Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus? Effecting Flash Player


  • This topic is locked This topic is locked
30 replies to this topic

#1 OpenWaterEric

OpenWaterEric

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 22 June 2012 - 06:27 PM

I can't pin-point when it happened, but recently (last couple of weeks) whenever I play a video on Youtube or listen to Pandora, I get a horrible audio stutter every second or so. I've tried reinstalling flash, updating video drivers, playing with the virtual memmory, installing an older version of Flash, but nothing seems to fix the problem. I'm out of ideas, but I thought that I might have a virus of some kind that eating away at my CPUs performance, causing the buffering in the videos and audio to cause the stutter. Anyway, I don't know what's going on, but I was hoping the folks here could help me out. Attached are my various logs, let me know what you think. Thanks!

---Log---
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Eric at 13:47:34 on 2012-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1302 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://75.21.35.38/Citrix/ICAWEB/wfica.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197319157046
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://rww.condorcountry.com/Remote/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 66.60.130.158
TCP: Interfaces\{BDF88FE8-F12B-44B4-A099-91521DCE36AD} : DhcpNameServer = 66.60.130.158
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-5-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-5-17 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-18 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-5-17 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-5-17 149624]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-5-17 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-6-22 1262400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-1 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120618.004\IDSXpx86.sys [2012-6-14 369632]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\virusdefs\20120622.005\NAVENG.SYS [2012-6-22 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\virusdefs\20120622.005\NAVEX15.SYS [2012-6-22 1589752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-31 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-31 136176]
.
=============== Created Last 30 ================
.
2012-06-22 20:25:49 -------- d-----w- c:\documents and settings\eric\local settings\application data\Sun
2012-06-22 20:11:19 -------- d-----w- c:\program files\Oracle
2012-06-22 20:10:49 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-22 17:11:09 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2012-06-22 17:07:28 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-22 17:07:14 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-06-22 17:07:14 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-22 17:07:14 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-06-22 17:04:34 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-06-22 17:04:34 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-06-22 17:04:32 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-06-22 17:04:32 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-06-22 17:04:20 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-06-22 17:03:49 -------- d-----w- c:\program files\NVIDIA Corporation
2012-06-22 16:45:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 16:45:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-21 16:57:38 -------- d-----w- c:\documents and settings\eric\local settings\application data\Deployment
2012-06-21 16:19:51 -------- d-----w- c:\windows\system32\Adobe
2012-06-20 04:43:36 -------- d-----w- c:\program files\ieSpell
2012-06-14 01:19:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 02:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 02:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-11 06:12:09 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-11 06:12:09 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 06:28:38 388216 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdi.sys
2012-03-29 06:28:38 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys
2012-03-29 06:28:37 345208 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys
2012-03-29 06:28:30 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys
2012-03-29 06:06:25 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys
2012-03-29 06:03:27 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys
2012-03-29 06:03:27 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys
2007-12-16 19:32:32 1045476 ----a-w- c:\program files\get_product.asp
.
============= FINISH: 13:48:13.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:24 AM

Posted 23 June 2012 - 07:27 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 OpenWaterEric

OpenWaterEric
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 23 June 2012 - 11:11 AM

Thank you for your help. Below are the logs that were produced by combofix and Security Check. No problems running either program. The issues with Youtube and Pandora are still there, but maybe not quite so bad, but certainly still very noticeable. More information.....I did a speed check, and my internet is downloading at about 10-13 Mps, so I don't think it's an internet speed issue. Thank you for your help.
.
Security Check log----
Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.1
Java™ 6 Update 30
Java™ 7 Update 5
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````



ComboFix Log
ComboFix 12-06-23.05 - Eric 06/23/2012 8:49.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1329 [GMT -7:00]
Running from: c:\documents and settings\Eric\Desktop\Virus\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Eric\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-22 20:25 . 2012-06-22 20:25 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Sun
2012-06-22 20:12 . 2012-06-22 20:12 -------- d-----w- c:\program files\Common Files\Java
2012-06-22 20:11 . 2012-06-22 20:11 -------- d-----w- c:\program files\Oracle
2012-06-22 20:11 . 2012-06-22 20:11 -------- d-----w- c:\documents and settings\Eric\Application Data\Oracle
2012-06-22 20:10 . 2012-05-05 02:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-22 17:11 . 2012-06-22 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-06-22 17:10 . 2012-06-22 17:10 -------- d-----w- c:\documents and settings\UpdatusUser
2012-06-22 17:07 . 2012-05-15 10:18 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-22 17:07 . 2012-06-22 17:07 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-22 17:07 . 2012-06-22 17:07 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-06-22 17:07 . 2012-06-22 17:07 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-06-22 17:04 . 2012-05-15 10:18 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-06-22 17:04 . 2012-05-15 10:18 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-06-22 17:04 . 2012-05-15 10:18 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-06-22 17:04 . 2012-05-15 10:18 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-06-22 17:04 . 2012-05-15 10:18 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-06-22 17:03 . 2012-06-22 17:11 -------- d-----w- c:\program files\NVIDIA Corporation
2012-06-22 16:59 . 2012-06-22 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2012-06-22 16:45 . 2012-06-22 20:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 16:45 . 2012-06-22 20:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-21 16:57 . 2012-06-21 16:58 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Deployment
2012-06-21 16:19 . 2012-06-21 16:47 -------- d-----w- c:\windows\system32\Adobe
2012-06-20 04:43 . 2012-06-20 04:43 -------- d-----w- c:\program files\ieSpell
2012-06-14 01:19 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2007-12-10 20:41 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-12-10 20:41 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2007-12-10 19:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2007-12-10 19:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2007-12-10 19:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-12-10 20:41 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2007-12-10 20:41 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2007-12-10 19:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2007-12-10 19:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-04 07:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-12-10 20:41 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2007-12-10 19:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2007-12-10 19:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2010-08-23 16:43 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2010-08-23 16:43 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2010-08-23 16:43 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 07:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-04 06:17 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 10:18 . 2009-01-07 03:29 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2009-01-07 03:29 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2008-10-07 21:33 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2008-08-27 22:26 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18 . 2008-08-27 22:26 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 09:40 . 2009-01-07 03:30 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2009-01-07 03:31 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2009-01-07 03:29 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2009-01-07 03:30 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2009-01-07 03:29 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 02:29 . 2011-12-29 17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 02:29 . 2010-07-19 02:24 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:12 . 2004-08-04 06:20 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2007-12-10 19:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-11 06:12 . 2009-12-19 03:03 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-11 06:12 . 2009-12-19 03:03 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-04 22:56 . 2009-04-03 05:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 06:28 . 2012-05-18 01:33 388216 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\symtdi.sys
2012-03-29 06:28 . 2012-05-18 01:33 318584 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\symnets.sys
2012-03-29 06:28 . 2012-05-18 01:33 345208 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\symtdiv.sys
2012-03-29 06:28 . 2012-05-18 01:33 905336 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\symefa.sys
2012-03-29 06:06 . 2012-05-18 01:33 149624 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys
2012-03-29 06:03 . 2012-05-18 01:33 574072 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\srtsp.sys
2012-03-29 06:03 . 2012-05-18 01:33 32888 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\srtspx.sys
2007-12-16 19:32 . 2007-12-16 19:32 1045476 ----a-w- c:\program files\get_product.asp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 07:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-07 02:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-04-04 22:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 21:33 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\symds.sys [5/17/2012 6:33 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\symefa.sys [5/17/2012 6:33 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 5:01 PM 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccsetx86.sys [5/17/2012 6:33 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys [5/17/2012 6:33 PM 149624]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [5/17/2012 6:32 PM 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [6/22/2012 10:10 AM 1262400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2012 3:08 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120622.001\IDSXpx86.sys [6/22/2012 3:43 PM 369632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2011 10:24 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2011 10:24 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pfkdqfoc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 17:24]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 17:24]
.
2012-06-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 66.60.130.158
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 08:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-484061587-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:57,5d,6e,93,d9,86,1f,e7,d1,fb,65,2a,26,2a,e1,02,5b,06,11,19,3e,
3d,e2,22,33,a8,0f,d5,b2,0b,f7,6e,b4,95,4c,4b,d0,79,ec,c4,e7,c7,6e,0f,07,b6,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1632)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
Completion time: 2012-06-23 09:04:45
ComboFix-quarantined-files.txt 2012-06-23 16:04
ComboFix2.txt 2011-12-28 18:24
.
Pre-Run: 17,612,226,560 bytes free
Post-Run: 17,987,551,232 bytes free
.
- - End Of File - - 1E83DF408483DEB825D1528E480B8284

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:24 AM

Posted 23 June 2012 - 11:21 AM

Greetings


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do




I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 OpenWaterEric

OpenWaterEric
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 23 June 2012 - 03:03 PM

Ok, here are the logs....The aswMBR crashed the first time I tried to run it and the line it was on had Adobe in it....if that helps.

TDSKiller
10:35:30.0625 1320 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
10:35:31.0640 1320 ============================================================
10:35:31.0640 1320 Current date / time: 2012/06/23 10:35:31.0640
10:35:31.0640 1320 SystemInfo:
10:35:31.0640 1320
10:35:31.0640 1320 OS Version: 5.1.2600 ServicePack: 3.0
10:35:31.0640 1320 Product type: Workstation
10:35:31.0640 1320 ComputerName: USER-5AA566B46F
10:35:31.0640 1320 UserName: Eric
10:35:31.0640 1320 Windows directory: C:\WINDOWS
10:35:31.0640 1320 System windows directory: C:\WINDOWS
10:35:31.0640 1320 Processor architecture: Intel x86
10:35:31.0640 1320 Number of processors: 1
10:35:31.0640 1320 Page size: 0x1000
10:35:31.0640 1320 Boot type: Normal boot
10:35:31.0640 1320 ============================================================
10:35:34.0546 1320 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:35:34.0546 1320 ============================================================
10:35:34.0546 1320 \Device\Harddisk0\DR0:
10:35:34.0546 1320 MBR partitions:
10:35:34.0546 1320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
10:35:34.0546 1320 ============================================================
10:35:34.0609 1320 C: <-> \Device\Harddisk0\DR0\Partition0
10:35:34.0609 1320 ============================================================
10:35:34.0609 1320 Initialize success
10:35:34.0609 1320 ============================================================
10:35:37.0765 0932 ============================================================
10:35:37.0765 0932 Scan started
10:35:37.0765 0932 Mode: Manual;
10:35:37.0765 0932 ============================================================
10:35:40.0140 0932 Abiosdsk - ok
10:35:40.0156 0932 abp480n5 - ok
10:35:40.0265 0932 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:35:40.0328 0932 ACPI - ok
10:35:40.0375 0932 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:35:40.0375 0932 ACPIEC - ok
10:35:40.0390 0932 adpu160m - ok
10:35:40.0500 0932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:35:40.0500 0932 aec - ok
10:35:40.0609 0932 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:35:40.0718 0932 AFD - ok
10:35:40.0734 0932 Aha154x - ok
10:35:40.0750 0932 aic78u2 - ok
10:35:40.0750 0932 aic78xx - ok
10:35:40.0812 0932 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:35:40.0828 0932 Alerter - ok
10:35:40.0859 0932 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:35:40.0875 0932 ALG - ok
10:35:40.0875 0932 AliIde - ok
10:35:40.0890 0932 amsint - ok
10:35:41.0093 0932 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:35:41.0093 0932 Apple Mobile Device - ok
10:35:41.0187 0932 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:35:41.0187 0932 AppMgmt - ok
10:35:41.0203 0932 asc - ok
10:35:41.0218 0932 asc3350p - ok
10:35:41.0218 0932 asc3550 - ok
10:35:41.0453 0932 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:35:41.0453 0932 aspnet_state - ok
10:35:41.0515 0932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:35:41.0515 0932 AsyncMac - ok
10:35:41.0593 0932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:35:41.0593 0932 atapi - ok
10:35:41.0593 0932 Atdisk - ok
10:35:41.0656 0932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:35:41.0671 0932 Atmarpc - ok
10:35:41.0750 0932 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:35:41.0750 0932 AudioSrv - ok
10:35:41.0828 0932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:35:41.0828 0932 audstub - ok
10:35:41.0906 0932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:35:41.0906 0932 Beep - ok
10:35:42.0390 0932 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
10:35:42.0640 0932 BHDrvx86 - ok
10:35:42.0875 0932 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:35:42.0890 0932 BITS - ok
10:35:43.0203 0932 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:35:43.0312 0932 Bonjour Service - ok
10:35:43.0375 0932 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:35:43.0375 0932 Browser - ok
10:35:43.0546 0932 catchme - ok
10:35:43.0671 0932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:35:43.0671 0932 cbidf2k - ok
10:35:43.0828 0932 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys
10:35:43.0875 0932 ccSet_NIS - ok
10:35:43.0875 0932 cd20xrnt - ok
10:35:43.0953 0932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:35:43.0953 0932 Cdaudio - ok
10:35:44.0062 0932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:35:44.0078 0932 Cdfs - ok
10:35:44.0109 0932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:35:44.0125 0932 Cdrom - ok
10:35:44.0140 0932 Changer - ok
10:35:44.0187 0932 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:35:44.0187 0932 CiSvc - ok
10:35:44.0234 0932 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:35:44.0234 0932 ClipSrv - ok
10:35:44.0421 0932 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:35:44.0421 0932 clr_optimization_v2.0.50727_32 - ok
10:35:44.0437 0932 CmdIde - ok
10:35:44.0453 0932 COMSysApp - ok
10:35:44.0484 0932 Cpqarray - ok
10:35:44.0687 0932 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:35:44.0687 0932 CryptSvc - ok
10:35:44.0781 0932 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
10:35:44.0828 0932 ctsfm2k - ok
10:35:44.0828 0932 dac2w2k - ok
10:35:44.0843 0932 dac960nt - ok
10:35:45.0046 0932 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:35:45.0046 0932 DcomLaunch - ok
10:35:45.0140 0932 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:35:45.0187 0932 Dhcp - ok
10:35:45.0218 0932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:35:45.0234 0932 Disk - ok
10:35:45.0250 0932 dmadmin - ok
10:35:45.0687 0932 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:35:45.0953 0932 dmboot - ok
10:35:46.0046 0932 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:35:46.0093 0932 dmio - ok
10:35:46.0140 0932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:35:46.0140 0932 dmload - ok
10:35:46.0203 0932 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:35:46.0203 0932 dmserver - ok
10:35:46.0250 0932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:35:46.0265 0932 DMusic - ok
10:35:46.0343 0932 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:35:46.0343 0932 Dnscache - ok
10:35:46.0437 0932 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:35:46.0453 0932 Dot3svc - ok
10:35:46.0468 0932 dpti2o - ok
10:35:46.0515 0932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:35:46.0515 0932 drmkaud - ok
10:35:46.0750 0932 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:35:46.0828 0932 E100B - ok
10:35:46.0921 0932 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:35:46.0921 0932 EapHost - ok
10:35:47.0234 0932 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:35:47.0234 0932 eeCtrl - ok
10:35:47.0312 0932 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:35:47.0343 0932 EraserUtilRebootDrv - ok
10:35:47.0406 0932 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:35:47.0406 0932 ERSvc - ok
10:35:47.0500 0932 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:35:47.0515 0932 Eventlog - ok
10:35:47.0656 0932 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:35:47.0671 0932 EventSystem - ok
10:35:47.0875 0932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:35:47.0937 0932 Fastfat - ok
10:35:48.0031 0932 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:35:48.0031 0932 FastUserSwitchingCompatibility - ok
10:35:48.0062 0932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:35:48.0062 0932 Fdc - ok
10:35:48.0140 0932 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:35:48.0140 0932 Fips - ok
10:35:48.0156 0932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:35:48.0156 0932 Flpydisk - ok
10:35:48.0218 0932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:35:48.0265 0932 FltMgr - ok
10:35:48.0484 0932 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:35:48.0500 0932 FontCache3.0.0.0 - ok
10:35:48.0562 0932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:35:48.0562 0932 Fs_Rec - ok
10:35:48.0625 0932 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:35:48.0656 0932 Ftdisk - ok
10:35:48.0718 0932 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:35:48.0718 0932 GEARAspiWDM - ok
10:35:48.0765 0932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:35:48.0765 0932 Gpc - ok
10:35:49.0093 0932 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:35:49.0140 0932 gupdate - ok
10:35:49.0140 0932 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:35:49.0140 0932 gupdatem - ok
10:35:49.0250 0932 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:35:49.0250 0932 helpsvc - ok
10:35:49.0312 0932 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:35:49.0312 0932 HidServ - ok
10:35:49.0375 0932 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:35:49.0375 0932 hidusb - ok
10:35:49.0453 0932 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:35:49.0484 0932 hkmsvc - ok
10:35:49.0484 0932 hpn - ok
10:35:49.0546 0932 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:35:49.0578 0932 HPZid412 - ok
10:35:49.0609 0932 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:35:49.0609 0932 HPZipr12 - ok
10:35:49.0640 0932 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:35:49.0640 0932 HPZius12 - ok
10:35:49.0781 0932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:35:49.0984 0932 HTTP - ok
10:35:50.0046 0932 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:35:50.0046 0932 HTTPFilter - ok
10:35:50.0046 0932 i2omgmt - ok
10:35:50.0062 0932 i2omp - ok
10:35:50.0109 0932 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:35:50.0125 0932 i8042prt - ok
10:35:50.0640 0932 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:35:51.0203 0932 ialm - ok
10:35:51.0406 0932 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:35:51.0406 0932 IDriverT - ok
10:35:52.0125 0932 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:35:52.0390 0932 idsvc - ok
10:35:52.0671 0932 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120622.001\IDSxpx86.sys
10:35:52.0671 0932 IDSxpx86 - ok
10:35:52.0953 0932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:35:52.0968 0932 Imapi - ok
10:35:53.0187 0932 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:35:53.0265 0932 ImapiService - ok
10:35:53.0281 0932 ini910u - ok
10:35:53.0765 0932 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
10:35:54.0281 0932 IntelC51 - ok
10:35:54.0531 0932 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
10:35:54.0734 0932 IntelC52 - ok
10:35:54.0765 0932 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
10:35:54.0796 0932 IntelC53 - ok
10:35:54.0843 0932 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:35:54.0843 0932 IntelIde - ok
10:35:54.0875 0932 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:35:54.0875 0932 intelppm - ok
10:35:54.0921 0932 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:35:54.0921 0932 Ip6Fw - ok
10:35:54.0968 0932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:35:54.0984 0932 IpFilterDriver - ok
10:35:55.0046 0932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:35:55.0046 0932 IpInIp - ok
10:35:55.0140 0932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:35:55.0187 0932 IpNat - ok
10:35:55.0796 0932 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
10:35:56.0015 0932 iPod Service - ok
10:35:56.0078 0932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:35:56.0078 0932 IPSec - ok
10:35:56.0109 0932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:35:56.0109 0932 IRENUM - ok
10:35:56.0187 0932 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:35:56.0187 0932 isapnp - ok
10:35:56.0562 0932 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
10:35:56.0625 0932 JavaQuickStarterService - ok
10:35:56.0656 0932 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:35:56.0656 0932 Kbdclass - ok
10:35:56.0671 0932 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:35:56.0671 0932 kbdhid - ok
10:35:56.0750 0932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:35:56.0750 0932 kmixer - ok
10:35:56.0859 0932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:35:56.0875 0932 KSecDD - ok
10:35:56.0953 0932 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:35:56.0953 0932 lanmanserver - ok
10:35:57.0046 0932 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:35:57.0078 0932 lanmanworkstation - ok
10:35:57.0078 0932 lbrtfdc - ok
10:35:57.0156 0932 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:35:57.0156 0932 LmHosts - ok
10:35:57.0203 0932 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:35:57.0203 0932 Messenger - ok
10:35:57.0375 0932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:35:57.0375 0932 mnmdd - ok
10:35:57.0453 0932 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:35:57.0453 0932 mnmsrvc - ok
10:35:57.0531 0932 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:35:57.0531 0932 Modem - ok
10:35:57.0609 0932 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:35:57.0609 0932 MODEMCSA - ok
10:35:57.0640 0932 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
10:35:57.0640 0932 mohfilt - ok
10:35:57.0703 0932 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:35:57.0703 0932 Mouclass - ok
10:35:57.0765 0932 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:35:57.0765 0932 mouhid - ok
10:35:57.0921 0932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:35:57.0937 0932 MountMgr - ok
10:35:57.0937 0932 mraid35x - ok
10:35:58.0046 0932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:35:58.0109 0932 MRxDAV - ok
10:35:58.0687 0932 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:35:58.0906 0932 MRxSmb - ok
10:35:59.0015 0932 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:35:59.0031 0932 MSDTC - ok
10:35:59.0109 0932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:35:59.0109 0932 Msfs - ok
10:35:59.0125 0932 MSIServer - ok
10:35:59.0203 0932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:35:59.0203 0932 MSKSSRV - ok
10:35:59.0437 0932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:35:59.0437 0932 MSPCLOCK - ok
10:35:59.0562 0932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:35:59.0562 0932 MSPQM - ok
10:35:59.0796 0932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:35:59.0796 0932 mssmbios - ok
10:36:00.0015 0932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:36:00.0046 0932 Mup - ok
10:36:00.0781 0932 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:36:00.0828 0932 napagent - ok
10:36:01.0296 0932 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120622.033\NAVENG.SYS
10:36:01.0312 0932 NAVENG - ok
10:36:02.0937 0932 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120622.033\NAVEX15.SYS
10:36:02.0953 0932 NAVEX15 - ok
10:36:04.0000 0932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:36:04.0015 0932 NDIS - ok
10:36:04.0062 0932 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:36:04.0062 0932 NdisTapi - ok
10:36:04.0109 0932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:36:04.0125 0932 Ndisuio - ok
10:36:04.0156 0932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:36:04.0187 0932 NdisWan - ok
10:36:04.0265 0932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:36:04.0265 0932 NDProxy - ok
10:36:04.0296 0932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:36:04.0312 0932 NetBIOS - ok
10:36:04.0421 0932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:36:04.0578 0932 NetBT - ok
10:36:04.0687 0932 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:36:04.0718 0932 NetDDE - ok
10:36:04.0718 0932 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:36:04.0734 0932 NetDDEdsdm - ok
10:36:04.0796 0932 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:36:04.0796 0932 Netlogon - ok
10:36:04.0890 0932 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:36:04.0890 0932 Netman - ok
10:36:05.0140 0932 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:36:05.0171 0932 NetTcpPortSharing - ok
10:36:05.0390 0932 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
10:36:05.0390 0932 NIS - ok
10:36:05.0718 0932 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:36:05.0718 0932 Nla - ok
10:36:05.0765 0932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:36:05.0781 0932 Npfs - ok
10:36:06.0031 0932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:36:06.0031 0932 Ntfs - ok
10:36:06.0093 0932 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:36:06.0093 0932 NtLmSsp - ok
10:36:06.0281 0932 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:36:06.0281 0932 NtmsSvc - ok
10:36:06.0343 0932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:36:06.0343 0932 Null - ok
10:36:12.0484 0932 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:36:12.0609 0932 nv - ok
10:36:13.0359 0932 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe
10:36:13.0359 0932 NVSvc - ok
10:36:13.0937 0932 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:36:14.0531 0932 nvUpdatusService - ok
10:36:14.0968 0932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:36:14.0984 0932 NwlnkFlt - ok
10:36:15.0015 0932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:36:15.0015 0932 NwlnkFwd - ok
10:36:15.0171 0932 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:36:15.0187 0932 ose - ok
10:36:15.0546 0932 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
10:36:15.0593 0932 ossrv - ok
10:36:15.0968 0932 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
10:36:16.0234 0932 P17 - ok
10:36:16.0531 0932 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:36:16.0546 0932 Parport - ok
10:36:16.0593 0932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:36:16.0593 0932 PartMgr - ok
10:36:16.0671 0932 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:36:16.0671 0932 ParVdm - ok
10:36:16.0718 0932 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:36:16.0718 0932 PCI - ok
10:36:16.0734 0932 PCIDump - ok
10:36:16.0781 0932 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
10:36:16.0781 0932 PCIIde - ok
10:36:16.0859 0932 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:36:16.0906 0932 Pcmcia - ok
10:36:16.0906 0932 PDCOMP - ok
10:36:16.0921 0932 PDFRAME - ok
10:36:16.0921 0932 PDRELI - ok
10:36:16.0937 0932 PDRFRAME - ok
10:36:16.0953 0932 perc2 - ok
10:36:16.0968 0932 perc2hib - ok
10:36:17.0093 0932 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:36:17.0093 0932 PlugPlay - ok
10:36:17.0171 0932 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
10:36:17.0203 0932 Pml Driver HPZ12 - ok
10:36:17.0250 0932 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:36:17.0250 0932 PolicyAgent - ok
10:36:17.0515 0932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:36:17.0531 0932 PptpMiniport - ok
10:36:17.0546 0932 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:36:17.0546 0932 ProtectedStorage - ok
10:36:17.0593 0932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:36:17.0593 0932 PSched - ok
10:36:17.0640 0932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:36:17.0640 0932 Ptilink - ok
10:36:17.0640 0932 ql1080 - ok
10:36:17.0656 0932 Ql10wnt - ok
10:36:17.0687 0932 ql12160 - ok
10:36:17.0687 0932 ql1240 - ok
10:36:17.0703 0932 ql1280 - ok
10:36:17.0765 0932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:36:17.0765 0932 RasAcd - ok
10:36:17.0843 0932 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:36:17.0859 0932 RasAuto - ok
10:36:17.0921 0932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:36:17.0937 0932 Rasl2tp - ok
10:36:18.0046 0932 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:36:18.0078 0932 RasMan - ok
10:36:18.0109 0932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:36:18.0125 0932 RasPppoe - ok
10:36:18.0171 0932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:36:18.0171 0932 Raspti - ok
10:36:18.0281 0932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:36:18.0328 0932 Rdbss - ok
10:36:18.0578 0932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:36:18.0578 0932 RDPCDD - ok
10:36:18.0703 0932 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:36:18.0765 0932 rdpdr - ok
10:36:18.0859 0932 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
10:36:18.0921 0932 RDPWD - ok
10:36:19.0031 0932 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:36:19.0062 0932 RDSessMgr - ok
10:36:19.0125 0932 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:36:19.0140 0932 redbook - ok
10:36:19.0218 0932 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:36:19.0234 0932 RemoteAccess - ok
10:36:19.0312 0932 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:36:19.0312 0932 RemoteRegistry - ok
10:36:19.0578 0932 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:36:19.0609 0932 RpcLocator - ok
10:36:19.0796 0932 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
10:36:19.0796 0932 RpcSs - ok
10:36:19.0890 0932 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:36:19.0921 0932 RSVP - ok
10:36:19.0984 0932 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:36:19.0984 0932 SamSs - ok
10:36:20.0062 0932 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:36:20.0093 0932 SCardSvr - ok
10:36:20.0203 0932 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:36:20.0203 0932 Schedule - ok
10:36:20.0281 0932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:36:20.0281 0932 Secdrv - ok
10:36:20.0328 0932 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:36:20.0343 0932 seclogon - ok
10:36:20.0546 0932 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:36:20.0546 0932 SENS - ok
10:36:20.0609 0932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:36:20.0609 0932 serenum - ok
10:36:20.0671 0932 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:36:20.0687 0932 Serial - ok
10:36:20.0781 0932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:36:20.0781 0932 Sfloppy - ok
10:36:21.0015 0932 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:36:21.0093 0932 SharedAccess - ok
10:36:21.0187 0932 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:36:21.0187 0932 ShellHWDetection - ok
10:36:21.0203 0932 Simbad - ok
10:36:21.0218 0932 Sparrow - ok
10:36:21.0281 0932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:36:21.0281 0932 splitter - ok
10:36:21.0343 0932 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:36:21.0343 0932 Spooler - ok
10:36:21.0578 0932 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:36:21.0625 0932 sr - ok
10:36:21.0734 0932 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:36:21.0734 0932 srservice - ok
10:36:22.0125 0932 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SRTSP.SYS
10:36:22.0343 0932 SRTSP - ok
10:36:22.0562 0932 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307010.005\SRTSPX.SYS
10:36:22.0578 0932 SRTSPX - ok
10:36:22.0765 0932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:36:22.0890 0932 Srv - ok
10:36:22.0953 0932 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:36:22.0953 0932 SSDPSRV - ok
10:36:23.0109 0932 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:36:23.0125 0932 stisvc - ok
10:36:23.0171 0932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:36:23.0171 0932 swenum - ok
10:36:23.0203 0932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:36:23.0218 0932 swmidi - ok
10:36:23.0234 0932 SwPrv - ok
10:36:23.0250 0932 symc810 - ok
10:36:23.0265 0932 symc8xx - ok
10:36:23.0437 0932 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMDS.SYS
10:36:23.0703 0932 SymDS - ok
10:36:24.0218 0932 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMEFA.SYS
10:36:24.0640 0932 SymEFA - ok
10:36:24.0750 0932 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
10:36:24.0781 0932 SymEvent - ok
10:36:24.0890 0932 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.SYS
10:36:24.0937 0932 SymIRON - ok
10:36:25.0109 0932 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SYMTDI.SYS
10:36:25.0234 0932 SYMTDI - ok
10:36:25.0234 0932 sym_hi - ok
10:36:25.0250 0932 sym_u3 - ok
10:36:25.0312 0932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:36:25.0343 0932 sysaudio - ok
10:36:25.0421 0932 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:36:25.0437 0932 SysmonLog - ok
10:36:25.0703 0932 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:36:25.0734 0932 TapiSrv - ok
10:36:25.0953 0932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:36:25.0953 0932 Tcpip - ok
10:36:26.0046 0932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:36:26.0046 0932 TDPIPE - ok
10:36:26.0078 0932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:36:26.0078 0932 TDTCP - ok
10:36:26.0140 0932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:36:26.0156 0932 TermDD - ok
10:36:26.0312 0932 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:36:26.0328 0932 TermService - ok
10:36:26.0421 0932 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:36:26.0421 0932 Themes - ok
10:36:26.0500 0932 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:36:26.0515 0932 TlntSvr - ok
10:36:26.0531 0932 TosIde - ok
10:36:26.0750 0932 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:36:26.0765 0932 TrkWks - ok
10:36:26.0828 0932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:36:26.0843 0932 Udfs - ok
10:36:26.0843 0932 ultra - ok
10:36:27.0031 0932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:36:27.0156 0932 Update - ok
10:36:27.0250 0932 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:36:27.0250 0932 upnphost - ok
10:36:27.0281 0932 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:36:27.0281 0932 UPS - ok
10:36:27.0343 0932 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:36:27.0359 0932 USBAAPL - ok
10:36:27.0421 0932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:36:27.0437 0932 usbccgp - ok
10:36:27.0484 0932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:36:27.0500 0932 usbehci - ok
10:36:27.0562 0932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:36:27.0578 0932 usbhub - ok
10:36:27.0625 0932 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:36:27.0640 0932 usbprint - ok
10:36:27.0671 0932 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:36:27.0671 0932 usbscan - ok
10:36:27.0875 0932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:36:27.0875 0932 USBSTOR - ok
10:36:27.0921 0932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:36:27.0921 0932 usbuhci - ok
10:36:27.0968 0932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:36:27.0968 0932 VgaSave - ok
10:36:27.0984 0932 ViaIde - ok
10:36:28.0031 0932 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:36:28.0046 0932 VolSnap - ok
10:36:28.0234 0932 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:36:28.0312 0932 VSS - ok
10:36:28.0421 0932 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:36:28.0421 0932 W32Time - ok
10:36:28.0484 0932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:36:28.0500 0932 Wanarp - ok
10:36:28.0500 0932 WDICA - ok
10:36:28.0609 0932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:36:28.0625 0932 wdmaud - ok
10:36:28.0843 0932 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:36:28.0843 0932 WebClient - ok
10:36:29.0031 0932 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:36:29.0062 0932 winmgmt - ok
10:36:29.0140 0932 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\windows\system32\mspmsnsv.dll
10:36:29.0140 0932 WmdmPmSN - ok
10:36:29.0421 0932 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:36:29.0640 0932 Wmi - ok
10:36:29.0734 0932 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:36:29.0781 0932 WmiApSrv - ok
10:36:29.0984 0932 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:36:29.0984 0932 WS2IFSL - ok
10:36:30.0078 0932 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:36:30.0093 0932 wscsvc - ok
10:36:30.0140 0932 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:36:30.0140 0932 wuauserv - ok
10:36:30.0359 0932 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:36:30.0562 0932 WZCSVC - ok
10:36:30.0656 0932 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:36:30.0656 0932 xmlprov - ok
10:36:30.0687 0932 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:36:31.0390 0932 \Device\Harddisk0\DR0 - ok
10:36:31.0421 0932 Boot (0x1200) (2ee2c697ec172e9d75354297a417d7a7) \Device\Harddisk0\DR0\Partition0
10:36:31.0437 0932 \Device\Harddisk0\DR0\Partition0 - ok
10:36:31.0437 0932 ============================================================
10:36:31.0437 0932 Scan finished
10:36:31.0437 0932 ============================================================
10:36:31.0453 2924 Detected object count: 0
10:36:31.0453 2924 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 12:02:32
-----------------------------
12:02:32.828 OS Version: Windows 5.1.2600 Service Pack 3
12:02:32.828 Number of processors: 1 586 0x401
12:02:32.828 ComputerName: USER-5AA566B46F UserName: Eric
12:02:34.187 Initialize success
12:03:15.328 AVAST engine defs: 12062300
12:03:22.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:03:22.078 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
12:03:22.156 Disk 0 MBR read successfully
12:03:22.156 Disk 0 MBR scan
12:03:22.250 Disk 0 Windows XP default MBR code
12:03:22.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
12:03:22.343 Disk 0 scanning sectors +156232125
12:03:22.656 Disk 0 scanning C:\WINDOWS\system32\drivers
12:04:25.515 Service scanning
12:05:41.968 Modules scanning
12:06:55.671 Disk 0 trace - called modules:
12:06:55.671 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
12:06:55.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a600ab8]
12:06:56.171 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5beb00]
12:06:57.312 AVAST engine scan C:\WINDOWS
12:08:03.734 AVAST engine scan C:\WINDOWS\system32
12:19:24.500 AVAST engine scan C:\WINDOWS\system32\drivers
12:20:17.765 AVAST engine scan C:\Documents and Settings\Eric
12:41:24.484 AVAST engine scan C:\Documents and Settings\All Users
12:56:27.468 Scan finished successfully
13:01:53.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\Virus\2012\MBR.dat"
13:01:53.640 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\Virus\2012\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:24 AM

Posted 23 June 2012 - 04:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 OpenWaterEric

OpenWaterEric
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 23 June 2012 - 04:54 PM

Ok, here's the log report from combofix....The problem with the stutter is still there with no change both on youtube and pandora.


ComboFix 12-06-23.05 - Eric 06/23/2012 14:34:55.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1282 [GMT -7:00]
Running from: c:\documents and settings\Eric\Desktop\Virus\ComboFix.exe
Command switches used :: c:\documents and settings\Eric\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-22 20:25 . 2012-06-22 20:25 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Sun
2012-06-22 20:12 . 2012-06-22 20:12 -------- d-----w- c:\program files\Common Files\Java
2012-06-22 20:11 . 2012-06-22 20:11 -------- d-----w- c:\program files\Oracle
2012-06-22 20:11 . 2012-06-22 20:11 -------- d-----w- c:\documents and settings\Eric\Application Data\Oracle
2012-06-22 20:10 . 2012-05-05 02:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-22 17:11 . 2012-06-22 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-06-22 17:10 . 2012-06-22 17:10 -------- d-----w- c:\documents and settings\UpdatusUser
2012-06-22 17:07 . 2012-05-15 10:18 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-22 17:07 . 2012-06-22 17:07 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-22 17:07 . 2012-06-22 17:07 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-06-22 17:07 . 2012-06-22 17:07 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-06-22 17:04 . 2012-05-15 10:18 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-06-22 17:04 . 2012-05-15 10:18 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-06-22 17:04 . 2012-05-15 10:18 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-06-22 17:04 . 2012-05-15 10:18 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-06-22 17:04 . 2012-05-15 10:18 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-06-22 17:03 . 2012-06-22 17:11 -------- d-----w- c:\program files\NVIDIA Corporation
2012-06-22 16:59 . 2012-06-22 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2012-06-22 16:45 . 2012-06-22 20:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 16:45 . 2012-06-22 20:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-21 16:57 . 2012-06-21 16:58 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Deployment
2012-06-21 16:19 . 2012-06-21 16:47 -------- d-----w- c:\windows\system32\Adobe
2012-06-20 04:43 . 2012-06-20 04:43 -------- d-----w- c:\program files\ieSpell
2012-06-14 01:19 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2007-12-10 20:41 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-12-10 20:41 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2007-12-10 19:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2007-12-10 19:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2007-12-10 19:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-12-10 20:41 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2007-12-10 20:41 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2007-12-10 19:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2007-12-10 19:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-04 07:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-12-10 20:41 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2007-12-10 19:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2007-12-10 19:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2010-08-23 16:43 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2010-08-23 16:43 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2010-08-23 16:43 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 07:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-04 06:17 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 10:18 . 2009-01-07 03:29 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2009-01-07 03:29 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2008-10-07 21:33 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2008-08-27 22:26 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18 . 2008-08-27 22:26 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 09:40 . 2009-01-07 03:30 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2009-01-07 03:31 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2009-01-07 03:29 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2009-01-07 03:30 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2009-01-07 03:29 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 02:29 . 2011-12-29 17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 02:29 . 2010-07-19 02:24 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:12 . 2004-08-04 06:20 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2007-12-10 19:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-11 06:12 . 2009-12-19 03:03 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-11 06:12 . 2009-12-19 03:03 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-04 22:56 . 2009-04-03 05:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 06:28 . 2012-05-18 01:33 388216 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\symtdi.sys
2012-03-29 06:28 . 2012-05-18 01:33 318584 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\symnets.sys
2012-03-29 06:28 . 2012-05-18 01:33 345208 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\symtdiv.sys
2012-03-29 06:28 . 2012-05-18 01:33 905336 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\symefa.sys
2012-03-29 06:06 . 2012-05-18 01:33 149624 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys
2012-03-29 06:03 . 2012-05-18 01:33 574072 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\srtsp.sys
2012-03-29 06:03 . 2012-05-18 01:33 32888 ----a-w- c:\windows\system32\drivers\NIS\1307010.005\srtspx.sys
2007-12-16 19:32 . 2007-12-16 19:32 1045476 ----a-w- c:\program files\get_product.asp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 07:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-07 02:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-04-04 22:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 21:33 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\symds.sys [5/17/2012 6:33 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\symefa.sys [5/17/2012 6:33 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 5:01 PM 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccsetx86.sys [5/17/2012 6:33 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys [5/17/2012 6:33 PM 149624]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [5/17/2012 6:32 PM 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [6/22/2012 10:10 AM 1262400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2012 3:08 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120622.001\IDSXpx86.sys [6/22/2012 3:43 PM 369632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2011 10:24 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2011 10:24 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 98626320
*NewlyCreated* - ASWMBR
*Deregistered* - 98626320
*Deregistered* - aswMBR
*Deregistered* - pfkdqfoc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 17:24]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 17:24]
.
2012-06-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 66.60.130.158
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 14:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-484061587-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:57,5d,6e,93,d9,86,1f,e7,d1,fb,65,2a,26,2a,e1,02,5b,06,11,19,3e,
3d,e2,22,33,a8,0f,d5,b2,0b,f7,6e,b4,95,4c,4b,d0,79,ec,c4,e7,c7,6e,0f,07,b6,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1892)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
Completion time: 2012-06-23 14:51:32
ComboFix-quarantined-files.txt 2012-06-23 21:51
ComboFix2.txt 2012-06-23 16:04
ComboFix3.txt 2011-12-28 18:24
.
Pre-Run: 17,868,730,368 bytes free
Post-Run: 17,938,857,984 bytes free
.
- - End Of File - - 10E47E7143D54DD8F121F3769C33A59D

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:24 AM

Posted 23 June 2012 - 08:58 PM

Hello

In post 4 I asked you to reset the DMA - did you do this step?

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 OpenWaterEric

OpenWaterEric
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 24 June 2012 - 12:09 AM

I believe I did (99% sure), I have not restarted the computer however since starting the clean-up process with you. Should I try it again or should I restart?

Here is the OTL log....

OTL logfile created on: 6/23/2012 10:01:17 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Eric\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.12% Memory free
3.85 Gb Paging File | 3.12 Gb Available in Paging File | 80.94% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 16.70 Gb Free Space | 22.42% Space Free | Partition Type: NTFS

Computer Name: USER-5AA566B46F | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Eric\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\cpwmon2k.dll ()


========== Win32 Services (SafeList) ==========

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (pfkdqfoc) -- C:\DOCUME~1\Eric\LOCALS~1\Temp\pfkdqfoc.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Eric\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\Eric\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120619.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120622.001\IDSXpx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120623.009\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120623.009\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1307010.005\symtdi.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1307010.005\symefa.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1307010.005\ironx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1307010.005\ccsetx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1307010.005\symds.sys (Symantec Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1935655697-484061587-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1935655697-484061587-839522115-1004\..\SearchScopes,DefaultScope = {CD867C7A-EC17-44F2-8BAC-24DA8DB83D13}
IE - HKU\S-1-5-21-1935655697-484061587-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1935655697-484061587-839522115-1004\..\SearchScopes\{CD867C7A-EC17-44F2-8BAC-24DA8DB83D13}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1935655697-484061587-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-484061587-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {68CE6C37-00AF-4AF9-9799-6BDC8A211DB4}:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Eric\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/03/17 13:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/06/22 13:19:27 | 000,000,000 | ---D | M]

[2008/12/10 23:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eric\Application Data\Mozilla\Extensions
[2007/12/10 20:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\w1r331c7.default\extensions
[2009/04/03 20:51:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ERIC\LOCAL SETTINGS\APPLICATION DATA\{68CE6C37-00AF-4AF9-9799-6BDC8A211DB4}
[2007/11/20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Eric\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/12/28 11:19:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-484061587-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-484061587-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-484061587-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-484061587-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1935655697-484061587-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-484061587-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://75.21.35.38/Citrix/ICAWEB/wfica.cab (ICA Client)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197319157046 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://rww.condorcountry.com/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.60.130.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDF88FE8-F12B-44B4-A099-91521DCE36AD}: DhcpNameServer = 66.60.130.158
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/10 12:05:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/16 19:37:13 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 21:58:07 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe
[2012/06/23 10:38:17 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eric\Desktop\aswMBR.exe
[2012/06/23 10:34:48 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Eric\Desktop\tdsskiller.exe
[2012/06/23 08:45:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/23 08:45:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/23 08:45:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/23 08:45:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/23 08:45:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 13:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\Sun
[2012/06/22 13:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/22 13:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/22 13:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\Oracle
[2012/06/22 13:10:49 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/06/22 13:10:49 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/06/22 13:10:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/06/22 13:10:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/06/22 10:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012/06/22 10:07:28 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/06/22 10:04:34 | 001,000,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2012/06/22 10:04:34 | 000,883,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2012/06/22 10:04:32 | 002,530,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2012/06/22 10:04:32 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2012/06/22 10:04:20 | 017,543,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2012/06/22 10:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/06/22 09:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/06/22 09:45:18 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/22 09:45:18 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/21 09:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Local Settings\Application Data\Deployment
[2012/06/21 09:19:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/06/19 21:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2012/06/13 18:19:36 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Eric\Desktop\*.tmp files -> C:\Documents and Settings\Eric\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/23 22:04:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/23 21:58:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTL.exe
[2012/06/23 16:41:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/23 11:04:01 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 10:38:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eric\Desktop\aswMBR.exe
[2012/06/23 10:35:00 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Eric\Desktop\tdsskiller.exe
[2012/06/23 08:41:01 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\SecurityCheck.exe
[2012/06/22 13:21:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/22 13:18:06 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/06/22 13:16:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/22 13:09:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/06/22 13:09:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/06/22 13:02:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/22 13:02:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/22 10:07:27 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/22 10:07:27 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/06/22 10:07:14 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/22 10:07:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/06/22 10:05:17 | 000,690,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\Cat.DB
[2012/06/22 09:56:12 | 000,200,461 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/06/19 21:42:30 | 002,091,426 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\ieSpellSetup264573.exe
[2012/06/19 15:05:49 | 000,000,264 | RHS- | M] () -- C:\boot.ini
[2012/06/18 20:21:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/18 19:38:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/13 19:40:05 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 19:25:37 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 19:25:37 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 19:08:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/07 23:18:30 | 000,066,183 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\xoso kickball receipt.pdf
[2012/06/05 16:45:10 | 000,034,039 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\DMV Reg. Change of Address.pdf
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/06/01 08:58:44 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/06/01 08:55:04 | 000,008,942 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\VT20120410.034
[2012/05/31 06:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/28 21:01:51 | 001,354,177 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\Pics.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Eric\Desktop\*.tmp files -> C:\Documents and Settings\Eric\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/23 08:45:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/23 08:45:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/23 08:45:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/23 08:45:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/23 08:45:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/23 08:40:59 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\SecurityCheck.exe
[2012/06/22 10:07:14 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/22 10:07:14 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/22 10:07:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/06/22 10:07:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/06/22 10:04:41 | 000,010,264 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/06/22 10:04:34 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/06/19 21:43:00 | 002,091,426 | ---- | C] () -- C:\Documents and Settings\Eric\My Documents\ieSpellSetup264573.exe
[2012/06/18 20:21:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/18 19:38:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/07 23:18:28 | 000,066,183 | ---- | C] () -- C:\Documents and Settings\Eric\My Documents\xoso kickball receipt.pdf
[2012/06/05 16:45:02 | 000,034,039 | ---- | C] () -- C:\Documents and Settings\Eric\My Documents\DMV Reg. Change of Address.pdf
[2012/05/28 21:01:39 | 001,354,177 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\Pics.pdf
[2012/02/15 21:32:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/28 19:00:24 | 000,002,181 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/06/06 18:45:08 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Eric\Application Data\usb.inf
[2011/03/27 21:17:23 | 000,046,300 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/04 15:19:04 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/02 18:43:06 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\fusioncache.dat
[2008/02/19 21:00:51 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/16 12:32:23 | 001,045,476 | ---- | C] () -- C:\Program Files\get_product.asp
[2007/12/10 20:46:38 | 000,194,048 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:24 AM

Posted 24 June 2012 - 12:37 AM

yes try it again and restart the computer and give me an update


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 OpenWaterEric

OpenWaterEric
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 24 June 2012 - 01:28 PM

Ok, I did the DMA, but it said there were no ATA to reset, and so nothing was changed. After restart the stutter issue is better and videos play and pandora work fine until I move the mouse. If I move the mouse around on the page (even if it's not over an add or anything and just in a blank space), the stutter comes back for as long as I'm moving the mouse around. When I stop moving the mouse, the stutter goes away.

What do you think is going on? Thank you again for all of your help.

EDIT!!! I tried playing Pandora today without touching the mouse for 10 minutes today. Each song would start with a stutter every 1-2 seconds for the first 10 seconds or so, and then it would stutter at an interval of about every 5-10 seconds for the rest of the song. Youtube, will stutter once or twice at the start of a video, but then seems to work ok.

Edited by OpenWaterEric, 24 June 2012 - 05:18 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:24 AM

Posted 25 June 2012 - 07:35 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 OpenWaterEric

OpenWaterEric
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 25 June 2012 - 12:14 PM

Ok, OTL did not ask for a reboot, and log file is below....If anything, Pandora is a bit better and Youtube is a bit worse since my last post. Download speeds tested with speedtest.net continue to read between 9-13Mps. Thanks

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Eric\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Eric\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Eric
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Eric
->Flash cache emptied: 1924 bytes

User: LocalService

User: NetworkService

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06252012_100505

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:24 AM

Posted 25 June 2012 - 01:17 PM

Greetings



Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

I also want you to remove all the adobe flash players that are installed

Programs to remove

Java™ 6 Update 26 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.You can install the flash player from here - http://get.adobe.com/flashplayer/

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 OpenWaterEric

OpenWaterEric
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 25 June 2012 - 02:40 PM

Ok the logs are below, note....I couldn't find Java 6 Update 26, but I did see Java 6 Update 30 and I proceeded with the directions removing that item. When I went to download Java through the link provided, it simply said that I had the most up-to-date version.

I'd say Pandora is acting the same, youtube seems better, though I still get the stutter when I move the mouse around the page.





Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Eric :: USER-5AA566B46F [administrator]

6/25/2012 11:45:50 AM
mbam-log-2012-06-25 (11-45-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246852
Time elapsed: 13 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:23 PM, on 6/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (ICA Client) - http://75.21.35.38/Citrix/ICAWEB/wfica.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197319157046
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://rww.condorcountry.com/Remote/msrdp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7854 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users