Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.zeroaccess and happili redirect help


  • This topic is locked This topic is locked
22 replies to this topic

#1 4ntim4lw4re

4ntim4lw4re

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:35 AM

Posted 11 April 2012 - 09:52 AM

Hi,

I have a computer running XP. It was infected with rootkit.zeroaccess and I have ran multiple anti-malware programs to remove it. From what I can tell combofix removed the rootkit but I still have the happili redirects when I boot normally. I have ran combofix, malwarebytes & TDSSkiller. Any help that you can give me would be much appreciated.

Thanks for your time,
4ntim4lw4re

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 11 April 2012 - 04:57 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:35 AM

Posted 12 April 2012 - 12:56 PM

Here is the DDS and GMER log files

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13
Run by Clearwood at 18:00:25 on 2012-04-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.949 [GMT -4:00]
.
AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*
FW: Norton 360 *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.1.3\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Free Radio TV Toolbar: {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - c:\program files\free_radio_tv\prxtbFre0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: SocialRibbons LP2: {ae92e5de-20f7-9934-d515-7be13880a842} - c:\program files\socialribbons lp2\Toolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.1.3\coIEPlg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Free Radio TV Toolbar: {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - c:\program files\free_radio_tv\prxtbFre0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/chuzzle/popcaploader_v6.cab
TCP: DhcpNameServer = 168.95.1.1
TCP: Interfaces\{F507A79A-53D2-461E-840E-D5BBA73B679C} : DhcpNameServer = 168.95.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-4-4 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-4-4 744568]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-4-4 136312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-24 136176]
S2 N360;Norton 360;c:\program files\norton 360\engine\5.2.1.3\ccsvchst.exe [2012-4-4 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-20 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-24 136176]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120119.006\IDSXpx86.sys [2012-1-20 356280]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120119.035\NAVENG.SYS [2012-1-20 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120119.035\NAVEX15.SYS [2012-1-20 1576312]
.
=============== Created Last 30 ================
.
2012-04-11 02:14:07 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-11 01:56:58 -------- d-----w- C:\stdtsa
2012-04-11 01:55:06 -------- d-----w- c:\program files\Wise Registry Cleaner
2012-04-10 23:28:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 06:27:44 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-10 03:51:50 -------- d-----w- C:\found.001
2012-04-10 03:19:52 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2012-04-09 15:48:17 -------- d-sha-r- C:\cmdcons
2012-04-09 15:37:31 518144 ----a-w- c:\windows\SWREG.exe
2012-04-09 15:37:31 256000 ----a-w- c:\windows\PEV.exe
2012-04-09 15:37:31 208896 ----a-w- c:\windows\MBR.exe
2012-04-09 15:37:30 98816 ----a-w- c:\windows\sed.exe
2012-04-04 12:28:39 369784 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symtdi.sys
2012-04-04 12:28:39 331384 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symtdiv.sys
2012-04-04 12:28:38 744568 ----a-r- c:\windows\system32\drivers\n360\0502010.003\symefa.sys
2012-04-04 12:28:38 299640 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symnets.sys
2012-04-04 12:28:37 50168 ----a-r- c:\windows\system32\drivers\n360\0502010.003\srtspx.sys
2012-04-04 12:28:37 340088 ----a-r- c:\windows\system32\drivers\n360\0502010.003\symds.sys
2012-04-04 12:28:36 516216 ----a-r- c:\windows\system32\drivers\n360\0502010.003\srtsp.sys
2012-04-04 12:28:36 136312 ----a-r- c:\windows\system32\drivers\n360\0502010.003\ironx86.sys
2012-04-04 12:24:24 -------- d-----w- c:\windows\system32\drivers\n360\0502010.003
2012-03-28 12:48:22 -------- d-----w- C:\found.000
2012-03-14 11:27:22 -------- d-----w- C:\Remote Programs
2012-03-14 11:27:20 -------- d-----w- c:\documents and settings\all users\application data\Free Ride Games
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 14:40:46 1409 ----a-w- c:\windows\QTFont.for
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:00:42.62 ===============






GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-12 22:25:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JB-75GVC0 rev.08.02D08
Running: gmer.exe; Driver: C:\DOCUME~1\CLEARW~1\LOCALS~1\Temp\pglyapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



I can also attach the attach.txt file if needed from the DDS scan.

Thanks,
4ntim4lw4re

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 14 April 2012 - 12:15 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:35 AM

Posted 16 April 2012 - 09:23 AM

Gringo,

Thank you for your help. Here is the combofix log file.

ComboFix 12-04-10.01 - Clearwood 04/10/2012 21:42:49.6.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.1011 [GMT -4:00]
Running from: c:\documents and settings\Clearwood\Desktop\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-10 23:28 . 2012-04-10 23:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 06:27 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-10 03:51 . 2012-04-10 03:51 -------- d-----w- C:\found.001
2012-04-10 03:19 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2012-04-04 12:24 . 2012-04-04 15:15 -------- d-----w- c:\windows\system32\drivers\N360\0502010.003
2012-03-29 12:49 . 2012-03-29 12:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2012-03-28 12:48 . 2012-03-28 12:48 -------- d-----w- C:\found.000
2012-03-27 19:49 . 2012-03-27 19:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-27 19:28 . 2012-03-27 19:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2012-03-14 11:27 . 2012-03-15 10:44 -------- d-----w- C:\Remote Programs
2012-03-14 11:27 . 2012-03-14 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2012-03-13 16:26 . 2012-03-13 16:26 -------- d-----w- c:\program files\Club Penguin
2012-03-13 16:26 . 2012-03-13 16:26 -------- d-----w- c:\documents and settings\Clearwood\Local Settings\Application Data\I Want This
2012-03-13 16:26 . 2012-04-11 01:35 -------- d-----w- c:\program files\I Want This
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-12-30 15:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 14:40 . 2012-02-07 14:40 1409 ----a-w- c:\windows\QTFont.for
2012-02-03 09:22 . 2004-08-10 17:51 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-10_04.26.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-10 17:51 . 2012-04-10 21:43 72160 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2012-04-10 03:59 72160 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2012-04-10 21:43 442894 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2012-04-10 03:59 442894 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Free_Radio_TV\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE92E5DE-20F7-9934-D515-7BE13880A842}]
2011-07-21 15:26 1534976 ----a-w- c:\program files\SocialRibbons LP2\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}"= "c:\program files\Free_Radio_TV\prxtbFre0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9DBB9AEB-5A16-4989-A66F-C0F1C909D647}"= "c:\program files\Free_Radio_TV\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-19 98304]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-04-04 1082440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"dplaysvr"="c:\documents and settings\Clearwood\Application Data\dplaysvr.exe" [BU]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 -c--a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-06 00:19 77824 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-11-05 18:34 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-06 00:22 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 00:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-06 00:23 114688 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-04-19 14:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-04-19 14:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SocialRibbons LP2\\TroubleShooter.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\symds.sys [4/4/2012 8:28 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\symefa.sys [4/4/2012 8:28 AM 744568]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 10:25 PM 820344]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\ironx86.sys [4/4/2012 8:28 AM 136312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2012 10:41 AM 136176]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.1.3\ccsvchst.exe [4/4/2012 8:26 AM 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/20/2012 8:51 AM 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2012 10:41 AM 136176]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120119.006\IDSXpx86.sys [1/20/2012 8:52 AM 356280]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 59550679
*Deregistered* - 59550679
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
z525mdm
MTsensor
mssql$microsoftsmlbiz
wceusbsh
sr_service
w810bus
aiclient
emupia
zfdwm
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-24 14:41]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-24 14:41]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 168.95.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-10 21:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
Completion time: 2012-04-10 21:52:10
ComboFix-quarantined-files.txt 2012-04-11 01:52
ComboFix2.txt 2012-04-10 23:12
ComboFix3.txt 2012-04-10 22:25
ComboFix4.txt 2012-04-10 21:51
ComboFix5.txt 2012-04-11 01:40
.
Pre-Run: 98,600,042,496 bytes free
Post-Run: 98,658,066,432 bytes free
.
- - End Of File - - 91181FDAE815CA23125ABFAA137E9B3C


The problems from the begining were slowness and pop ups. After running combofix I was receiving the happili redirect when booting normally. While booting to safe mode I do not have problems with the redirect and the system seems to run at normal speeds. At this point when I run Malwarebytes it does find malicious files everytime. This is where the computer is now. If I boot normally the computer freezes up doing normal tasks and has the happili redirect.

Thank you for all your help. I look forward to your response.

4ntim4lw4re

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 16 April 2012 - 06:22 PM

Greetings


I would like you to check all the browsers that are installed on the computer and let me know which ones are redirecting

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:35 AM

Posted 17 April 2012 - 05:30 PM

The only browser being used is ie7.

Here are the Log files:

TDSSKiller:

17:30:50.0171 0824 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
17:30:50.0937 0824 ============================================================
17:30:50.0937 0824 Current date / time: 2012/04/17 17:30:50.0937
17:30:50.0937 0824 SystemInfo:
17:30:50.0937 0824
17:30:50.0937 0824 OS Version: 5.1.2600 ServicePack: 3.0
17:30:50.0937 0824 Product type: Workstation
17:30:50.0937 0824 ComputerName: D71MVT91
17:30:50.0937 0824 UserName: Clearwood
17:30:50.0937 0824 Windows directory: C:\WINDOWS
17:30:50.0937 0824 System windows directory: C:\WINDOWS
17:30:50.0937 0824 Processor architecture: Intel x86
17:30:50.0937 0824 Number of processors: 1
17:30:50.0937 0824 Page size: 0x1000
17:30:50.0937 0824 Boot type: Safe boot with network
17:30:50.0937 0824 ============================================================
17:30:52.0375 0824 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:30:52.0375 0824 \Device\Harddisk0\DR0:
17:30:52.0375 0824 MBR used
17:30:52.0375 0824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xD92C09F
17:30:52.0375 0824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD93FA64, BlocksNum 0x4A466F0
17:30:52.0453 0824 Initialize success
17:30:52.0453 0824 ============================================================
17:31:05.0875 2028 ============================================================
17:31:05.0875 2028 Scan started
17:31:05.0875 2028 Mode: Manual;
17:31:05.0875 2028 ============================================================
17:31:07.0281 2028 Abiosdsk - ok
17:31:07.0359 2028 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:31:07.0359 2028 abp480n5 - ok
17:31:07.0421 2028 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:31:07.0421 2028 ACPI - ok
17:31:07.0484 2028 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:31:07.0484 2028 ACPIEC - ok
17:31:07.0531 2028 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:31:07.0531 2028 adpu160m - ok
17:31:07.0578 2028 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:31:07.0593 2028 aec - ok
17:31:07.0656 2028 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:31:07.0671 2028 AFD - ok
17:31:07.0718 2028 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:31:07.0718 2028 agp440 - ok
17:31:07.0750 2028 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:31:07.0750 2028 agpCPQ - ok
17:31:07.0796 2028 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:31:07.0796 2028 Aha154x - ok
17:31:07.0828 2028 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:31:07.0828 2028 aic78u2 - ok
17:31:07.0859 2028 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:31:07.0859 2028 aic78xx - ok
17:31:07.0921 2028 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:31:07.0921 2028 Alerter - ok
17:31:07.0968 2028 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:31:07.0984 2028 ALG - ok
17:31:08.0031 2028 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:31:08.0031 2028 AliIde - ok
17:31:08.0078 2028 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:31:08.0078 2028 alim1541 - ok
17:31:08.0109 2028 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:31:08.0109 2028 amdagp - ok
17:31:08.0156 2028 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:31:08.0156 2028 amsint - ok
17:31:08.0218 2028 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:31:08.0218 2028 asc - ok
17:31:08.0250 2028 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:31:08.0265 2028 asc3350p - ok
17:31:08.0296 2028 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:31:08.0296 2028 asc3550 - ok
17:31:08.0359 2028 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
17:31:08.0359 2028 ASCTRM - ok
17:31:08.0515 2028 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:31:08.0531 2028 aspnet_state - ok
17:31:08.0578 2028 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:31:08.0578 2028 AsyncMac - ok
17:31:08.0640 2028 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:31:08.0640 2028 atapi - ok
17:31:08.0671 2028 Atdisk - ok
17:31:08.0718 2028 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:31:08.0718 2028 Atmarpc - ok
17:31:08.0781 2028 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:31:08.0781 2028 AudioSrv - ok
17:31:08.0828 2028 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:31:08.0828 2028 audstub - ok
17:31:08.0875 2028 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:31:08.0875 2028 Beep - ok
17:31:09.0109 2028 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
17:31:09.0171 2028 BHDrvx86 - ok
17:31:09.0265 2028 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:31:09.0281 2028 BITS - ok
17:31:09.0359 2028 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:31:09.0359 2028 Browser - ok
17:31:09.0421 2028 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:31:09.0421 2028 cbidf - ok
17:31:09.0468 2028 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:31:09.0468 2028 cbidf2k - ok
17:31:09.0500 2028 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:31:09.0500 2028 cd20xrnt - ok
17:31:09.0562 2028 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:31:09.0562 2028 Cdaudio - ok
17:31:09.0625 2028 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:31:09.0625 2028 Cdfs - ok
17:31:09.0656 2028 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:31:09.0656 2028 Cdrom - ok
17:31:09.0718 2028 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:31:09.0718 2028 CiSvc - ok
17:31:09.0750 2028 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:31:09.0765 2028 ClipSrv - ok
17:31:09.0890 2028 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:31:09.0890 2028 clr_optimization_v2.0.50727_32 - ok
17:31:09.0953 2028 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:31:09.0953 2028 CmdIde - ok
17:31:09.0984 2028 COMSysApp - ok
17:31:10.0046 2028 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:31:10.0046 2028 Cpqarray - ok
17:31:10.0093 2028 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:31:10.0093 2028 CryptSvc - ok
17:31:10.0171 2028 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:31:10.0171 2028 dac2w2k - ok
17:31:10.0250 2028 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:31:10.0250 2028 dac960nt - ok
17:31:10.0312 2028 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:31:10.0328 2028 DcomLaunch - ok
17:31:10.0406 2028 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:31:10.0406 2028 Dhcp - ok
17:31:10.0453 2028 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:31:10.0453 2028 Disk - ok
17:31:10.0500 2028 dmadmin - ok
17:31:10.0578 2028 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:31:10.0593 2028 dmboot - ok
17:31:10.0656 2028 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:31:10.0671 2028 dmio - ok
17:31:10.0750 2028 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:31:10.0750 2028 dmload - ok
17:31:10.0812 2028 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:31:10.0812 2028 dmserver - ok
17:31:10.0859 2028 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:31:10.0875 2028 DMusic - ok
17:31:10.0937 2028 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:31:10.0937 2028 Dnscache - ok
17:31:11.0015 2028 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:31:11.0015 2028 Dot3svc - ok
17:31:11.0062 2028 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:31:11.0062 2028 dpti2o - ok
17:31:11.0093 2028 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:31:11.0093 2028 drmkaud - ok
17:31:11.0156 2028 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:31:11.0156 2028 E100B - ok
17:31:11.0187 2028 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:31:11.0187 2028 EapHost - ok
17:31:11.0328 2028 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:31:11.0343 2028 eeCtrl - ok
17:31:11.0390 2028 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:31:11.0390 2028 EraserUtilRebootDrv - ok
17:31:11.0453 2028 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:31:11.0453 2028 ERSvc - ok
17:31:11.0531 2028 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:31:11.0531 2028 Eventlog - ok
17:31:11.0593 2028 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:31:11.0609 2028 EventSystem - ok
17:31:11.0718 2028 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:31:11.0718 2028 Fastfat - ok
17:31:11.0781 2028 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:31:11.0796 2028 FastUserSwitchingCompatibility - ok
17:31:11.0843 2028 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:31:11.0843 2028 Fdc - ok
17:31:11.0890 2028 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:31:11.0890 2028 Fips - ok
17:31:11.0953 2028 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:31:11.0953 2028 Flpydisk - ok
17:31:12.0015 2028 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:31:12.0015 2028 FltMgr - ok
17:31:12.0171 2028 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:31:12.0171 2028 FontCache3.0.0.0 - ok
17:31:12.0281 2028 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:31:12.0281 2028 Fs_Rec - ok
17:31:12.0343 2028 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:31:12.0359 2028 Ftdisk - ok
17:31:12.0453 2028 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:31:12.0453 2028 GEARAspiWDM - ok
17:31:12.0531 2028 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:31:12.0531 2028 Gpc - ok
17:31:12.0671 2028 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:31:12.0671 2028 gupdate - ok
17:31:12.0703 2028 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:31:12.0703 2028 gupdatem - ok
17:31:12.0765 2028 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:31:12.0781 2028 gusvc - ok
17:31:12.0890 2028 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:31:12.0890 2028 helpsvc - ok
17:31:12.0921 2028 HidServ - ok
17:31:13.0000 2028 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:31:13.0000 2028 HidUsb - ok
17:31:13.0078 2028 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:31:13.0093 2028 hkmsvc - ok
17:31:13.0156 2028 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:31:13.0156 2028 hpn - ok
17:31:13.0250 2028 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:31:13.0250 2028 HPZid412 - ok
17:31:13.0312 2028 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:31:13.0312 2028 HPZipr12 - ok
17:31:13.0375 2028 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:31:13.0375 2028 HPZius12 - ok
17:31:13.0468 2028 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:31:13.0468 2028 HTTP - ok
17:31:13.0546 2028 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:31:13.0546 2028 HTTPFilter - ok
17:31:13.0640 2028 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:31:13.0640 2028 i2omgmt - ok
17:31:13.0703 2028 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:31:13.0703 2028 i2omp - ok
17:31:13.0750 2028 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:31:13.0750 2028 i8042prt - ok
17:31:13.0828 2028 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:31:13.0859 2028 ialm - ok
17:31:14.0031 2028 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:31:14.0062 2028 idsvc - ok
17:31:14.0328 2028 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120119.006\IDSxpx86.sys
17:31:14.0343 2028 IDSxpx86 - ok
17:31:14.0515 2028 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:31:14.0515 2028 Imapi - ok
17:31:14.0593 2028 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:31:14.0593 2028 ImapiService - ok
17:31:14.0656 2028 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:31:14.0656 2028 ini910u - ok
17:31:14.0718 2028 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:31:14.0718 2028 IntelIde - ok
17:31:14.0781 2028 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:31:14.0781 2028 intelppm - ok
17:31:14.0828 2028 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:31:14.0828 2028 Ip6Fw - ok
17:31:14.0875 2028 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:31:14.0875 2028 IpFilterDriver - ok
17:31:14.0953 2028 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:31:14.0953 2028 IpInIp - ok
17:31:15.0015 2028 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:31:15.0015 2028 IpNat - ok
17:31:15.0046 2028 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:31:15.0062 2028 IPSec - ok
17:31:15.0109 2028 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:31:15.0109 2028 IRENUM - ok
17:31:15.0156 2028 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:31:15.0156 2028 isapnp - ok
17:31:15.0328 2028 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
17:31:15.0328 2028 JavaQuickStarterService - ok
17:31:15.0390 2028 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:31:15.0390 2028 Kbdclass - ok
17:31:15.0437 2028 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:31:15.0437 2028 kbdhid - ok
17:31:15.0484 2028 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:31:15.0500 2028 kmixer - ok
17:31:15.0562 2028 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:31:15.0562 2028 KSecDD - ok
17:31:15.0625 2028 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:31:15.0625 2028 lanmanserver - ok
17:31:15.0703 2028 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:31:15.0703 2028 lanmanworkstation - ok
17:31:15.0796 2028 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:31:15.0812 2028 LmHosts - ok
17:31:15.0921 2028 McciCMService (a4225ba7b4ee5b8cdf8a808858dba437) C:\Program Files\Common Files\Motive\McciCMService.exe
17:31:15.0953 2028 McciCMService - ok
17:31:16.0015 2028 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:31:16.0015 2028 Messenger - ok
17:31:16.0062 2028 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:31:16.0062 2028 mnmdd - ok
17:31:16.0140 2028 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:31:16.0140 2028 mnmsrvc - ok
17:31:16.0203 2028 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:31:16.0203 2028 Modem - ok
17:31:16.0265 2028 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:31:16.0265 2028 Mouclass - ok
17:31:16.0343 2028 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:31:16.0343 2028 mouhid - ok
17:31:16.0375 2028 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:31:16.0390 2028 MountMgr - ok
17:31:16.0421 2028 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:31:16.0421 2028 mraid35x - ok
17:31:16.0468 2028 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:31:16.0484 2028 MRxDAV - ok
17:31:16.0562 2028 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:31:16.0562 2028 MRxSmb - ok
17:31:16.0625 2028 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:31:16.0625 2028 MSDTC - ok
17:31:16.0687 2028 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:31:16.0687 2028 Msfs - ok
17:31:16.0718 2028 MSIServer - ok
17:31:16.0781 2028 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:31:16.0781 2028 MSKSSRV - ok
17:31:16.0812 2028 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:31:16.0812 2028 MSPCLOCK - ok
17:31:16.0875 2028 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:31:16.0875 2028 MSPQM - ok
17:31:16.0937 2028 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:31:16.0937 2028 mssmbios - ok
17:31:16.0984 2028 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:31:16.0984 2028 Mup - ok
17:31:17.0125 2028 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
17:31:17.0140 2028 N360 - ok
17:31:17.0218 2028 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:31:17.0218 2028 napagent - ok
17:31:17.0500 2028 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120119.035\NAVENG.SYS
17:31:17.0515 2028 NAVENG - ok
17:31:17.0625 2028 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120119.035\NAVEX15.SYS
17:31:17.0703 2028 NAVEX15 - ok
17:31:17.0828 2028 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:31:17.0828 2028 NDIS - ok
17:31:17.0875 2028 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:31:17.0875 2028 NdisTapi - ok
17:31:17.0953 2028 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:31:17.0953 2028 Ndisuio - ok
17:31:17.0984 2028 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:31:17.0984 2028 NdisWan - ok
17:31:18.0046 2028 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:31:18.0046 2028 NDProxy - ok
17:31:18.0078 2028 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:31:18.0078 2028 NetBIOS - ok
17:31:18.0140 2028 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:31:18.0156 2028 NetBT - ok
17:31:18.0218 2028 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:31:18.0218 2028 NetDDE - ok
17:31:18.0250 2028 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:31:18.0250 2028 NetDDEdsdm - ok
17:31:18.0312 2028 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:18.0312 2028 Netlogon - ok
17:31:18.0359 2028 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:31:18.0359 2028 Netman - ok
17:31:18.0515 2028 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
17:31:18.0531 2028 NetSvc - ok
17:31:18.0656 2028 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:31:18.0656 2028 NetTcpPortSharing - ok
17:31:18.0750 2028 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:31:18.0750 2028 Nla - ok
17:31:18.0890 2028 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:31:18.0890 2028 Npfs - ok
17:31:18.0968 2028 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:31:18.0968 2028 Ntfs - ok
17:31:19.0046 2028 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:19.0046 2028 NtLmSsp - ok
17:31:19.0140 2028 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:31:19.0156 2028 NtmsSvc - ok
17:31:19.0218 2028 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:31:19.0218 2028 Null - ok
17:31:19.0343 2028 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:31:19.0390 2028 nv - ok
17:31:19.0468 2028 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:31:19.0468 2028 NwlnkFlt - ok
17:31:19.0515 2028 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:31:19.0515 2028 NwlnkFwd - ok
17:31:19.0578 2028 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:31:19.0578 2028 Parport - ok
17:31:19.0609 2028 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:31:19.0609 2028 PartMgr - ok
17:31:19.0671 2028 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:31:19.0671 2028 ParVdm - ok
17:31:19.0703 2028 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:31:19.0703 2028 PCI - ok
17:31:19.0734 2028 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:31:19.0734 2028 PCIIde - ok
17:31:19.0765 2028 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:31:19.0765 2028 Pcmcia - ok
17:31:19.0812 2028 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:31:19.0812 2028 perc2 - ok
17:31:19.0859 2028 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:31:19.0859 2028 perc2hib - ok
17:31:19.0968 2028 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:31:19.0968 2028 PlugPlay - ok
17:31:20.0046 2028 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
17:31:20.0062 2028 Pml Driver HPZ12 - ok
17:31:20.0125 2028 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:20.0125 2028 PolicyAgent - ok
17:31:20.0203 2028 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:31:20.0203 2028 PptpMiniport - ok
17:31:20.0218 2028 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:20.0218 2028 ProtectedStorage - ok
17:31:20.0265 2028 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:31:20.0265 2028 PSched - ok
17:31:20.0281 2028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:31:20.0281 2028 Ptilink - ok
17:31:20.0359 2028 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:31:20.0359 2028 PxHelp20 - ok
17:31:20.0406 2028 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:31:20.0406 2028 ql1080 - ok
17:31:20.0453 2028 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:31:20.0453 2028 Ql10wnt - ok
17:31:20.0484 2028 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:31:20.0484 2028 ql12160 - ok
17:31:20.0500 2028 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:31:20.0515 2028 ql1240 - ok
17:31:20.0562 2028 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:31:20.0562 2028 ql1280 - ok
17:31:20.0609 2028 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:31:20.0609 2028 RasAcd - ok
17:31:20.0671 2028 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:31:20.0671 2028 RasAuto - ok
17:31:20.0718 2028 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:31:20.0718 2028 Rasl2tp - ok
17:31:20.0796 2028 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:31:20.0796 2028 RasMan - ok
17:31:20.0843 2028 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:31:20.0859 2028 RasPppoe - ok
17:31:20.0890 2028 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:31:20.0890 2028 Raspti - ok
17:31:20.0906 2028 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:31:20.0921 2028 Rdbss - ok
17:31:20.0937 2028 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:31:20.0937 2028 RDPCDD - ok
17:31:21.0015 2028 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:31:21.0015 2028 rdpdr - ok
17:31:21.0140 2028 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:31:21.0140 2028 RDPWD - ok
17:31:21.0203 2028 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:31:21.0203 2028 RDSessMgr - ok
17:31:21.0250 2028 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:31:21.0250 2028 redbook - ok
17:31:21.0312 2028 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:31:21.0312 2028 RemoteAccess - ok
17:31:21.0359 2028 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:31:21.0375 2028 RpcLocator - ok
17:31:21.0437 2028 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:31:21.0453 2028 RpcSs - ok
17:31:21.0515 2028 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:31:21.0515 2028 RSVP - ok
17:31:21.0578 2028 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:21.0578 2028 SamSs - ok
17:31:21.0640 2028 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:31:21.0640 2028 SCardSvr - ok
17:31:21.0687 2028 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:31:21.0703 2028 Schedule - ok
17:31:21.0859 2028 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:31:21.0875 2028 SeaPort - ok
17:31:21.0984 2028 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:31:21.0984 2028 Secdrv - ok
17:31:22.0031 2028 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:31:22.0031 2028 seclogon - ok
17:31:22.0140 2028 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
17:31:22.0156 2028 senfilt - ok
17:31:22.0218 2028 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:31:22.0218 2028 SENS - ok
17:31:22.0265 2028 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:31:22.0265 2028 serenum - ok
17:31:22.0296 2028 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:31:22.0312 2028 Serial - ok
17:31:22.0375 2028 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:31:22.0375 2028 Sfloppy - ok
17:31:22.0453 2028 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:31:22.0468 2028 SharedAccess - ok
17:31:22.0546 2028 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:31:22.0546 2028 ShellHWDetection - ok
17:31:22.0593 2028 Simbad - ok
17:31:22.0640 2028 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:31:22.0640 2028 sisagp - ok
17:31:22.0718 2028 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
17:31:22.0718 2028 smwdm - ok
17:31:22.0843 2028 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
17:31:22.0843 2028 Sony SCSI Helper Service - ok
17:31:22.0890 2028 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:31:22.0890 2028 Sparrow - ok
17:31:22.0968 2028 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:31:22.0968 2028 splitter - ok
17:31:23.0031 2028 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:31:23.0031 2028 Spooler - ok
17:31:23.0125 2028 SQLWriter (54902536aad0e9b99bc65f89c0caf93f) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:31:23.0140 2028 SQLWriter - ok
17:31:23.0203 2028 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:31:23.0203 2028 sr - ok
17:31:23.0265 2028 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:31:23.0265 2028 srservice - ok
17:31:23.0375 2028 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502010.003\SRTSP.SYS
17:31:23.0390 2028 SRTSP - ok
17:31:23.0453 2028 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502010.003\SRTSPX.SYS
17:31:23.0453 2028 SRTSPX - ok
17:31:23.0531 2028 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:31:23.0531 2028 Srv - ok
17:31:23.0593 2028 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:31:23.0593 2028 SSDPSRV - ok
17:31:23.0671 2028 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:31:23.0687 2028 stisvc - ok
17:31:23.0796 2028 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:31:23.0796 2028 swenum - ok
17:31:23.0859 2028 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:31:23.0859 2028 swmidi - ok
17:31:23.0890 2028 SwPrv - ok
17:31:23.0968 2028 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:31:23.0968 2028 symc810 - ok
17:31:24.0015 2028 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:31:24.0015 2028 symc8xx - ok
17:31:24.0109 2028 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMDS.SYS
17:31:24.0109 2028 SymDS - ok
17:31:24.0218 2028 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMEFA.SYS
17:31:24.0234 2028 SymEFA - ok
17:31:24.0312 2028 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:31:24.0328 2028 SymEvent - ok
17:31:24.0390 2028 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502010.003\Ironx86.SYS
17:31:24.0390 2028 SymIRON - ok
17:31:24.0453 2028 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502010.003\SYMTDI.SYS
17:31:24.0468 2028 SYMTDI - ok
17:31:24.0515 2028 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:31:24.0515 2028 sym_hi - ok
17:31:24.0562 2028 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:31:24.0562 2028 sym_u3 - ok
17:31:24.0609 2028 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:31:24.0609 2028 sysaudio - ok
17:31:24.0687 2028 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:31:24.0687 2028 SysmonLog - ok
17:31:24.0750 2028 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:31:24.0765 2028 TapiSrv - ok
17:31:24.0843 2028 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:31:24.0859 2028 Tcpip - ok
17:31:24.0921 2028 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:31:24.0921 2028 TDPIPE - ok
17:31:24.0968 2028 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:31:24.0968 2028 TDTCP - ok
17:31:25.0015 2028 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:31:25.0015 2028 TermDD - ok
17:31:25.0062 2028 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:31:25.0062 2028 TermService - ok
17:31:25.0140 2028 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:31:25.0140 2028 Themes - ok
17:31:25.0234 2028 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:31:25.0234 2028 TosIde - ok
17:31:25.0296 2028 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:31:25.0312 2028 TrkWks - ok
17:31:25.0375 2028 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:31:25.0375 2028 Udfs - ok
17:31:25.0421 2028 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:31:25.0421 2028 ultra - ok
17:31:25.0500 2028 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:31:25.0500 2028 Update - ok
17:31:25.0562 2028 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:31:25.0562 2028 upnphost - ok
17:31:25.0625 2028 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:31:25.0625 2028 UPS - ok
17:31:25.0703 2028 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:31:25.0718 2028 usbccgp - ok
17:31:25.0750 2028 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:31:25.0750 2028 usbehci - ok
17:31:25.0781 2028 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:31:25.0781 2028 usbhub - ok
17:31:25.0843 2028 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:31:25.0843 2028 usbprint - ok
17:31:25.0875 2028 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:31:25.0875 2028 usbscan - ok
17:31:25.0937 2028 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:31:25.0937 2028 USBSTOR - ok
17:31:25.0968 2028 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:31:25.0968 2028 usbuhci - ok
17:31:26.0015 2028 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:31:26.0015 2028 VgaSave - ok
17:31:26.0062 2028 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:31:26.0078 2028 viaagp - ok
17:31:26.0156 2028 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:31:26.0156 2028 ViaIde - ok
17:31:26.0218 2028 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:31:26.0218 2028 VolSnap - ok
17:31:26.0312 2028 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:31:26.0328 2028 VSS - ok
17:31:26.0406 2028 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:31:26.0406 2028 Wanarp - ok
17:31:26.0453 2028 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:31:26.0453 2028 wdmaud - ok
17:31:26.0500 2028 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:31:26.0500 2028 WebClient - ok
17:31:26.0593 2028 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:31:26.0609 2028 winmgmt - ok
17:31:26.0687 2028 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:31:26.0703 2028 WmdmPmSN - ok
17:31:26.0765 2028 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:31:26.0765 2028 WmiApSrv - ok
17:31:26.0921 2028 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:31:26.0953 2028 WMPNetworkSvc - ok
17:31:27.0078 2028 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:31:27.0078 2028 WS2IFSL - ok
17:31:27.0171 2028 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:31:27.0187 2028 wscsvc - ok
17:31:27.0218 2028 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:31:27.0218 2028 wuauserv - ok
17:31:27.0281 2028 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:31:27.0296 2028 WudfPf - ok
17:31:27.0328 2028 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:31:27.0328 2028 WudfSvc - ok
17:31:27.0421 2028 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:31:27.0421 2028 WZCSVC - ok
17:31:27.0500 2028 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:31:27.0500 2028 xmlprov - ok
17:31:27.0609 2028 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:31:27.0625 2028 YahooAUService - ok
17:31:27.0671 2028 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
17:31:27.0703 2028 \Device\Harddisk0\DR0 - ok
17:31:27.0765 2028 Boot (0x1200) (81d89c934a505dd40a50882596c32eb4) \Device\Harddisk0\DR0\Partition0
17:31:27.0765 2028 \Device\Harddisk0\DR0\Partition0 - ok
17:31:27.0812 2028 Boot (0x1200) (b2e01886bf7fae38956368085dc46619) \Device\Harddisk0\DR0\Partition1
17:31:27.0812 2028 \Device\Harddisk0\DR0\Partition1 - ok
17:31:27.0828 2028 ============================================================
17:31:27.0828 2028 Scan finished
17:31:27.0828 2028 ============================================================
17:31:27.0859 1748 Detected object count: 0
17:31:27.0859 1748 Actual detected object count: 0


aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 17:33:03
-----------------------------
17:33:03.406 OS Version: Windows 5.1.2600 Service Pack 3
17:33:03.406 Number of processors: 1 586 0x401
17:33:03.406 ComputerName: D71MVT91 UserName:
17:33:03.703 Initialize success
17:35:07.531 AVAST engine defs: 12041700
17:35:13.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:35:13.187 Disk 0 Vendor: WDC_WD1600JB-75GVC0 08.02D08 Size: 152587MB BusType: 3
17:35:13.265 Disk 0 MBR read successfully
17:35:13.281 Disk 0 MBR scan
17:35:13.296 Disk 0 unknown MBR code
17:35:13.296 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:35:13.359 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 111192 MB offset 80325
17:35:13.437 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 38028 MB offset 227801700
17:35:13.500 Disk 0 Partition 4 00 DB CP/M / CTOS MSWIN4.1 3325 MB offset 305684820
17:35:13.500 Disk 0 scanning sectors +312496380
17:35:13.843 Disk 0 scanning C:\WINDOWS\system32\drivers
17:36:15.843 Service scanning
17:36:33.546 Modules scanning
17:38:03.718 Disk 0 trace - called modules:
17:38:03.812 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:38:03.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a1e7ab8]
17:38:03.859 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a24dd98]
17:38:04.250 AVAST engine scan C:\WINDOWS
17:39:57.390 AVAST engine scan C:\WINDOWS\system32
17:52:35.968 AVAST engine scan C:\WINDOWS\system32\drivers
17:54:24.890 AVAST engine scan C:\Documents and Settings\Clearwood
18:01:16.671 File: C:\Documents and Settings\Clearwood\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf.dll **INFECTED** Win32:Adware-gen [Adw]
18:01:17.015 File: C:\Documents and Settings\Clearwood\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf2.dll **INFECTED** Win32:Adware-gen [Adw]
18:01:17.296 File: C:\Documents and Settings\Clearwood\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf3.dll **INFECTED** Win32:Adware-gen [Adw]
18:15:38.953 AVAST engine scan C:\Documents and Settings\All Users
18:26:59.765 Scan finished successfully
04:03:28.796 Disk 0 MBR has been saved successfully to "F:\ClientPCs\MBR.dat"
04:03:28.812 The log file has been saved successfully to "F:\ClientPCs\aswMBR.txt"




Thank You,
4ntim4lw4re

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 17 April 2012 - 07:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files\ConduitEngine
c:\program files\Free_Radio_TV
c:\program files\SocialRibbons LP2

SecCenter::
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:35 AM

Posted 18 April 2012 - 07:26 AM

Gringo,

Here is the combofix log file:

ComboFix 12-04-10.01 - Clearwood 04/18/2012 17:28:27.7.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.780 [GMT -4:00]
Running from: c:\documents and settings\Clearwood\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Clearwood\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngin0.dll
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\Free_Radio_TV
c:\program files\Free_Radio_TV\Free_Radio_TVToolbarHelper.exe
c:\program files\Free_Radio_TV\Free_Radio_TVToolbarHelper1.exe
c:\program files\Free_Radio_TV\INSTALL.LOG
c:\program files\Free_Radio_TV\ldrtbFre0.dll
c:\program files\Free_Radio_TV\prxtbFre0.dll
c:\program files\Free_Radio_TV\tbFre0.dll
c:\program files\Free_Radio_TV\tbFre1.dll
c:\program files\Free_Radio_TV\tbFree.dll
c:\program files\Free_Radio_TV\toolbar.cfg
c:\program files\Free_Radio_TV\uninstall.exe
c:\program files\Free_Radio_TV\UNWISE.EXE
c:\program files\SocialRibbons LP2
c:\program files\SocialRibbons LP2\aboutTabs.7.js
c:\program files\SocialRibbons LP2\aboutTabs.8.js
c:\program files\SocialRibbons LP2\audio.bmp
c:\program files\SocialRibbons LP2\banner_container.html
c:\program files\SocialRibbons LP2\bookmark_off.bmp
c:\program files\SocialRibbons LP2\bookmark_on.bmp
c:\program files\SocialRibbons LP2\bookmarksplugin.dll
c:\program files\SocialRibbons LP2\bubble_permissions.html
c:\program files\SocialRibbons LP2\build
c:\program files\SocialRibbons LP2\caching_banner.html
c:\program files\SocialRibbons LP2\chevron.bmp
c:\program files\SocialRibbons LP2\component.xsl
c:\program files\SocialRibbons LP2\default.xml
c:\program files\SocialRibbons LP2\efolder.bmp
c:\program files\SocialRibbons LP2\email.bmp
c:\program files\SocialRibbons LP2\email2.bmp
c:\program files\SocialRibbons LP2\emailchecker_plugin.dll
c:\program files\SocialRibbons LP2\facebook.feature
c:\program files\SocialRibbons LP2\fbrss.xsl
c:\program files\SocialRibbons LP2\ff.xsl
c:\program files\SocialRibbons LP2\folder.bmp
c:\program files\SocialRibbons LP2\Helper.dll
c:\program files\SocialRibbons LP2\icons.bmp
c:\program files\SocialRibbons LP2\iefavelem.bmp
c:\program files\SocialRibbons LP2\images\amazon.bmp
c:\program files\SocialRibbons LP2\images\ebay.bmp
c:\program files\SocialRibbons LP2\images\email.bmp
c:\program files\SocialRibbons LP2\images\email2.bmp
c:\program files\SocialRibbons LP2\images\msgbox\down.gif
c:\program files\SocialRibbons LP2\images\msgbox\hr.bmp
c:\program files\SocialRibbons LP2\images\msgbox\mark.png
c:\program files\SocialRibbons LP2\images\msgbox\mark_na.png
c:\program files\SocialRibbons LP2\images\msgbox\navbg.bmp
c:\program files\SocialRibbons LP2\images\ticker\left.gif
c:\program files\SocialRibbons LP2\images\ticker\right.gif
c:\program files\SocialRibbons LP2\images\weather\0.bmp
c:\program files\SocialRibbons LP2\images\weather\1.bmp
c:\program files\SocialRibbons LP2\images\weather\10.bmp
c:\program files\SocialRibbons LP2\images\weather\11.bmp
c:\program files\SocialRibbons LP2\images\weather\12.bmp
c:\program files\SocialRibbons LP2\images\weather\14.bmp
c:\program files\SocialRibbons LP2\images\weather\41.bmp
c:\program files\SocialRibbons LP2\images\weather\42.bmp
c:\program files\SocialRibbons LP2\images\weather\43.bmp
c:\program files\SocialRibbons LP2\images\weather\44.bmp
c:\program files\SocialRibbons LP2\images\weather\45.bmp
c:\program files\SocialRibbons LP2\images\weather\46.bmp
c:\program files\SocialRibbons LP2\images\weather\47.bmp
c:\program files\SocialRibbons LP2\images\weather\5.bmp
c:\program files\SocialRibbons LP2\images\weather\6.bmp
c:\program files\SocialRibbons LP2\images\weather\7.bmp
c:\program files\SocialRibbons LP2\images\weather\8.bmp
c:\program files\SocialRibbons LP2\images\weather\9.bmp
c:\program files\SocialRibbons LP2\images\weather\hr.bmp
c:\program files\SocialRibbons LP2\images\weather\na.bmp
c:\program files\SocialRibbons LP2\images\weather\png\0.png
c:\program files\SocialRibbons LP2\images\weather\png\1.png
c:\program files\SocialRibbons LP2\images\weather\png\10.png
c:\program files\SocialRibbons LP2\images\weather\png\11.png
c:\program files\SocialRibbons LP2\images\weather\png\12.png
c:\program files\SocialRibbons LP2\images\weather\png\13.png
c:\program files\SocialRibbons LP2\images\weather\png\14.png
c:\program files\SocialRibbons LP2\images\weather\png\15.png
c:\program files\SocialRibbons LP2\images\weather\png\16.png
c:\program files\SocialRibbons LP2\images\weather\png\17.png
c:\program files\SocialRibbons LP2\images\weather\png\18.png
c:\program files\SocialRibbons LP2\images\weather\png\19.png
c:\program files\SocialRibbons LP2\images\weather\png\2.png
c:\program files\SocialRibbons LP2\images\weather\png\20.png
c:\program files\SocialRibbons LP2\images\weather\png\21.png
c:\program files\SocialRibbons LP2\images\weather\png\22.png
c:\program files\SocialRibbons LP2\images\weather\png\23.png
c:\program files\SocialRibbons LP2\images\weather\png\24.png
c:\program files\SocialRibbons LP2\images\weather\png\25.png
c:\program files\SocialRibbons LP2\images\weather\png\26.png
c:\program files\SocialRibbons LP2\images\weather\png\27.png
c:\program files\SocialRibbons LP2\images\weather\png\28.png
c:\program files\SocialRibbons LP2\images\weather\png\29.png
c:\program files\SocialRibbons LP2\images\weather\png\3.png
c:\program files\SocialRibbons LP2\images\weather\png\30.png
c:\program files\SocialRibbons LP2\images\weather\png\31.png
c:\program files\SocialRibbons LP2\images\weather\png\32.png
c:\program files\SocialRibbons LP2\images\weather\png\33.png
c:\program files\SocialRibbons LP2\images\weather\png\34.png
c:\program files\SocialRibbons LP2\images\weather\png\35.png
c:\program files\SocialRibbons LP2\images\weather\png\36.png
c:\program files\SocialRibbons LP2\images\weather\png\37.png
c:\program files\SocialRibbons LP2\images\weather\png\38.png
c:\program files\SocialRibbons LP2\images\weather\png\39.png
c:\program files\SocialRibbons LP2\images\weather\png\4.png
c:\program files\SocialRibbons LP2\images\weather\png\40.png
c:\program files\SocialRibbons LP2\images\weather\png\41.png
c:\program files\SocialRibbons LP2\images\weather\png\42.png
c:\program files\SocialRibbons LP2\images\weather\png\43.png
c:\program files\SocialRibbons LP2\images\weather\png\44.png
c:\program files\SocialRibbons LP2\images\weather\png\45.png
c:\program files\SocialRibbons LP2\images\weather\png\46.png
c:\program files\SocialRibbons LP2\images\weather\png\47.png
c:\program files\SocialRibbons LP2\images\weather\png\5.png
c:\program files\SocialRibbons LP2\images\weather\png\6.png
c:\program files\SocialRibbons LP2\images\weather\png\7.png
c:\program files\SocialRibbons LP2\images\weather\png\8.png
c:\program files\SocialRibbons LP2\images\weather\png\9.png
c:\program files\SocialRibbons LP2\images\weather\png\na.png
c:\program files\SocialRibbons LP2\images\weather\png\Thumbs.db
c:\program files\SocialRibbons LP2\images\wikipedia.bmp
c:\program files\SocialRibbons LP2\images\yahoo.bmp
c:\program files\SocialRibbons LP2\localization.xml
c:\program files\SocialRibbons LP2\location.xsl
c:\program files\SocialRibbons LP2\magglass.ico
c:\program files\SocialRibbons LP2\manage_bookmarks.html
c:\program files\SocialRibbons LP2\marquee.html
c:\program files\SocialRibbons LP2\marquee_permissions.html
c:\program files\SocialRibbons LP2\messaging.bmp
c:\program files\SocialRibbons LP2\minus.bmp
c:\program files\SocialRibbons LP2\msgbox_bubble.tmpl
c:\program files\SocialRibbons LP2\msgbox_openmsg.tmpl
c:\program files\SocialRibbons LP2\msgboxplugin.dll
c:\program files\SocialRibbons LP2\offline.html
c:\program files\SocialRibbons LP2\patch.bat
c:\program files\SocialRibbons LP2\plus.bmp
c:\program files\SocialRibbons LP2\podcast.bmp
c:\program files\SocialRibbons LP2\podcast.xsl
c:\program files\SocialRibbons LP2\radio.bmp
c:\program files\SocialRibbons LP2\RadioPlugin.dll
c:\program files\SocialRibbons LP2\resize.bmp
c:\program files\SocialRibbons LP2\rssfeed.bmp
c:\program files\SocialRibbons LP2\RSSReader_plugin.dll
c:\program files\SocialRibbons LP2\search.xsl
c:\program files\SocialRibbons LP2\SearchComponent.dll
c:\program files\SocialRibbons LP2\settings
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_dropdwn_down.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_dropdwn_over.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_dropdwn_up.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_max_down.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_max_over.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_max_up.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_min_down.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_min_over.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_min_up.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_pause_down.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_pause_over.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_pause_up.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_play_down.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_play_over.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_play_up.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_playcntrl_over.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_playcntrl_up.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_stop_down.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_stop_over.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_stop_up.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_volcntrl_over.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\btn_volcntrl_up.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\Equalizer1.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\Equalizer2.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\Equalizer3.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\Equalizer4.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\Equalizer5.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\Equalizer6.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\playcntrl_bg.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\radio.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\radio_mask.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\radio_minimalized.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\radio_minimalized_mask.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\station.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\vol_01.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\vol_02.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\vol_03.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\volslide_bg.bmp
c:\program files\SocialRibbons LP2\skins\radio\gray03\volslide_track.bmp
c:\program files\SocialRibbons LP2\star_on.gif
c:\program files\SocialRibbons LP2\ticker.html
c:\program files\SocialRibbons LP2\Toolbar.dll
c:\program files\SocialRibbons LP2\TroubleShooter.exe
c:\program files\SocialRibbons LP2\Uninst.exe
c:\program files\SocialRibbons LP2\update_progress.html
c:\program files\SocialRibbons LP2\version.txt
c:\program files\SocialRibbons LP2\version.xsl
c:\program files\SocialRibbons LP2\weather_bubble.tmpl
c:\program files\SocialRibbons LP2\weatherplugin.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-11 02:14 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-11 01:56 . 2012-04-11 01:57 -------- d-----w- C:\stdtsa
2012-04-11 01:55 . 2012-04-11 01:56 -------- d-----w- c:\program files\Wise Registry Cleaner
2012-04-10 23:28 . 2012-04-10 23:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 06:27 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-10 03:51 . 2012-04-10 03:51 -------- d-----w- C:\found.001
2012-04-10 03:19 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2012-04-04 12:24 . 2012-04-04 15:15 -------- d-----w- c:\windows\system32\drivers\N360\0502010.003
2012-03-29 12:49 . 2012-03-29 12:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2012-03-28 12:48 . 2012-03-28 12:48 -------- d-----w- C:\found.000
2012-03-27 19:49 . 2012-03-27 19:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-27 19:28 . 2012-03-27 19:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-12-30 15:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 14:40 . 2012-02-07 14:40 1409 ----a-w- c:\windows\QTFont.for
2012-02-03 09:22 . 2004-08-10 17:51 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-19 98304]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"dplaysvr"="c:\documents and settings\Clearwood\Application Data\dplaysvr.exe" [BU]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 -c--a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-06 00:19 77824 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-11-05 18:34 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-06 00:22 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 00:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-06 00:23 114688 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-04-19 14:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-04-19 14:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\symds.sys [4/4/2012 8:28 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\symefa.sys [4/4/2012 8:28 AM 744568]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 10:25 PM 820344]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\ironx86.sys [4/4/2012 8:28 AM 136312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2012 10:41 AM 136176]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.1.3\ccsvchst.exe [4/4/2012 8:26 AM 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/20/2012 8:51 AM 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2012 10:41 AM 136176]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120119.006\IDSXpx86.sys [1/20/2012 8:52 AM 356280]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
z525mdm
MTsensor
mssql$microsoftsmlbiz
wceusbsh
sr_service
w810bus
aiclient
emupia
zfdwm
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-24 14:41]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-24 14:41]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 168.95.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - c:\program files\Free_Radio_TV\prxtbFre0.dll
BHO-{AE92E5DE-20F7-9934-D515-7BE13880A842} - c:\program files\SocialRibbons LP2\Toolbar.dll
Toolbar-{9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - c:\program files\Free_Radio_TV\prxtbFre0.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
WebBrowser-{9DBB9AEB-5A16-4989-A66F-C0F1C909D647} - c:\program files\Free_Radio_TV\prxtbFre0.dll
HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Free_Radio_TV Toolbar - c:\program files\Free_Radio_TV\uninstall.exe
AddRemove-SocialRibbons LP2 - c:\program files\SocialRibbons LP2\Uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-18 17:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1000)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-04-18 17:40:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 21:39
ComboFix2.txt 2012-04-11 01:52
ComboFix3.txt 2012-04-10 23:12
ComboFix4.txt 2012-04-10 22:25
ComboFix5.txt 2012-04-18 21:27
.
Pre-Run: 98,408,927,232 bytes free
Post-Run: 98,572,472,320 bytes free
.
- - End Of File - - A73D7522E7CBF297191B2DD2C19C0798




The computer seems to still be running slow while booted normally into windows. I tried to open explorer to test the redirects and it would not load a page and was unresponsive. I hit ctrl-alt-del so that I could end the program but do not get the task manager. The icon shows up in the system tray but it never comes up on screen. If I hit ctrl-alt-del again it just shows two of the task manager icons in the system tray but does not show the task manager window itself. After several minutes the task manager does come up but web pages still do not load. Opening other programs or folders seem to move much quicker.


Thanks,
4ntim4lw4re

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 18 April 2012 - 07:56 AM

Hello


I want you to reset ie and see if it behaves any better - http://support.microsoft.com/kb/923737 - click on the fixit button



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:35 AM

Posted 19 April 2012 - 08:02 AM

Gringo,

After resetting ie7 pages seem to load fine. I am not seeing any troubles at this time. Is there anything else that I should check?

Thanks,
4ntim4lw4re

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 19 April 2012 - 08:32 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:35 AM

Posted 19 April 2012 - 11:57 AM

Here is the combofix additional text doc.

6300
6300_Help
6300Trb
7 Wonders II
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
Adobe Shockwave Player 11.6
AiO_Scan_CDA
AiOSoftwareNPI
Allupdate
AXIS Media Control Embedded
BufferChm
Build-a-lot 2: Town of the Year
CD-R BACKUP PLAYER J2K
Compatibility Pack for the 2007 Office system
Conduit Engine
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
DealRunner 1.25
Dell Driver Reset Tool
Dell Support 3.1
Dell System Restore
Destinations
DeviceManagementQFolder
Digital Content Portal
DocProc
DocProcQFolder
DocumentViewer
eSupportQFolder
Excel Invoice Manager 2.8.1012
FAS for Peachtree
Fax_CDA
Free_Radio_TV Toolbar
Freeze.com NetAssistant
FullDPAppQFolder
GearDrvs
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
hp deskjet 3820 series (Remove only)
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
Insider Tales: Vanished in Rome
InstallMgr
InstantShareAlert
InstantShareDevices
InstantShareDevicesMFC
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Itibiti RTC
Java™ 6 Update 20
Java™ SE Runtime Environment 6 Update 1
LivingPlay
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.61.0.1400
manual
MarketResearch
MCU
MFC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Small Business
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
NetAssistant
Network Printer Driver for MFX-2030/1430 F-560/520
NewCopy_CDA
Norton 360
OCR Software by I.R.I.S 7.0
PanoStandAlone
PeachTree Signature Ready Forms
PhotoGallery
PriceGong 2.5.0
ProductContextNPI
PRS-500 USB driver
QBFC3.0
Qualxserve Service Agreement
QuickTime
RandMap
Reader Library by Sony
Readme
RealPlayer Basic
Remote_J2K
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SkinsHP1
SlideShow
SocialRibbons LP2
SolutionCenter
Sonic Update Manager
Sonic_PrimoSDK
Status
swMSM
The Treasures of Montezuma
Toolbox
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC_MergeModuleToMSI
Verizon Online Help and Support
WebFldrs XP
WebReg
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Wise Registry Cleaner 5.9.1
WordPerfect Office 12
Yahoo! Software Update
Yahoo! Toolbar


4ntim4lw4re

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 19 April 2012 - 12:09 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1.3
Conduit Engine
Java™ 6 Update 20
Java™ SE Runtime Environment 6 Update 1
PriceGong 2.5.0
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:35 AM

Posted 19 April 2012 - 03:19 PM

Gringo,

I followed your directions and had no problems other than installing adobe reader. I tried three times and kept getting a "download timeout" error message. Other than that things seem fine.

Here are the log files:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.19.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Clearwood :: D71MVT91 [administrator]

4/20/2012 1:46:44 AM
mbam-log-2012-04-20 (01-46-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206360
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:53:35 AM, on 4/20/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17109)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Gmer (sthda) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7168 bytes


Thanks,
4nitm4lw4re




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users