\symefa.sys [1/30/2012 9:44 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2/15/2012 8:35 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207000.00D\ironx86.sys [1/30/2012 9:44 PM 136312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 1:35 PM 181544]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [1/30/2012 9:44 PM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/23/2011 5:46 PM 2253120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120215.002\IDSXpx86.sys [2/15/2012 9:39 PM 356280]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10/19/2009 10:08 PM 30560]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1788223648-682003330-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-12 23:33]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1788223648-682003330-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-12 23:33]
.
.
------- Supplementary Scan -------
.
uStart Page = https://online.bethpage.coop/Loans.aspx?acctID=8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/user/Application%20Data/Smilebox/OzDesktopImporter.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9vlkxjfq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Add to Amazon Wish List Button: amznUWL2@amazon.com - %profile%\extensions\amznUWL2@amazon.com
FF - Ext: 20-20 3D Viewer - IKEA: 2020Player_IKEA@2020Technologies.com - %profile%\extensions\2020Player_IKEA@2020Technologies.com
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_5_2
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 22:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-60MHB5 rev.10.02E04 -> Harddisk0\DR0 -> \Device\0000006e
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1788223648-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:ff,25,bc,95,16,9c,7a,11,1b,fd,69,23,e1,14,bf,dc,35,39,21,f0,bb,
1e,46,fb,35,85,97,e1,5a,da,2f,a5,2c,23,2b,08,95,1e,b0,51,09,84,bb,f6,ef,4f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Completion time: 2012-02-16 22:19:36
ComboFix-quarantined-files.txt 2012-02-17 03:19
.
Pre-Run: 53,887,172,608 bytes free
Post-Run: 63,936,569,344 bytes free
.
- - End Of File - - 533A213342F4C319BA51BAFFB2553819

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 PM

Posted 16 February 2012 - 10:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 18 February 2012 - 11:35 AM

Salutations...



i tried three times to get the aswmbr scan to finish.
i am not sure if it froze/stalled, or if i didn't wait long enough.
anyway, it finally completed... here are the logs from tdsskiller and aswmbr...

21:54:25.0604 1420 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
21:54:26.0229 1420 ============================================================
21:54:26.0229 1420 Current date / time: 2012/02/17 21:54:26.0229
21:54:26.0229 1420 SystemInfo:
21:54:26.0229 1420
21:54:26.0229 1420 OS Version: 5.1.2600 ServicePack: 3.0
21:54:26.0229 1420 Product type: Workstation
21:54:26.0229 1420 ComputerName: USER-30DED2C6EC
21:54:26.0229 1420 UserName: user
21:54:26.0229 1420 Windows directory: C:\WINDOWS
21:54:26.0229 1420 System windows directory: C:\WINDOWS
21:54:26.0229 1420 Processor architecture: Intel x86
21:54:26.0229 1420 Number of processors: 2
21:54:26.0229 1420 Page size: 0x1000
21:54:26.0229 1420 Boot type: Normal boot
21:54:26.0229 1420 ============================================================
21:54:27.0573 1420 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:54:27.0588 1420 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x764A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
21:54:27.0666 1420 Drive \Device\Harddisk6\DR12 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:54:27.0666 1420 \Device\Harddisk0\DR0:
21:54:27.0666 1420 MBR used
21:54:27.0666 1420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
21:54:27.0666 1420 \Device\Harddisk1\DR1:
21:54:27.0666 1420 MBR used
21:54:27.0666 1420 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C5541
21:54:27.0666 1420 \Device\Harddisk6\DR12:
21:54:27.0666 1420 MBR used
21:54:27.0666 1420 \Device\Harddisk6\DR12\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:54:27.0901 1420 Initialize success
21:54:27.0901 1420 ============================================================
21:54:33.0776 5708 ============================================================
21:54:33.0776 5708 Scan started
21:54:33.0776 5708 Mode: Manual;
21:54:33.0776 5708 ============================================================
21:54:33.0916 5708 Abiosdsk - ok
21:54:33.0932 5708 abp480n5 - ok
21:54:33.0995 5708 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:54:33.0995 5708 ACPI - ok
21:54:34.0041 5708 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:54:34.0057 5708 ACPIEC - ok
21:54:34.0073 5708 adpu160m - ok
21:54:34.0104 5708 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:54:34.0104 5708 aec - ok
21:54:34.0151 5708 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:54:34.0151 5708 AFD - ok
21:54:34.0229 5708 AgereSoftModem (1320b1184ba03e09bdda5df480d8e3a0) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:54:34.0276 5708 AgereSoftModem - ok
21:54:34.0291 5708 Aha154x - ok
21:54:34.0291 5708 aic78u2 - ok
21:54:34.0307 5708 aic78xx - ok
21:54:34.0463 5708 ALCXWDM (34149a136b2b7525113950233f259ec1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:54:34.0604 5708 ALCXWDM - ok
21:54:34.0651 5708 AliIde - ok
21:54:34.0729 5708 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:54:34.0729 5708 AmdK8 - ok
21:54:34.0776 5708 amsint - ok
21:54:34.0823 5708 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:54:34.0838 5708 Arp1394 - ok
21:54:34.0838 5708 asc - ok
21:54:34.0854 5708 asc3350p - ok
21:54:34.0854 5708 asc3550 - ok
21:54:34.0901 5708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:54:34.0901 5708 AsyncMac - ok
21:54:34.0948 5708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:54:34.0948 5708 atapi - ok
21:54:34.0963 5708 Atdisk - ok
21:54:35.0010 5708 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:54:35.0010 5708 Atmarpc - ok
21:54:35.0041 5708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:54:35.0041 5708 audstub - ok
21:54:35.0104 5708 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
21:54:35.0104 5708 BANTExt - ok
21:54:35.0135 5708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:54:35.0151 5708 Beep - ok
21:54:35.0448 5708 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
21:54:35.0479 5708 BHDrvx86 - ok
21:54:35.0620 5708 catchme - ok
21:54:35.0698 5708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:54:35.0698 5708 cbidf2k - ok
21:54:35.0745 5708 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:54:35.0776 5708 CCDECODE - ok
21:54:35.0776 5708 cd20xrnt - ok
21:54:35.0823 5708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:54:35.0823 5708 Cdaudio - ok
21:54:35.0870 5708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:54:35.0870 5708 Cdfs - ok
21:54:35.0932 5708 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:54:35.0932 5708 Cdrom - ok
21:54:35.0948 5708 Changer - ok
21:54:35.0963 5708 CmdIde - ok
21:54:35.0995 5708 Cpqarray - ok
21:54:36.0010 5708 dac2w2k - ok
21:54:36.0010 5708 dac960nt - ok
21:54:36.0041 5708 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:54:36.0041 5708 Disk - ok
21:54:36.0104 5708 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:54:36.0120 5708 dmboot - ok
21:54:36.0135 5708 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:54:36.0135 5708 dmio - ok
21:54:36.0151 5708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:54:36.0151 5708 dmload - ok
21:54:36.0182 5708 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:54:36.0182 5708 DMusic - ok
21:54:36.0198 5708 dpti2o - ok
21:54:36.0198 5708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:54:36.0198 5708 drmkaud - ok
21:54:36.0323 5708 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:54:36.0323 5708 eeCtrl - ok
21:54:36.0401 5708 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
21:54:36.0401 5708 EraserUtilDrv11122 - ok
21:54:36.0479 5708 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:54:36.0479 5708 Fastfat - ok
21:54:36.0557 5708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:54:36.0557 5708 Fdc - ok
21:54:36.0588 5708 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:54:36.0588 5708 Fips - ok
21:54:36.0635 5708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:54:36.0635 5708 Flpydisk - ok
21:54:36.0698 5708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:54:36.0698 5708 FltMgr - ok
21:54:36.0745 5708 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:54:36.0745 5708 Fs_Rec - ok
21:54:36.0760 5708 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:54:36.0760 5708 Ftdisk - ok
21:54:36.0807 5708 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:54:36.0823 5708 GEARAspiWDM - ok
21:54:36.0854 5708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:54:36.0854 5708 Gpc - ok
21:54:36.0932 5708 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:54:36.0932 5708 HidUsb - ok
21:54:36.0932 5708 hpn - ok
21:54:36.0995 5708 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:54:36.0995 5708 HTTP - ok
21:54:37.0057 5708 i2omgmt - ok
21:54:37.0073 5708 i2omp - ok
21:54:37.0088 5708 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:54:37.0088 5708 i8042prt - ok
21:54:37.0370 5708 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120217.003\IDSxpx86.sys
21:54:37.0370 5708 IDSxpx86 - ok
21:54:37.0416 5708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:54:37.0416 5708 Imapi - ok
21:54:37.0432 5708 ini910u - ok
21:54:37.0432 5708 IntelIde - ok
21:54:37.0479 5708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:54:37.0479 5708 Ip6Fw - ok
21:54:37.0510 5708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:54:37.0510 5708 IpFilterDriver - ok
21:54:37.0541 5708 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:54:37.0541 5708 IpInIp - ok
21:54:37.0573 5708 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:54:37.0573 5708 IpNat - ok
21:54:37.0620 5708 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:54:37.0620 5708 IPSec - ok
21:54:37.0651 5708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:54:37.0651 5708 IRENUM - ok
21:54:37.0698 5708 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:54:37.0713 5708 isapnp - ok
21:54:37.0729 5708 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:54:37.0729 5708 Kbdclass - ok
21:54:37.0760 5708 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:54:37.0760 5708 kbdhid - ok
21:54:37.0791 5708 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:54:37.0807 5708 kmixer - ok
21:54:37.0823 5708 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:54:37.0838 5708 KSecDD - ok
21:54:37.0854 5708 lbrtfdc - ok
21:54:37.0963 5708 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:54:37.0963 5708 MHNDRV - ok
21:54:37.0995 5708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:54:37.0995 5708 mnmdd - ok
21:54:38.0041 5708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:54:38.0041 5708 Modem - ok
21:54:38.0088 5708 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
21:54:38.0088 5708 motccgp - ok
21:54:38.0135 5708 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
21:54:38.0135 5708 motccgpfl - ok
21:54:38.0166 5708 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
21:54:38.0166 5708 motport - ok
21:54:38.0213 5708 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:54:38.0213 5708 Mouclass - ok
21:54:38.0229 5708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:54:38.0229 5708 MountMgr - ok
21:54:38.0229 5708 mraid35x - ok
21:54:38.0245 5708 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:54:38.0245 5708 MRxDAV - ok
21:54:38.0291 5708 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:54:38.0307 5708 MRxSmb - ok
21:54:38.0370 5708 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:54:38.0370 5708 Msfs - ok
21:54:38.0416 5708 MSHUSBVideo (29e0ec2a9dc4c7913657a51dfff97856) C:\WINDOWS\system32\Drivers\nx6000.sys
21:54:38.0416 5708 MSHUSBVideo - ok
21:54:38.0479 5708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:54:38.0479 5708 MSKSSRV - ok
21:54:38.0526 5708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:54:38.0526 5708 MSPCLOCK - ok
21:54:38.0526 5708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:54:38.0526 5708 MSPQM - ok
21:54:38.0604 5708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:54:38.0604 5708 mssmbios - ok
21:54:38.0635 5708 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
21:54:38.0635 5708 MSTEE - ok
21:54:38.0666 5708 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:54:38.0666 5708 Mup - ok
21:54:38.0713 5708 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:54:38.0713 5708 NABTSFEC - ok
21:54:38.0995 5708 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120217.004\NAVENG.SYS
21:54:39.0010 5708 NAVENG - ok
21:54:39.0073 5708 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120217.004\NAVEX15.SYS
21:54:39.0135 5708 NAVEX15 - ok
21:54:39.0276 5708 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:54:39.0276 5708 NDIS - ok
21:54:39.0323 5708 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:54:39.0323 5708 NdisIP - ok
21:54:39.0354 5708 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:54:39.0354 5708 NdisTapi - ok
21:54:39.0401 5708 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:54:39.0401 5708 Ndisuio - ok
21:54:39.0432 5708 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:54:39.0432 5708 NdisWan - ok
21:54:39.0463 5708 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:54:39.0463 5708 NDProxy - ok
21:54:39.0526 5708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:54:39.0526 5708 NetBIOS - ok
21:54:39.0541 5708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:54:39.0541 5708 NetBT - ok
21:54:39.0573 5708 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:54:39.0573 5708 NIC1394 - ok
21:54:39.0620 5708 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:54:39.0620 5708 Npfs - ok
21:54:39.0666 5708 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:54:39.0666 5708 Ntfs - ok
21:54:39.0698 5708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:54:39.0698 5708 Null - ok
21:54:40.0151 5708 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:54:40.0557 5708 nv - ok
21:54:40.0635 5708 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
21:54:40.0635 5708 nvata - ok
21:54:40.0682 5708 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\drivers\nvatabus.sys
21:54:40.0682 5708 nvatabus - ok
21:54:40.0760 5708 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:54:40.0760 5708 NVENETFD - ok
21:54:40.0807 5708 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:54:40.0807 5708 nvnetbus - ok
21:54:40.0854 5708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:54:40.0854 5708 NwlnkFlt - ok
21:54:40.0870 5708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:54:40.0870 5708 NwlnkFwd - ok
21:54:40.0948 5708 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:54:40.0948 5708 ohci1394 - ok
21:54:40.0979 5708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:54:40.0979 5708 Parport - ok
21:54:40.0995 5708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:54:40.0995 5708 PartMgr - ok
21:54:41.0073 5708 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:54:41.0073 5708 ParVdm - ok
21:54:41.0088 5708 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:54:41.0088 5708 PCI - ok
21:54:41.0104 5708 PCIDump - ok
21:54:41.0104 5708 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:54:41.0104 5708 PCIIde - ok
21:54:41.0151 5708 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:54:41.0198 5708 Pcmcia - ok
21:54:41.0198 5708 PDCOMP - ok
21:54:41.0213 5708 PDFRAME - ok
21:54:41.0213 5708 PDRELI - ok
21:54:41.0229 5708 PDRFRAME - ok
21:54:41.0229 5708 perc2 - ok
21:54:41.0245 5708 perc2hib - ok
21:54:41.0307 5708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:54:41.0307 5708 PptpMiniport - ok
21:54:41.0323 5708 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:54:41.0323 5708 Processor - ok
21:54:41.0385 5708 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:54:41.0385 5708 PSched - ok
21:54:41.0432 5708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:54:41.0432 5708 Ptilink - ok
21:54:41.0448 5708 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:54:41.0448 5708 PxHelp20 - ok
21:54:41.0479 5708 ql1080 - ok
21:54:41.0495 5708 Ql10wnt - ok
21:54:41.0495 5708 ql12160 - ok
21:54:41.0510 5708 ql1240 - ok
21:54:41.0526 5708 ql1280 - ok
21:54:41.0526 5708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:54:41.0526 5708 RasAcd - ok
21:54:41.0573 5708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:54:41.0573 5708 Rasl2tp - ok
21:54:41.0620 5708 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:54:41.0620 5708 RasPppoe - ok
21:54:41.0620 5708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:54:41.0620 5708 Raspti - ok
21:54:41.0666 5708 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:54:41.0682 5708 Rdbss - ok
21:54:41.0729 5708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:54:41.0729 5708 RDPCDD - ok
21:54:41.0729 5708 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:54:41.0745 5708 rdpdr - ok
21:54:41.0776 5708 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:54:41.0776 5708 RDPWD - ok
21:54:41.0807 5708 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:54:41.0807 5708 redbook - ok
21:54:41.0870 5708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:54:41.0870 5708 Secdrv - ok
21:54:41.0901 5708 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:54:41.0901 5708 serenum - ok
21:54:41.0916 5708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:54:41.0916 5708 Serial - ok
21:54:41.0948 5708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:54:41.0948 5708 Sfloppy - ok
21:54:41.0963 5708 Simbad - ok
21:54:41.0995 5708 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:54:42.0010 5708 SLIP - ok
21:54:42.0010 5708 Sparrow - ok
21:54:42.0057 5708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:54:42.0057 5708 splitter - ok
21:54:42.0073 5708 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:54:42.0088 5708 sr - ok
21:54:42.0245 5708 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1207000.00D\SRTSP.SYS
21:54:42.0276 5708 SRTSP - ok
21:54:42.0338 5708 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1207000.00D\SRTSPX.SYS
21:54:42.0338 5708 SRTSPX - ok
21:54:42.0401 5708 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:54:42.0401 5708 Srv - ok
21:54:42.0448 5708 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:54:42.0448 5708 streamip - ok
21:54:42.0510 5708 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:54:42.0510 5708 swenum - ok
21:54:42.0510 5708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:54:42.0526 5708 swmidi - ok
21:54:42.0526 5708 symc810 - ok
21:54:42.0541 5708 symc8xx - ok
21:54:42.0573 5708 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1207000.00D\SYMDS.SYS
21:54:42.0588 5708 SymDS - ok
21:54:42.0635 5708 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1207000.00D\SYMEFA.SYS
21:54:42.0682 5708 SymEFA - ok
21:54:42.0745 5708 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:54:42.0745 5708 SymEvent - ok
21:54:42.0823 5708 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1207000.00D\Ironx86.SYS
21:54:42.0838 5708 SymIRON - ok
21:54:42.0948 5708 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\NIS\1207000.00D\SYMTDI.SYS
21:54:42.0963 5708 SYMTDI - ok
21:54:42.0995 5708 sym_hi - ok
21:54:43.0026 5708 sym_u3 - ok
21:54:43.0057 5708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:54:43.0057 5708 sysaudio - ok
21:54:43.0120 5708 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:54:43.0135 5708 Tcpip - ok
21:54:43.0182 5708 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:54:43.0182 5708 TDPIPE - ok
21:54:43.0213 5708 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:54:43.0213 5708 TDTCP - ok
21:54:43.0245 5708 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:54:43.0245 5708 TermDD - ok
21:54:43.0260 5708 TosIde - ok
21:54:43.0291 5708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:54:43.0307 5708 Udfs - ok
21:54:43.0307 5708 ultra - ok
21:54:43.0323 5708 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:54:43.0323 5708 Update - ok
21:54:43.0416 5708 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:54:43.0416 5708 USBAAPL - ok
21:54:43.0448 5708 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:54:43.0463 5708 usbaudio - ok
21:54:43.0510 5708 usbbus - ok
21:54:43.0541 5708 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:54:43.0541 5708 usbccgp - ok
21:54:43.0573 5708 UsbDiag - ok
21:54:43.0620 5708 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:54:43.0620 5708 usbehci - ok
21:54:43.0635 5708 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:54:43.0635 5708 usbhub - ok
21:54:43.0635 5708 USBModem - ok
21:54:43.0713 5708 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:54:43.0713 5708 usbohci - ok
21:54:43.0760 5708 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:54:43.0760 5708 usbprint - ok
21:54:43.0776 5708 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:54:43.0791 5708 usbscan - ok
21:54:43.0823 5708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:54:43.0823 5708 USBSTOR - ok
21:54:43.0885 5708 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:54:43.0885 5708 usbvideo - ok
21:54:43.0916 5708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:54:43.0916 5708 VgaSave - ok
21:54:43.0948 5708 ViaIde - ok
21:54:43.0963 5708 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:54:43.0963 5708 VolSnap - ok
21:54:44.0010 5708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:54:44.0026 5708 Wanarp - ok
21:54:44.0104 5708 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:54:44.0120 5708 Wdf01000 - ok
21:54:44.0135 5708 WDICA - ok
21:54:44.0166 5708 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:54:44.0166 5708 wdmaud - ok
21:54:44.0307 5708 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:54:44.0307 5708 WpdUsb - ok
21:54:44.0338 5708 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:54:44.0338 5708 WS2IFSL - ok
21:54:44.0385 5708 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:54:44.0385 5708 WSTCODEC - ok
21:54:44.0432 5708 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:54:44.0432 5708 WudfPf - ok
21:54:44.0463 5708 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:54:44.0463 5708 WudfRd - ok
21:54:44.0495 5708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:54:44.0620 5708 \Device\Harddisk0\DR0 - ok
21:54:44.0620 5708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:54:44.0635 5708 \Device\Harddisk1\DR1 - ok
21:54:44.0635 5708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR12
21:54:44.0635 5708 \Device\Harddisk6\DR12 - ok
21:54:44.0651 5708 Boot (0x1200) (c822c175fcf483444bdebb7cd76326d2) \Device\Harddisk0\DR0\Partition0
21:54:44.0651 5708 \Device\Harddisk0\DR0\Partition0 - ok
21:54:44.0651 5708 Boot (0x1200) (0aa1587dfb839d235bc0d06ca7d4589b) \Device\Harddisk1\DR1\Partition0
21:54:44.0651 5708 \Device\Harddisk1\DR1\Partition0 - ok
21:54:44.0651 5708 Boot (0x1200) (b8c5403b2d0709df4e0d403230e2fc3b) \Device\Harddisk6\DR12\Partition0
21:54:44.0651 5708 \Device\Harddisk6\DR12\Partition0 - ok
21:54:44.0651 5708 ============================================================
21:54:44.0651 5708 Scan finished
21:54:44.0651 5708 ============================================================
21:54:44.0666 4232 Detected object count: 0
21:54:44.0666 4232 Actual detected object count: 0
21:56:44.0276 4512 ============================================================
21:56:44.0276 4512 Scan started
21:56:44.0276 4512 Mode: Manual;
21:56:44.0276 4512 ============================================================
21:56:44.0463 4512 Abiosdsk - ok
21:56:44.0495 4512 abp480n5 - ok
21:56:44.0557 4512 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:56:44.0557 4512 ACPI - ok
21:56:44.0588 4512 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:56:44.0588 4512 ACPIEC - ok
21:56:44.0604 4512 adpu160m - ok
21:56:44.0635 4512 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:56:44.0635 4512 aec - ok
21:56:44.0682 4512 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:56:44.0682 4512 AFD - ok
21:56:44.0823 4512 AgereSoftModem (1320b1184ba03e09bdda5df480d8e3a0) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:56:44.0823 4512 AgereSoftModem - ok
21:56:44.0854 4512 Aha154x - ok
21:56:44.0885 4512 aic78u2 - ok
21:56:44.0885 4512 aic78xx - ok
21:56:45.0073 4512 ALCXWDM (34149a136b2b7525113950233f259ec1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:56:45.0088 4512 ALCXWDM - ok
21:56:45.0104 4512 AliIde - ok
21:56:45.0151 4512 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:56:45.0151 4512 AmdK8 - ok
21:56:45.0166 4512 amsint - ok
21:56:45.0198 4512 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:56:45.0198 4512 Arp1394 - ok
21:56:45.0245 4512 asc - ok
21:56:45.0245 4512 asc3350p - ok
21:56:45.0260 4512 asc3550 - ok
21:56:45.0291 4512 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:56:45.0291 4512 AsyncMac - ok
21:56:45.0323 4512 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:56:45.0323 4512 atapi - ok
21:56:45.0323 4512 Atdisk - ok
21:56:45.0354 4512 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:56:45.0354 4512 Atmarpc - ok
21:56:45.0448 4512 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:56:45.0448 4512 audstub - ok
21:56:45.0510 4512 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
21:56:45.0510 4512 BANTExt - ok
21:56:45.0541 4512 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:56:45.0541 4512 Beep - ok
21:56:45.0807 4512 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
21:56:45.0823 4512 BHDrvx86 - ok
21:56:45.0932 4512 catchme - ok
21:56:46.0026 4512 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:56:46.0026 4512 cbidf2k - ok
21:56:46.0073 4512 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:56:46.0073 4512 CCDECODE - ok
21:56:46.0120 4512 cd20xrnt - ok
21:56:46.0151 4512 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:56:46.0151 4512 Cdaudio - ok
21:56:46.0213 4512 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:56:46.0213 4512 Cdfs - ok
21:56:46.0229 4512 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:56:46.0229 4512 Cdrom - ok
21:56:46.0245 4512 Changer - ok
21:56:46.0260 4512 CmdIde - ok
21:56:46.0276 4512 Cpqarray - ok
21:56:46.0291 4512 dac2w2k - ok
21:56:46.0291 4512 dac960nt - ok
21:56:46.0323 4512 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:56:46.0323 4512 Disk - ok
21:56:46.0370 4512 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:56:46.0385 4512 dmboot - ok
21:56:46.0385 4512 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:56:46.0385 4512 dmio - ok
21:56:46.0401 4512 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:56:46.0401 4512 dmload - ok
21:56:46.0448 4512 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:56:46.0448 4512 DMusic - ok
21:56:46.0448 4512 dpti2o - ok
21:56:46.0463 4512 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:56:46.0463 4512 drmkaud - ok
21:56:46.0588 4512 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:56:46.0588 4512 eeCtrl - ok
21:56:46.0620 4512 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
21:56:46.0620 4512 EraserUtilDrv11122 - ok
21:56:46.0682 4512 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:56:46.0682 4512 Fastfat - ok
21:56:46.0713 4512 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:56:46.0713 4512 Fdc - ok
21:56:46.0760 4512 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:56:46.0760 4512 Fips - ok
21:56:46.0776 4512 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:56:46.0776 4512 Flpydisk - ok
21:56:46.0838 4512 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:56:46.0838 4512 FltMgr - ok
21:56:46.0870 4512 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:56:46.0870 4512 Fs_Rec - ok
21:56:46.0885 4512 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:56:46.0885 4512 Ftdisk - ok
21:56:46.0932 4512 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:56:46.0932 4512 GEARAspiWDM - ok
21:56:46.0963 4512 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:56:46.0963 4512 Gpc - ok
21:56:46.0995 4512 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:56:46.0995 4512 HidUsb - ok
21:56:47.0010 4512 hpn - ok
21:56:47.0057 4512 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:56:47.0073 4512 HTTP - ok
21:56:47.0120 4512 i2omgmt - ok
21:56:47.0135 4512 i2omp - ok
21:56:47.0151 4512 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:56:47.0151 4512 i8042prt - ok
21:56:47.0385 4512 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120217.003\IDSxpx86.sys
21:56:47.0401 4512 IDSxpx86 - ok
21:56:47.0463 4512 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:56:47.0463 4512 Imapi - ok
21:56:47.0495 4512 ini910u - ok
21:56:47.0541 4512 IntelIde - ok
21:56:47.0573 4512 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:56:47.0573 4512 Ip6Fw - ok
21:56:47.0604 4512 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:56:47.0604 4512 IpFilterDriver - ok
21:56:47.0635 4512 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:56:47.0635 4512 IpInIp - ok
21:56:47.0666 4512 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:56:47.0666 4512 IpNat - ok
21:56:47.0713 4512 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:56:47.0713 4512 IPSec - ok
21:56:47.0791 4512 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:56:47.0791 4512 IRENUM - ok
21:56:47.0823 4512 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:56:47.0823 4512 isapnp - ok
21:56:47.0838 4512 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:56:47.0838 4512 Kbdclass - ok
21:56:47.0870 4512 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:56:47.0870 4512 kbdhid - ok
21:56:47.0948 4512 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:56:47.0948 4512 kmixer - ok
21:56:47.0979 4512 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:56:47.0979 4512 KSecDD - ok
21:56:48.0010 4512 lbrtfdc - ok
21:56:48.0073 4512 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:56:48.0073 4512 MHNDRV - ok
21:56:48.0104 4512 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:56:48.0104 4512 mnmdd - ok
21:56:48.0151 4512 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:56:48.0166 4512 Modem - ok
21:56:48.0198 4512 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
21:56:48.0198 4512 motccgp - ok
21:56:48.0213 4512 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
21:56:48.0213 4512 motccgpfl - ok
21:56:48.0245 4512 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
21:56:48.0245 4512 motport - ok
21:56:48.0291 4512 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:56:48.0291 4512 Mouclass - ok
21:56:48.0323 4512 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:56:48.0323 4512 MountMgr - ok
21:56:48.0338 4512 mraid35x - ok
21:56:48.0338 4512 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:56:48.0338 4512 MRxDAV - ok
21:56:48.0401 4512 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:56:48.0401 4512 MRxSmb - ok
21:56:48.0432 4512 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:56:48.0432 4512 Msfs - ok
21:56:48.0479 4512 MSHUSBVideo (29e0ec2a9dc4c7913657a51dfff97856) C:\WINDOWS\system32\Drivers\nx6000.sys
21:56:48.0479 4512 MSHUSBVideo - ok
21:56:48.0541 4512 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:56:48.0541 4512 MSKSSRV - ok
21:56:48.0604 4512 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:56:48.0604 4512 MSPCLOCK - ok
21:56:48.0620 4512 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:56:48.0620 4512 MSPQM - ok
21:56:48.0651 4512 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:56:48.0651 4512 mssmbios - ok
21:56:48.0682 4512 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
21:56:48.0682 4512 MSTEE - ok
21:56:48.0713 4512 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:56:48.0713 4512 Mup - ok
21:56:48.0776 4512 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:56:48.0776 4512 NABTSFEC - ok
21:56:49.0026 4512 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120217.004\NAVENG.SYS
21:56:49.0026 4512 NAVENG - ok
21:56:49.0104 4512 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120217.004\NAVEX15.SYS
21:56:49.0120 4512 NAVEX15 - ok
21:56:49.0229 4512 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:56:49.0229 4512 NDIS - ok
21:56:49.0260 4512 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:56:49.0260 4512 NdisIP - ok
21:56:49.0291 4512 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:56:49.0291 4512 NdisTapi - ok
21:56:49.0338 4512 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:56:49.0338 4512 Ndisuio - ok
21:56:49.0338 4512 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:56:49.0354 4512 NdisWan - ok
21:56:49.0385 4512 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:56:49.0385 4512 NDProxy - ok
21:56:49.0432 4512 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:56:49.0432 4512 NetBIOS - ok
21:56:49.0448 4512 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:56:49.0448 4512 NetBT - ok
21:56:49.0479 4512 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:56:49.0479 4512 NIC1394 - ok
21:56:49.0526 4512 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:56:49.0526 4512 Npfs - ok
21:56:49.0573 4512 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:56:49.0573 4512 Ntfs - ok
21:56:49.0604 4512 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:56:49.0604 4512 Null - ok
21:56:50.0073 4512 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:56:50.0166 4512 nv - ok
21:56:50.0245 4512 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
21:56:50.0245 4512 nvata - ok
21:56:50.0291 4512 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\drivers\nvatabus.sys
21:56:50.0291 4512 nvatabus - ok
21:56:50.0307 4512 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:56:50.0307 4512 NVENETFD - ok
21:56:50.0338 4512 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:56:50.0338 4512 nvnetbus - ok
21:56:50.0385 4512 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:56:50.0385 4512 NwlnkFlt - ok
21:56:50.0401 4512 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:56:50.0401 4512 NwlnkFwd - ok
21:56:50.0401 4512 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:56:50.0416 4512 ohci1394 - ok
21:56:50.0432 4512 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:56:50.0432 4512 Parport - ok
21:56:50.0432 4512 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:56:50.0432 4512 PartMgr - ok
21:56:50.0463 4512 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:56:50.0463 4512 ParVdm - ok
21:56:50.0479 4512 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:56:50.0479 4512 PCI - ok
21:56:50.0479 4512 PCIDump - ok
21:56:50.0495 4512 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:56:50.0495 4512 PCIIde - ok
21:56:50.0541 4512 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:56:50.0541 4512 Pcmcia - ok
21:56:50.0557 4512 PDCOMP - ok
21:56:50.0557 4512 PDFRAME - ok
21:56:50.0573 4512 PDRELI - ok
21:56:50.0588 4512 PDRFRAME - ok
21:56:50.0588 4512 perc2 - ok
21:56:50.0604 4512 perc2hib - ok
21:56:50.0666 4512 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:56:50.0666 4512 PptpMiniport - ok
21:56:50.0682 4512 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:56:50.0682 4512 Processor - ok
21:56:50.0698 4512 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:56:50.0698 4512 PSched - ok
21:56:50.0713 4512 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:56:50.0729 4512 Ptilink - ok
21:56:50.0760 4512 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:56:50.0760 4512 PxHelp20 - ok
21:56:50.0823 4512 ql1080 - ok
21:56:50.0838 4512 Ql10wnt - ok
21:56:50.0838 4512 ql12160 - ok
21:56:50.0854 4512 ql1240 - ok
21:56:50.0870 4512 ql1280 - ok
21:56:50.0885 4512 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:56:50.0885 4512 RasAcd - ok
21:56:50.0901 4512 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:56:50.0901 4512 Rasl2tp - ok
21:56:50.0916 4512 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:56:50.0916 4512 RasPppoe - ok
21:56:50.0932 4512 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:56:50.0932 4512 Raspti - ok
21:56:50.0979 4512 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:56:50.0979 4512 Rdbss - ok
21:56:50.0995 4512 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:56:50.0995 4512 RDPCDD - ok
21:56:51.0010 4512 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:56:51.0010 4512 rdpdr - ok
21:56:51.0057 4512 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:56:51.0057 4512 RDPWD - ok
21:56:51.0088 4512 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:56:51.0088 4512 redbook - ok
21:56:51.0151 4512 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:56:51.0151 4512 Secdrv - ok
21:56:51.0198 4512 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:56:51.0198 4512 serenum - ok
21:56:51.0213 4512 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:56:51.0213 4512 Serial - ok
21:56:51.0245 4512 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:56:51.0245 4512 Sfloppy - ok
21:56:51.0260 4512 Simbad - ok
21:56:51.0307 4512 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:56:51.0307 4512 SLIP - ok
21:56:51.0307 4512 Sparrow - ok
21:56:51.0354 4512 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:56:51.0354 4512 splitter - ok
21:56:51.0370 4512 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:56:51.0370 4512 sr - ok
21:56:51.0479 4512 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1207000.00D\SRTSP.SYS
21:56:51.0479 4512 SRTSP - ok
21:56:51.0541 4512 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1207000.00D\SRTSPX.SYS
21:56:51.0557 4512 SRTSPX - ok
21:56:51.0588 4512 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:56:51.0588 4512 Srv - ok
21:56:51.0635 4512 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:56:51.0635 4512 streamip - ok
21:56:51.0666 4512 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:56:51.0666 4512 swenum - ok
21:56:51.0666 4512 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:56:51.0666 4512 swmidi - ok
21:56:51.0682 4512 symc810 - ok
21:56:51.0698 4512 symc8xx - ok
21:56:51.0729 4512 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1207000.00D\SYMDS.SYS
21:56:51.0729 4512 SymDS - ok
21:56:51.0776 4512 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1207000.00D\SYMEFA.SYS
21:56:51.0776 4512 SymEFA - ok
21:56:51.0823 4512 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:56:51.0823 4512 SymEvent - ok
21:56:51.0870 4512 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1207000.00D\Ironx86.SYS
21:56:51.0870 4512 SymIRON - ok
21:56:51.0916 4512 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\NIS\1207000.00D\SYMTDI.SYS
21:56:51.0916 4512 SYMTDI - ok
21:56:51.0932 4512 sym_hi - ok
21:56:51.0932 4512 sym_u3 - ok
21:56:51.0995 4512 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:56:51.0995 4512 sysaudio - ok
21:56:52.0104 4512 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:56:52.0104 4512 Tcpip - ok
21:56:52.0135 4512 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:56:52.0151 4512 TDPIPE - ok
21:56:52.0166 4512 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:56:52.0166 4512 TDTCP - ok
21:56:52.0198 4512 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:56:52.0198 4512 TermDD - ok
21:56:52.0213 4512 TosIde - ok
21:56:52.0260 4512 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:56:52.0260 4512 Udfs - ok
21:56:52.0260 4512 ultra - ok
21:56:52.0291 4512 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:56:52.0291 4512 Update - ok
21:56:52.0338 4512 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:56:52.0338 4512 USBAAPL - ok
21:56:52.0370 4512 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:56:52.0385 4512 usbaudio - ok
21:56:52.0385 4512 usbbus - ok
21:56:52.0416 4512 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:56:52.0416 4512 usbccgp - ok
21:56:52.0416 4512 UsbDiag - ok
21:56:52.0448 4512 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:56:52.0448 4512 usbehci - ok
21:56:52.0463 4512 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:56:52.0463 4512 usbhub - ok
21:56:52.0463 4512 USBModem - ok
21:56:52.0479 4512 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:56:52.0479 4512 usbohci - ok
21:56:52.0526 4512 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:56:52.0526 4512 usbprint - ok
21:56:52.0604 4512 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:56:52.0604 4512 usbscan - ok
21:56:52.0666 4512 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:56:52.0666 4512 USBSTOR - ok
21:56:52.0682 4512 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:56:52.0682 4512 usbvideo - ok
21:56:52.0729 4512 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:56:52.0729 4512 VgaSave - ok
21:56:52.0729 4512 ViaIde - ok
21:56:52.0745 4512 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:56:52.0745 4512 VolSnap - ok
21:56:52.0791 4512 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:56:52.0791 4512 Wanarp - ok
21:56:52.0838 4512 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:56:52.0838 4512 Wdf01000 - ok
21:56:52.0838 4512 WDICA - ok
21:56:52.0885 4512 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:56:52.0885 4512 wdmaud - ok
21:56:52.0963 4512 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:56:52.0963 4512 WpdUsb - ok
21:56:52.0979 4512 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:56:52.0979 4512 WS2IFSL - ok
21:56:53.0057 4512 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:56:53.0057 4512 WSTCODEC - ok
21:56:53.0104 4512 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:56:53.0104 4512 WudfPf - ok
21:56:53.0135 4512 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:56:53.0135 4512 WudfRd - ok
21:56:53.0166 4512 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:56:53.0229 4512 \Device\Harddisk0\DR0 - ok
21:56:53.0245 4512 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:56:53.0245 4512 \Device\Harddisk1\DR1 - ok
21:56:53.0245 4512 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR12
21:56:53.0245 4512 \Device\Harddisk6\DR12 - ok
21:56:53.0260 4512 Boot (0x1200) (c822c175fcf483444bdebb7cd76326d2) \Device\Harddisk0\DR0\Partition0
21:56:53.0260 4512 \Device\Harddisk0\DR0\Partition0 - ok
21:56:53.0260 4512 Boot (0x1200) (0aa1587dfb839d235bc0d06ca7d4589b) \Device\Harddisk1\DR1\Partition0
21:56:53.0260 4512 \Device\Harddisk1\DR1\Partition0 - ok
21:56:53.0260 4512 Boot (0x1200) (b8c5403b2d0709df4e0d403230e2fc3b) \Device\Harddisk6\DR12\Partition0
21:56:53.0276 4512 \Device\Harddisk6\DR12\Partition0 - ok
21:56:53.0276 4512 ============================================================
21:56:53.0276 4512 Scan finished
21:56:53.0276 4512 ============================================================
21:56:53.0276 2352 Detected object count: 0
21:56:53.0276 2352 Actual detected object count: 0
22:00:49.0776 2812 Deinitialize success





aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-18 08:25:46
-----------------------------
08:25:46.468 OS Version: Windows 5.1.2600 Service Pack 3
08:25:46.468 Number of processors: 2 586 0x4B02
08:25:46.468 ComputerName: USER-30DED2C6EC UserName: user
08:25:46.968 Initialize success
08:25:56.906 AVAST engine defs: 12021701
08:26:00.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e
08:26:00.125 Disk 0 Vendor: WDC_WD2500JS-60MHB5 10.02E04 Size: 238475MB BusType: 3
08:26:00.125 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006f
08:26:00.125 Disk 1 Vendor: WDC_WD2500JS-60MHB5 10.02E04 Size: 238475MB BusType: 3
08:26:00.187 Disk 0 MBR read successfully
08:26:00.187 Disk 0 MBR scan
08:26:00.281 Disk 0 Windows XP default MBR code
08:26:00.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
08:26:00.359 Disk 0 scanning sectors +488376000
08:26:00.437 Disk 0 scanning C:\WINDOWS\system32\drivers
08:26:14.234 Service scanning
08:26:15.703 Modules scanning
08:26:27.828 Disk 0 trace - called modules:
08:26:27.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
08:26:27.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f0cab8]
08:26:27.843 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000070[0x86f36608]
08:26:27.843 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\0000006e[0x86f0c030]
08:26:28.640 AVAST engine scan C:\WINDOWS
08:26:41.406 AVAST engine scan C:\WINDOWS\system32
08:30:06.140 AVAST engine scan C:\WINDOWS\system32\drivers
08:30:26.937 AVAST engine scan C:\Documents and Settings\user
09:49:50.687 AVAST engine scan C:\Documents and Settings\All Users
09:53:50.187 Scan finished successfully
11:07:14.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
11:07:14.984 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR-1.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 PM

Posted 18 February 2012 - 06:31 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 18 February 2012 - 09:03 PM

hey gringo,

seems that when the computer is on for awhile, firefox stops responding... don't know if that is related.

here is the cfscript/combofix log:

ComboFix 12-02-17.02 - user 02/18/2012 20:39:25.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.383 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
L:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-16 13:10 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:10 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-31 02:44 . 2012-01-31 13:11 -------- d-----w- c:\windows\system32\drivers\NIS\1207000.00D
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-10-08 12:01 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 20:42 . 2012-01-11 20:42 8192 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}\Icon84031A18.exe
2012-01-04 15:10 . 2011-06-25 14:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:13 . 2004-10-08 12:01 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2004-10-08 12:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2004-10-08 12:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2004-10-08 12:01 17408 ----a-w- c:\windows\system32\corpol.dll
2011-11-25 21:57 . 2004-10-08 12:01 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Disk Monitor"="c:\program files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe" [2003-06-18 466944]
"AGRSMMSG"="AGRSMMSG.exe" [2006-04-28 89542]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BYR_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2011-06-14 392280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\documents and settings\user\Application Data\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207000.00D\symds.sys [1/30/2012 9:44 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207000.00D\symefa.sys [1/30/2012 9:44 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2/15/2012 8:35 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207000.00D\ironx86.sys [1/30/2012 9:44 PM 136312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 1:35 PM 181544]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [1/30/2012 9:44 PM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/23/2011 5:46 PM 2253120]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [2/18/2012 8:06 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120217.003\IDSXpx86.sys [2/17/2012 8:17 PM 356280]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10/19/2009 10:08 PM 30560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2012 5:23 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2012 5:23 PM 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-18 22:23]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-18 22:23]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1788223648-682003330-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-12 23:33]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1788223648-682003330-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-12 23:33]
.
.
------- Supplementary Scan -------
.
uStart Page = https://online.bethpage.coop/Loans.aspx?acctID=8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/user/Application%20Data/Smilebox/OzDesktopImporter.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9vlkxjfq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Add to Amazon Wish List Button: amznUWL2@amazon.com - %profile%\extensions\amznUWL2@amazon.com
FF - Ext: 20-20 3D Viewer - IKEA: 2020Player_IKEA@2020Technologies.com - %profile%\extensions\2020Player_IKEA@2020Technologies.com
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_5_2
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-18 20:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-60MHB5 rev.10.02E04 -> Harddisk0\DR0 -> \Device\0000006f
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1788223648-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:ff,25,bc,95,16,9c,7a,11,1b,fd,69,23,e1,14,bf,dc,35,39,21,f0,bb,
1e,46,fb,35,85,97,e1,5a,da,2f,a5,2c,23,2b,08,95,1e,b0,51,09,84,bb,f6,ef,4f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Completion time: 2012-02-18 20:58:01
ComboFix-quarantined-files.txt 2012-02-19 01:57
ComboFix2.txt 2012-02-17 03:19
.
Pre-Run: 63,806,115,840 bytes free
Post-Run: 63,948,943,360 bytes free
.
- - End Of File - - C574EEC009A35A0BEA59410201A4E9D8

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 PM

Posted 18 February 2012 - 09:12 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.1
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 19 February 2012 - 12:02 AM

okay,

i will get to the next steps when i can, probably tomorrow.
don't know if it matters but CHKDSK ran again last time I started the computer

Tony

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:55 PM

Posted 19 February 2012 - 12:26 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 19 February 2012 - 12:08 PM

hello gringo,

no problems completing these steps.
Prompted to restart at some point, and run CHKDSK again, which I did.

restarted after completing the steps just to check out the start up speed...
it seems much improved.

this is a family computer so it has multiple usersa nd therefore multiple downloads/programs/stuff in the startup menu...
i would like to examine the start up menu and clean it up.
i am sure that this is in your plan... just sayin...

logs:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
user :: USER-30DED2C6EC [administrator]

2/19/2012 11:39:53 AM
mbam-log-2012-02-19 (11-39-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192933
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_XMLLookup (Hijacker.XMLLookup) -> Data: http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_intl (Hijacker.intl) -> Data: http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:01 AM, on 2/19/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.bethpage.coop/Loans.aspx?acctID=8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BYR_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} (AbImporter Class) - file:///C:/Documents%20and%20Settings/user/Application%20Data/Smilebox/OzDesktopImporter.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9277 bytes


thanks again for the assist




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users