Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Runs Slowly At Times


  • This topic is locked This topic is locked
30 replies to this topic

#1 joshuals

joshuals

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:10:02 AM

Posted 17 July 2012 - 11:38 PM

This computer runs slowly when booting and sometimes on browsing the Web. At other times it appears to run normally.

There are no other symptoms of malware: no redirects, no popups, no fakeAV ads......nothing

Following programs show no signs of malware being present:
Norton360 (full system scan & running in background)
Spybot S&D (scan only)
Malwarebytes (full system scan & running in background)

Please help me determine if the computer has been infected or is part of a botnet.

Thank you.

DDS log follows:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ben at 20:27:35 on 2012-07-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.300 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PTHOSTTR] c:\program files\hpq\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [LayoutM] KLayMgr.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://portal.abrazohealth.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{A6D81A2E-49BE-43D8-9980-FFAA2C97151D} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-5-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-5-18 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-5-18 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-5-18 149624]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-17 655944]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccsvchst.exe [2012-5-18 138232]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-6-4 476160]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-13 399416]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\ipsdefs\20120715.001\IDSXpx86.sys [2012-7-16 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-17 22344]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\virusdefs\20120717.018\NAVENG.SYS [2012-7-17 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\virusdefs\20120717.018\NAVEX15.SYS [2012-7-17 1589752]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-13 14:07:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 14:07:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 14:49:19 -------- d-----w- C:\Systenance
.
==================== Find3M ====================
.
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 23:22:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 23:22:01 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-16 23:22:01 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 22:09:35 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-19 22:09:35 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-19 03:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 20:28:11.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 AM

Posted 21 July 2012 - 11:19 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:10:02 AM

Posted 22 July 2012 - 12:25 AM

Thank you, Gringo, for taking my case.

Since I first posted, and before you responded, regular scans were run by Norton 360, Malwarebytes, Spybot S&D, and Secunia. No reported threats from any of the tools. Secunia stated that Java 6.33 was "current", but I believe that Java 7.5 is truly the current version. I did not update the Java until you instruct me to do so.

Since my first post the computer has been slow to connect to the Internet using IE. No other signs of malware activity have been seen.

Scans you instructed me to run are in progress.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 AM

Posted 22 July 2012 - 12:30 AM

Greetings


I will be around for the reports when they are ready.


are you also having any problems with sound playback?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:10:02 AM

Posted 22 July 2012 - 12:40 AM

OK....Scans you instructed me to run are complete.

Here's what happened:

Ran Security Check as instructed: success
Disabled Norton360 AV & FW, Malwarebytes, and Secunia
Ran Combofix & installed recovery console when prompted
Combofix completed: success
Re-enabled Norton360 AV & FM & Malwarebytes; Secunia left disabled
Malwarebytes automatically ran a quick scan upon being re-enabled: no threats

SIGNING OFF FOR TONIGHT....I'LL LOOK FOR YOUR RESPONSE TOMORROW!!

******SORRY WE CROSS POSTED.....no trouble with sound.********

Thanks!!

Logs follow:

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 33
Java version out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````


ComboFix 12-07-21.01 - ben 07/21/2012 22:18:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.296 [GMT -7:00]
Running from: c:\documents and settings\ben\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 04:49 . 2012-07-22 04:50 -------- d-----w- C:\malware_check
2012-07-17 15:55 . 2012-07-17 15:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-13 14:07 . 2012-07-13 14:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 14:07 . 2012-07-13 14:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 14:49 . 2012-06-23 14:49 -------- d-----w- C:\Systenance
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 20:46 . 2012-04-17 21:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 23:22 . 2012-06-16 23:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 23:22 . 2012-06-16 23:22 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-16 23:22 . 2012-04-27 19:09 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19 . 2004-08-04 06:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 07:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 07:56 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-08-04 07:56 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2004-08-04 07:56 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-08-04 07:56 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2004-08-04 07:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-04 07:56 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2004-08-04 07:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-08-04 07:56 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2004-08-04 07:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2012-04-28 19:57 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2012-04-28 19:57 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2012-04-28 19:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 07:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-14 22:13 . 2012-05-14 22:13 664 ----a-w- c:\documents and settings\louise\Local Settings\Application Data\d3d9caps.tmp
2012-05-11 14:42 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2004-08-04 06:20 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 15:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-04 08:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2005-03-07 276480]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"LayoutM"="KLayMgr.exe" [2004-08-17 45056]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
.
c:\documents and settings\louise\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2005-10-15 114688]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-10-03 16:14 1409384 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\symds.sys [5/18/2012 7:11 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\symefa.sys [5/18/2012 7:11 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [7/12/2012 7:01 AM 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccsetx86.sys [5/18/2012 7:11 AM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\ironx86.sys [5/18/2012 7:11 AM 149624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/17/2012 2:13 PM 655944]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccsvchst.exe [5/18/2012 7:11 AM 138232]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [6/4/2011 4:37 PM 476160]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/13/2011 11:01 PM 399416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/17/2012 8:12 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120720.001\IDSXpx86.sys [7/20/2012 5:27 PM 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/17/2012 2:13 PM 22344]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/13/2011 11:01 PM 994360]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-07-21 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 23:07]
.
2012-07-22 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 23:07]
.
2012-07-21 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 23:07]
.
2012-07-21 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 23:07]
.
2012-06-20 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2012-06-06 13:14]
.
2012-06-24 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-06-11 22:31]
.
2011-11-09 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-06-11 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 22:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-07-21 22:28:11
ComboFix-quarantined-files.txt 2012-07-22 05:28
.
Pre-Run: 54,107,451,392 bytes free
Post-Run: 54,372,413,440 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F59279B2D8C23BAA725854CA8C23CC5E

Edited by joshuals, 22 July 2012 - 12:41 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 AM

Posted 22 July 2012 - 12:43 AM

Greetings joshuals

I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do




I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Edited by gringo_pr, 22 July 2012 - 12:45 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:10:02 AM

Posted 22 July 2012 - 12:51 AM

Well, in spite of my previous post, I'm still here...

Question: Do I need to disable my security software before proceeding with your instructions above?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 AM

Posted 22 July 2012 - 12:55 AM

greetings


Question: Do I need to disable my security software before proceeding with your instructions above?

It is always best during any active scans to turn off any security programs



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:10:02 AM

Posted 22 July 2012 - 01:31 AM

Here's what happened:

Disabled security software as before
Reset DMA as instructed
Reboot requested: allowed
Ran TDSSKiller (did not "change parameters"): success
Ran aswMBR (did not change "quick scan" in lower left of box): success
Re-enabled security software

No problems, no malware symptoms except some slowness launching IE

This time it's g'night for sure.....will check back tomorrow. Thank you for your help.

Logs follow: !!!QUESTION!!! a binary file MBR.dat was created; do you need that also? !!!!

23:06:46.0906 3528 ============================================================
23:06:46.0906 3528 Current date / time: 2012/07/21 23:06:46.0906
23:06:46.0906 3528 SystemInfo:
23:06:46.0906 3528
23:06:46.0906 3528 OS Version: 5.1.2600 ServicePack: 3.0
23:06:46.0906 3528 Product type: Workstation
23:06:46.0906 3528 ComputerName: TRISTAR149B
23:06:46.0906 3528 UserName: ben
23:06:46.0906 3528 Windows directory: C:\WINDOWS
23:06:46.0906 3528 System windows directory: C:\WINDOWS
23:06:46.0906 3528 Processor architecture: Intel x86
23:06:46.0906 3528 Number of processors: 2
23:06:46.0906 3528 Page size: 0x1000
23:06:46.0906 3528 Boot type: Normal boot
23:06:46.0906 3528 ============================================================
23:06:49.0937 3528 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:06:49.0953 3528 ============================================================
23:06:49.0953 3528 \Device\Harddisk0\DR0:
23:06:49.0953 3528 MBR partitions:
23:06:49.0953 3528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
23:06:49.0953 3528 ============================================================
23:06:49.0968 3528 C: <-> \Device\Harddisk0\DR0\Partition0
23:06:49.0984 3528 ============================================================
23:06:49.0984 3528 Initialize success
23:06:49.0984 3528 ============================================================
23:07:00.0031 3680 ============================================================
23:07:00.0031 3680 Scan started
23:07:00.0031 3680 Mode: Manual;
23:07:00.0031 3680 ============================================================
23:07:00.0359 3680 Abiosdsk - ok
23:07:00.0359 3680 abp480n5 - ok
23:07:00.0390 3680 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
23:07:00.0390 3680 ac97intc - ok
23:07:00.0437 3680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:07:00.0468 3680 ACPI - ok
23:07:00.0484 3680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:07:00.0484 3680 ACPIEC - ok
23:07:00.0500 3680 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:07:00.0515 3680 adpu160m - ok
23:07:00.0531 3680 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
23:07:00.0531 3680 adpu320 - ok
23:07:00.0546 3680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:07:00.0562 3680 aec - ok
23:07:00.0609 3680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:07:00.0609 3680 AFD - ok
23:07:00.0609 3680 Aha154x - ok
23:07:00.0640 3680 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:07:00.0640 3680 aic78u2 - ok
23:07:00.0656 3680 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:07:00.0656 3680 aic78xx - ok
23:07:00.0687 3680 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:07:00.0687 3680 Alerter - ok
23:07:00.0703 3680 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:07:00.0703 3680 ALG - ok
23:07:00.0703 3680 AliIde - ok
23:07:00.0718 3680 amsint - ok
23:07:00.0796 3680 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:07:00.0796 3680 Apple Mobile Device - ok
23:07:00.0828 3680 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:07:00.0875 3680 AppMgmt - ok
23:07:00.0875 3680 asc - ok
23:07:00.0875 3680 asc3350p - ok
23:07:00.0890 3680 asc3550 - ok
23:07:01.0000 3680 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:07:01.0015 3680 aspnet_state - ok
23:07:01.0031 3680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:07:01.0031 3680 AsyncMac - ok
23:07:01.0062 3680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:07:01.0062 3680 atapi - ok
23:07:01.0062 3680 Atdisk - ok
23:07:01.0078 3680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:07:01.0078 3680 Atmarpc - ok
23:07:01.0109 3680 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:07:01.0109 3680 AudioSrv - ok
23:07:01.0140 3680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:07:01.0140 3680 audstub - ok
23:07:01.0187 3680 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:07:01.0187 3680 b57w2k - ok
23:07:01.0203 3680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:07:01.0203 3680 Beep - ok
23:07:01.0328 3680 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
23:07:01.0359 3680 BHDrvx86 - ok
23:07:01.0406 3680 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:07:01.0437 3680 BITS - ok
23:07:01.0468 3680 Blfp (7f72473390feee312a66af045c8ef0f6) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
23:07:01.0468 3680 Blfp - ok
23:07:01.0562 3680 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:07:01.0593 3680 Bonjour Service - ok
23:07:01.0625 3680 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:07:01.0625 3680 Browser - ok
23:07:01.0703 3680 catchme - ok
23:07:01.0718 3680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:07:01.0718 3680 cbidf2k - ok
23:07:01.0781 3680 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys
23:07:01.0781 3680 ccSet_N360 - ok
23:07:01.0796 3680 cd20xrnt - ok
23:07:01.0812 3680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:07:01.0812 3680 Cdaudio - ok
23:07:01.0843 3680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:07:01.0843 3680 Cdfs - ok
23:07:01.0875 3680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:07:01.0890 3680 Cdrom - ok
23:07:01.0890 3680 Changer - ok
23:07:01.0921 3680 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:07:01.0921 3680 CiSvc - ok
23:07:01.0953 3680 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:07:01.0953 3680 ClipSrv - ok
23:07:02.0046 3680 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:07:02.0078 3680 clr_optimization_v2.0.50727_32 - ok
23:07:02.0125 3680 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:07:02.0125 3680 clr_optimization_v4.0.30319_32 - ok
23:07:02.0140 3680 CmdIde - ok
23:07:02.0140 3680 COMSysApp - ok
23:07:02.0156 3680 Cpqarray - ok
23:07:02.0187 3680 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:07:02.0187 3680 CryptSvc - ok
23:07:02.0203 3680 dac2w2k - ok
23:07:02.0203 3680 dac960nt - ok
23:07:02.0250 3680 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:07:02.0250 3680 DcomLaunch - ok
23:07:02.0281 3680 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:07:02.0281 3680 Dhcp - ok
23:07:02.0312 3680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:07:02.0312 3680 Disk - ok
23:07:02.0328 3680 dmadmin - ok
23:07:02.0375 3680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:07:02.0406 3680 dmboot - ok
23:07:02.0437 3680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:07:02.0437 3680 dmio - ok
23:07:02.0453 3680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:07:02.0453 3680 dmload - ok
23:07:02.0484 3680 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:07:02.0484 3680 dmserver - ok
23:07:02.0515 3680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:07:02.0515 3680 DMusic - ok
23:07:02.0546 3680 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:07:02.0546 3680 Dnscache - ok
23:07:02.0578 3680 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:07:02.0578 3680 Dot3svc - ok
23:07:02.0593 3680 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:07:02.0609 3680 dpti2o - ok
23:07:02.0625 3680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:07:02.0625 3680 drmkaud - ok
23:07:02.0640 3680 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:07:02.0640 3680 E100B - ok
23:07:02.0671 3680 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:07:02.0671 3680 EapHost - ok
23:07:02.0750 3680 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:07:02.0765 3680 eeCtrl - ok
23:07:02.0796 3680 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:07:02.0796 3680 EraserUtilRebootDrv - ok
23:07:02.0812 3680 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:07:02.0828 3680 ERSvc - ok
23:07:02.0843 3680 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:07:02.0859 3680 Eventlog - ok
23:07:02.0890 3680 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:07:02.0906 3680 EventSystem - ok
23:07:02.0937 3680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:07:02.0937 3680 Fastfat - ok
23:07:02.0968 3680 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:07:03.0015 3680 FastUserSwitchingCompatibility - ok
23:07:03.0031 3680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:07:03.0046 3680 Fdc - ok
23:07:03.0078 3680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:07:03.0078 3680 Fips - ok
23:07:03.0093 3680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:07:03.0093 3680 Flpydisk - ok
23:07:03.0109 3680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:07:03.0125 3680 FltMgr - ok
23:07:03.0203 3680 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:07:03.0203 3680 FontCache3.0.0.0 - ok
23:07:03.0218 3680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:07:03.0218 3680 Fs_Rec - ok
23:07:03.0250 3680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:07:03.0250 3680 Ftdisk - ok
23:07:03.0281 3680 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:07:03.0296 3680 GEARAspiWDM - ok
23:07:03.0328 3680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:07:03.0328 3680 Gpc - ok
23:07:03.0343 3680 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
23:07:03.0359 3680 HdAudAddService - ok
23:07:03.0390 3680 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:07:03.0390 3680 HDAudBus - ok
23:07:03.0484 3680 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:07:03.0484 3680 helpsvc - ok
23:07:03.0500 3680 HidServ - ok
23:07:03.0531 3680 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:07:03.0531 3680 HidUsb - ok
23:07:03.0578 3680 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:07:03.0578 3680 hkmsvc - ok
23:07:03.0593 3680 hpn - ok
23:07:03.0640 3680 hpqwmi (85dd9edbb1a035ba9b0e9fcc70624990) C:\Program Files\HPQ\Shared\hpqwmi.exe
23:07:03.0640 3680 hpqwmi - ok
23:07:03.0671 3680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:07:03.0687 3680 HTTP - ok
23:07:03.0718 3680 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:07:03.0718 3680 HTTPFilter - ok
23:07:03.0734 3680 i2omgmt - ok
23:07:03.0734 3680 i2omp - ok
23:07:03.0765 3680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:07:03.0781 3680 i8042prt - ok
23:07:03.0796 3680 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
23:07:03.0796 3680 i81x - ok
23:07:03.0812 3680 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
23:07:03.0812 3680 iAimFP0 - ok
23:07:03.0828 3680 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
23:07:03.0828 3680 iAimFP1 - ok
23:07:03.0843 3680 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
23:07:03.0843 3680 iAimFP2 - ok
23:07:03.0843 3680 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
23:07:03.0843 3680 iAimFP3 - ok
23:07:03.0859 3680 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
23:07:03.0859 3680 iAimFP4 - ok
23:07:03.0875 3680 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
23:07:03.0875 3680 iAimFP5 - ok
23:07:03.0875 3680 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
23:07:03.0875 3680 iAimFP6 - ok
23:07:03.0875 3680 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
23:07:03.0890 3680 iAimFP7 - ok
23:07:03.0906 3680 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
23:07:03.0906 3680 iAimTV0 - ok
23:07:03.0921 3680 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
23:07:03.0921 3680 iAimTV1 - ok
23:07:03.0937 3680 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
23:07:03.0937 3680 iAimTV3 - ok
23:07:03.0953 3680 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
23:07:03.0953 3680 iAimTV4 - ok
23:07:03.0968 3680 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
23:07:03.0984 3680 iAimTV5 - ok
23:07:04.0000 3680 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
23:07:04.0000 3680 iAimTV6 - ok
23:07:04.0062 3680 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:07:04.0078 3680 ialm - ok
23:07:04.0203 3680 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:07:04.0265 3680 idsvc - ok
23:07:04.0531 3680 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120720.001\IDSxpx86.sys
23:07:04.0546 3680 IDSxpx86 - ok
23:07:04.0640 3680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:07:04.0640 3680 Imapi - ok
23:07:04.0671 3680 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:07:04.0671 3680 ImapiService - ok
23:07:04.0687 3680 ini910u - ok
23:07:04.0796 3680 IntcAzAudAddService (38e36fd56f8cb7e8b9802531365856a4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:07:04.0875 3680 IntcAzAudAddService - ok
23:07:04.0953 3680 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:07:04.0953 3680 IntelIde - ok
23:07:04.0984 3680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:07:04.0984 3680 intelppm - ok
23:07:05.0000 3680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:07:05.0000 3680 Ip6Fw - ok
23:07:05.0031 3680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:07:05.0031 3680 IpFilterDriver - ok
23:07:05.0062 3680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:07:05.0062 3680 IpInIp - ok
23:07:05.0078 3680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:07:05.0093 3680 IpNat - ok
23:07:05.0171 3680 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
23:07:05.0218 3680 iPod Service - ok
23:07:05.0234 3680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:07:05.0250 3680 IPSec - ok
23:07:05.0265 3680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:07:05.0265 3680 IRENUM - ok
23:07:05.0281 3680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:07:05.0296 3680 isapnp - ok
23:07:05.0375 3680 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
23:07:05.0390 3680 JavaQuickStarterService - ok
23:07:05.0406 3680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:07:05.0406 3680 Kbdclass - ok
23:07:05.0437 3680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:07:05.0437 3680 kmixer - ok
23:07:05.0484 3680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:07:05.0484 3680 KSecDD - ok
23:07:05.0515 3680 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:07:05.0515 3680 lanmanserver - ok
23:07:05.0531 3680 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:07:05.0546 3680 lanmanworkstation - ok
23:07:05.0562 3680 lbrtfdc - ok
23:07:05.0609 3680 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:07:05.0609 3680 LmHosts - ok
23:07:05.0640 3680 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
23:07:05.0640 3680 MBAMProtector - ok
23:07:05.0718 3680 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:07:05.0734 3680 MBAMService - ok
23:07:05.0765 3680 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:07:05.0765 3680 Messenger - ok
23:07:05.0796 3680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:07:05.0796 3680 mnmdd - ok
23:07:05.0828 3680 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:07:05.0828 3680 mnmsrvc - ok
23:07:05.0859 3680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:07:05.0875 3680 Modem - ok
23:07:05.0875 3680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:07:05.0875 3680 Mouclass - ok
23:07:05.0906 3680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:07:05.0906 3680 mouhid - ok
23:07:05.0937 3680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:07:05.0937 3680 MountMgr - ok
23:07:05.0937 3680 mraid35x - ok
23:07:05.0968 3680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:07:06.0000 3680 MRxDAV - ok
23:07:06.0046 3680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:07:06.0062 3680 MRxSmb - ok
23:07:06.0093 3680 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:07:06.0093 3680 MSDTC - ok
23:07:06.0125 3680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:07:06.0125 3680 Msfs - ok
23:07:06.0140 3680 MSIServer - ok
23:07:06.0171 3680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:07:06.0171 3680 MSKSSRV - ok
23:07:06.0171 3680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:07:06.0171 3680 MSPCLOCK - ok
23:07:06.0203 3680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:07:06.0203 3680 MSPQM - ok
23:07:06.0234 3680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:07:06.0234 3680 mssmbios - ok
23:07:06.0265 3680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:07:06.0265 3680 Mup - ok
23:07:06.0359 3680 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
23:07:06.0359 3680 N360 - ok
23:07:06.0390 3680 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:07:06.0406 3680 napagent - ok
23:07:06.0640 3680 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120721.005\NAVENG.SYS
23:07:06.0640 3680 NAVENG - ok
23:07:06.0718 3680 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120721.005\NAVEX15.SYS
23:07:06.0765 3680 NAVEX15 - ok
23:07:06.0890 3680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:07:06.0937 3680 NDIS - ok
23:07:06.0953 3680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:07:06.0953 3680 NdisTapi - ok
23:07:06.0984 3680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:07:06.0984 3680 Ndisuio - ok
23:07:07.0015 3680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:07:07.0015 3680 NdisWan - ok
23:07:07.0046 3680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:07:07.0046 3680 NDProxy - ok
23:07:07.0062 3680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:07:07.0062 3680 NetBIOS - ok
23:07:07.0093 3680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:07:07.0093 3680 NetBT - ok
23:07:07.0125 3680 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:07:07.0140 3680 NetDDE - ok
23:07:07.0140 3680 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:07:07.0140 3680 NetDDEdsdm - ok
23:07:07.0171 3680 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:07:07.0171 3680 Netlogon - ok
23:07:07.0203 3680 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:07:07.0218 3680 Netman - ok
23:07:07.0296 3680 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:07:07.0312 3680 NetTcpPortSharing - ok
23:07:07.0328 3680 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:07:07.0343 3680 Nla - ok
23:07:07.0359 3680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:07:07.0359 3680 Npfs - ok
23:07:07.0406 3680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:07:07.0421 3680 Ntfs - ok
23:07:07.0437 3680 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:07:07.0437 3680 NtLmSsp - ok
23:07:07.0468 3680 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:07:07.0484 3680 NtmsSvc - ok
23:07:07.0515 3680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:07:07.0515 3680 Null - ok
23:07:07.0531 3680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:07:07.0531 3680 NwlnkFlt - ok
23:07:07.0546 3680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:07:07.0546 3680 NwlnkFwd - ok
23:07:07.0562 3680 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
23:07:07.0562 3680 P3 - ok
23:07:07.0593 3680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:07:07.0593 3680 Parport - ok
23:07:07.0609 3680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:07:07.0609 3680 PartMgr - ok
23:07:07.0640 3680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:07:07.0640 3680 ParVdm - ok
23:07:07.0671 3680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:07:07.0671 3680 PCI - ok
23:07:07.0671 3680 PCIDump - ok
23:07:07.0703 3680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:07:07.0703 3680 PCIIde - ok
23:07:07.0734 3680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:07:07.0734 3680 Pcmcia - ok
23:07:07.0734 3680 PDCOMP - ok
23:07:07.0796 3680 pdfcDispatcher - ok
23:07:07.0796 3680 PDFRAME - ok
23:07:07.0796 3680 PDRELI - ok
23:07:07.0812 3680 PDRFRAME - ok
23:07:07.0812 3680 perc2 - ok
23:07:07.0828 3680 perc2hib - ok
23:07:07.0859 3680 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:07:07.0859 3680 PlugPlay - ok
23:07:07.0875 3680 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:07:07.0875 3680 PolicyAgent - ok
23:07:07.0890 3680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:07:07.0890 3680 PptpMiniport - ok
23:07:07.0890 3680 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:07:07.0890 3680 ProtectedStorage - ok
23:07:07.0906 3680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:07:07.0906 3680 PSched - ok
23:07:07.0937 3680 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
23:07:07.0937 3680 PSI - ok
23:07:07.0968 3680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:07:07.0968 3680 Ptilink - ok
23:07:08.0000 3680 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:07:08.0000 3680 PxHelp20 - ok
23:07:08.0015 3680 ql1080 - ok
23:07:08.0015 3680 Ql10wnt - ok
23:07:08.0031 3680 ql12160 - ok
23:07:08.0031 3680 ql1240 - ok
23:07:08.0031 3680 ql1280 - ok
23:07:08.0062 3680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:07:08.0062 3680 RasAcd - ok
23:07:08.0093 3680 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:07:08.0093 3680 RasAuto - ok
23:07:08.0109 3680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:07:08.0109 3680 Rasl2tp - ok
23:07:08.0140 3680 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:07:08.0187 3680 RasMan - ok
23:07:08.0203 3680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:07:08.0203 3680 RasPppoe - ok
23:07:08.0218 3680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:07:08.0218 3680 Raspti - ok
23:07:08.0234 3680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:07:08.0281 3680 Rdbss - ok
23:07:08.0296 3680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:07:08.0296 3680 RDPCDD - ok
23:07:08.0328 3680 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:07:08.0375 3680 rdpdr - ok
23:07:08.0406 3680 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
23:07:08.0406 3680 RDPWD - ok
23:07:08.0437 3680 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:07:08.0484 3680 RDSessMgr - ok
23:07:08.0500 3680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:07:08.0500 3680 redbook - ok
23:07:08.0546 3680 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:07:08.0546 3680 RemoteAccess - ok
23:07:08.0578 3680 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:07:08.0578 3680 RemoteRegistry - ok
23:07:08.0593 3680 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:07:08.0593 3680 RpcLocator - ok
23:07:08.0640 3680 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
23:07:08.0640 3680 RpcSs - ok
23:07:08.0671 3680 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:07:08.0687 3680 RSVP - ok
23:07:08.0687 3680 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:07:08.0703 3680 SamSs - ok
23:07:08.0718 3680 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:07:08.0718 3680 SCardSvr - ok
23:07:08.0750 3680 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:07:08.0750 3680 Schedule - ok
23:07:08.0781 3680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:07:08.0781 3680 Secdrv - ok
23:07:08.0812 3680 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:07:08.0812 3680 seclogon - ok
23:07:08.0937 3680 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
23:07:08.0968 3680 Secunia PSI Agent - ok
23:07:09.0000 3680 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe
23:07:09.0015 3680 Secunia Update Agent - ok
23:07:09.0046 3680 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:07:09.0062 3680 SENS - ok
23:07:09.0093 3680 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:07:09.0093 3680 serenum - ok
23:07:09.0140 3680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:07:09.0140 3680 Serial - ok
23:07:09.0156 3680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:07:09.0156 3680 Sfloppy - ok
23:07:09.0203 3680 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:07:09.0218 3680 SharedAccess - ok
23:07:09.0250 3680 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:07:09.0250 3680 ShellHWDetection - ok
23:07:09.0265 3680 Simbad - ok
23:07:09.0265 3680 Sparrow - ok
23:07:09.0296 3680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:07:09.0296 3680 splitter - ok
23:07:09.0328 3680 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:07:09.0328 3680 Spooler - ok
23:07:09.0343 3680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:07:09.0343 3680 sr - ok
23:07:09.0375 3680 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:07:09.0390 3680 srservice - ok
23:07:09.0468 3680 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\N360\0602010.005\SRTSP.SYS
23:07:09.0484 3680 SRTSP - ok
23:07:09.0500 3680 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS
23:07:09.0500 3680 SRTSPX - ok
23:07:09.0546 3680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:07:09.0562 3680 Srv - ok
23:07:09.0593 3680 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:07:09.0593 3680 SSDPSRV - ok
23:07:09.0640 3680 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:07:09.0656 3680 stisvc - ok
23:07:09.0687 3680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:07:09.0687 3680 swenum - ok
23:07:09.0703 3680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:07:09.0703 3680 swmidi - ok
23:07:09.0703 3680 SwPrv - ok
23:07:09.0734 3680 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:07:09.0734 3680 symc810 - ok
23:07:09.0734 3680 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:07:09.0750 3680 symc8xx - ok
23:07:09.0812 3680 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS
23:07:09.0828 3680 SymDS - ok
23:07:09.0875 3680 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS
23:07:09.0906 3680 SymEFA - ok
23:07:09.0937 3680 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:07:09.0953 3680 SymEvent - ok
23:07:09.0953 3680 SYMFW - ok
23:07:09.0953 3680 SYMIDS - ok
23:07:09.0984 3680 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS
23:07:10.0000 3680 SymIRON - ok
23:07:10.0031 3680 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
23:07:10.0031 3680 Symmpi - ok
23:07:10.0031 3680 SYMNDIS - ok
23:07:10.0078 3680 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\N360\0602010.005\SYMTDI.SYS
23:07:10.0078 3680 SYMTDI - ok
23:07:10.0093 3680 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:07:10.0093 3680 sym_hi - ok
23:07:10.0125 3680 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:07:10.0125 3680 sym_u3 - ok
23:07:10.0140 3680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:07:10.0140 3680 sysaudio - ok
23:07:10.0171 3680 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:07:10.0171 3680 SysmonLog - ok
23:07:10.0250 3680 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:07:10.0265 3680 TapiSrv - ok
23:07:10.0296 3680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:07:10.0312 3680 Tcpip - ok
23:07:10.0328 3680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:07:10.0328 3680 TDPIPE - ok
23:07:10.0343 3680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:07:10.0343 3680 TDTCP - ok
23:07:10.0375 3680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:07:10.0390 3680 TermDD - ok
23:07:10.0421 3680 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:07:10.0437 3680 TermService - ok
23:07:10.0468 3680 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:07:10.0468 3680 Themes - ok
23:07:10.0500 3680 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:07:10.0500 3680 TlntSvr - ok
23:07:10.0515 3680 TosIde - ok
23:07:10.0546 3680 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:07:10.0546 3680 TrkWks - ok
23:07:10.0562 3680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:07:10.0562 3680 Udfs - ok
23:07:10.0578 3680 ultra - ok
23:07:10.0609 3680 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:07:10.0625 3680 upnphost - ok
23:07:10.0640 3680 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:07:10.0640 3680 UPS - ok
23:07:10.0671 3680 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:07:10.0671 3680 USBAAPL - ok
23:07:10.0703 3680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:07:10.0703 3680 usbccgp - ok
23:07:10.0718 3680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:07:10.0718 3680 usbehci - ok
23:07:10.0750 3680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:07:10.0750 3680 usbhub - ok
23:07:10.0781 3680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:07:10.0781 3680 usbprint - ok
23:07:10.0796 3680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:07:10.0796 3680 usbscan - ok
23:07:10.0843 3680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:07:10.0843 3680 USBSTOR - ok
23:07:10.0859 3680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:07:10.0859 3680 usbuhci - ok
23:07:10.0859 3680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:07:10.0859 3680 VgaSave - ok
23:07:10.0875 3680 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:07:10.0875 3680 ViaIde - ok
23:07:10.0906 3680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:07:10.0906 3680 VolSnap - ok
23:07:10.0953 3680 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:07:10.0968 3680 VSS - ok
23:07:10.0984 3680 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:07:11.0031 3680 W32Time - ok
23:07:11.0046 3680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:07:11.0046 3680 Wanarp - ok
23:07:11.0046 3680 WDICA - ok
23:07:11.0062 3680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:07:11.0078 3680 wdmaud - ok
23:07:11.0109 3680 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:07:11.0109 3680 WebClient - ok
23:07:11.0187 3680 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:07:11.0187 3680 winmgmt - ok
23:07:11.0343 3680 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:07:11.0375 3680 wlidsvc - ok
23:07:11.0484 3680 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
23:07:11.0484 3680 WmdmPmSN - ok
23:07:11.0531 3680 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:07:11.0546 3680 Wmi - ok
23:07:11.0609 3680 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:07:11.0609 3680 WmiAcpi - ok
23:07:11.0625 3680 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:07:11.0640 3680 WmiApSrv - ok
23:07:11.0765 3680 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:07:11.0781 3680 WPFFontCache_v0400 - ok
23:07:11.0812 3680 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:07:11.0812 3680 WS2IFSL - ok
23:07:12.0015 3680 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:07:12.0015 3680 wscsvc - ok
23:07:12.0031 3680 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:07:12.0031 3680 wuauserv - ok
23:07:12.0093 3680 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:07:12.0093 3680 WZCSVC - ok
23:07:12.0109 3680 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:07:12.0109 3680 xmlprov - ok
23:07:12.0125 3680 MBR (0x1B8) (df9769dbafc477636448ab0154b8bbc9) \Device\Harddisk0\DR0
23:07:12.0500 3680 \Device\Harddisk0\DR0 - ok
23:07:12.0500 3680 Boot (0x1200) (f271ab8c94c4bb4f8c96aad76a74a163) \Device\Harddisk0\DR0\Partition0
23:07:12.0515 3680 \Device\Harddisk0\DR0\Partition0 - ok
23:07:12.0515 3680 ============================================================
23:07:12.0515 3680 Scan finished
23:07:12.0515 3680 ============================================================
23:07:12.0515 3716 Detected object count: 0
23:07:12.0515 3716 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-21 23:11:33
-----------------------------
23:11:33.031 OS Version: Windows 5.1.2600 Service Pack 3
23:11:33.031 Number of processors: 2 586 0x403
23:11:33.046 ComputerName: TRISTAR149B UserName: ben
23:11:33.390 Initialize success
23:14:47.609 AVAST engine defs: 12072101
23:15:06.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
23:15:06.406 Disk 0 Vendor: WDC_WD800JD-60LSA0 07.01D07 Size: 76319MB BusType: 3
23:15:06.421 Disk 0 MBR read successfully
23:15:06.421 Disk 0 MBR scan
23:15:06.453 Disk 0 Windows XP default MBR code
23:15:06.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
23:15:06.453 Disk 0 scanning sectors +156280320
23:15:06.515 Disk 0 scanning C:\WINDOWS\system32\drivers
23:15:16.953 Service scanning
23:15:33.171 Modules scanning
23:15:40.984 Disk 0 trace - called modules:
23:15:41.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:15:41.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d52ab8]
23:15:41.000 3 CLASSPNP.SYS[f7587fd7] -> nt!IofCallDriver -> \Device\00000069[0x86d90f18]
23:15:41.015 5 ACPI.sys[f741e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x86d55940]
23:15:41.468 AVAST engine scan C:\WINDOWS
23:15:45.703 AVAST engine scan C:\WINDOWS\system32
23:17:56.390 AVAST engine scan C:\WINDOWS\system32\drivers
23:18:11.140 AVAST engine scan C:\Documents and Settings\ben
23:18:32.531 AVAST engine scan C:\Documents and Settings\All Users
23:19:30.406 Scan finished successfully
23:20:04.859 Disk 0 MBR has been saved successfully to "C:\malware_check\second\MBR.dat"
23:20:04.859 The log file has been saved successfully to "C:\malware_check\second\aswMBR.txt"

Edited by joshuals, 22 July 2012 - 01:32 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 AM

Posted 22 July 2012 - 01:38 AM

Greetings

!!!QUESTION!!! a binary file MBR.dat was created; do you need that also? !!!! - No but save it for now



first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on safety
  • click on delete browsing history
  • make sure all boxes are checked
  • click on Tools,
  • click Internet Options.
  • On the Advanced tab, click Reset
  • put a check mark next to Delete Personal Settings
  • click Reset to confirm
  • when complete click the close button
  • restart IE




At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:10:02 AM

Posted 22 July 2012 - 05:05 PM

Good Day Gringo

Here's what happened:

!!!!!RESETTING INTERNET EXPLORER (IE)!!!!!
Followed link to KB923737 & attempted to run. Download hung at 0% for five minutes
Followed link to KB923737 & attempted to download to local machine. Download hung at 0% for five minutes
Followed link to KB923737 & used manual method per instructions below:
1. Exit all progrmas, including IE
2. In Windows XP clicked START, then clicked RUN.
3. Typed "inetcpl.cpl" in command box
4. Clicked ADVANCED TAB
5. Under RESET IE clicked RESET, then clicked RESET again after checking "Delete Personal Settings"
6. Closed Tab, then closed IE
7. Restarted IE
8. IE8 Welcome Box came up; did not select TURN ON SUGGESTED SITES, clicked NEXT, selected USE EXPRESS
SETTINGS, clicked NEXT
9. MSN came up as Home Page; also got a page that stated "Your browser has been upgraded"
10.Popup appears asking if I wanted to make IE the default browser; clicked YES

Then I performed your instructions with regard to Deleting Personal Settings, even though they seemed
redundant to steps in manual fix above. NOTE: instruction "click on SAFETY" was actually "click on TOOLS".
Result: Steps 5 thru 10 (above) were repeated. Not sure why automatic fixlet would not run or download.

!!!!!COMBO FIX!!!!!

1. Disabled Norton360 & MBAM
2. Ran Script as Directed: no problems; log created
3. Re-enabled Norton360 and MBAM

Now, starting IE loads homepage much quicker than before. Navigating to other websites also is quicker
No signs of any malware symptoms. Everything seems to be running pretty normal for this six-year old PC!!

Awaiting further instructions.

Log follows:

ComboFix 12-07-21.01 - ben 07/22/2012 14:26:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.276 [GMT -7:00]
Running from: c:\documents and settings\ben\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ben\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 04:49 . 2012-07-22 21:01 -------- d-----w- C:\malware_check
2012-07-17 15:55 . 2012-07-17 15:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-13 14:07 . 2012-07-13 14:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 14:07 . 2012-07-13 14:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 14:49 . 2012-06-23 14:49 -------- d-----w- C:\Systenance
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 20:46 . 2012-04-17 21:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 23:22 . 2012-06-16 23:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 23:22 . 2012-06-16 23:22 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-16 23:22 . 2012-04-27 19:09 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19 . 2004-08-04 06:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 07:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 07:56 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-08-04 07:56 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2004-08-04 07:56 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-08-04 07:56 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2004-08-04 07:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-04 07:56 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2004-08-04 07:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-08-04 07:56 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2004-08-04 07:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2012-04-28 19:57 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2012-04-28 19:57 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2012-04-28 19:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 07:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-14 22:13 . 2012-05-14 22:13 664 ----a-w- c:\documents and settings\louise\Local Settings\Application Data\d3d9caps.tmp
2012-05-11 14:42 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2004-08-04 06:20 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 15:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-04 08:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-22_05.25.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-22 20:45 . 2012-07-22 20:45 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2012-07-22 20:40 . 2012-07-22 20:40 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2005-03-07 276480]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"LayoutM"="KLayMgr.exe" [2004-08-17 45056]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
.
c:\documents and settings\louise\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2005-10-15 114688]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-10-03 16:14 1409384 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\symds.sys [5/18/2012 7:11 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\symefa.sys [5/18/2012 7:11 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [7/12/2012 7:01 AM 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccsetx86.sys [5/18/2012 7:11 AM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\ironx86.sys [5/18/2012 7:11 AM 149624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/17/2012 2:13 PM 655944]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccsvchst.exe [5/18/2012 7:11 AM 138232]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [6/4/2011 4:37 PM 476160]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/13/2011 11:01 PM 399416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/17/2012 8:12 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120720.001\IDSXpx86.sys [7/20/2012 5:27 PM 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/17/2012 2:13 PM 22344]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/13/2011 11:01 PM 994360]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-07-21 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 23:07]
.
2012-07-22 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 23:07]
.
2012-07-22 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 23:07]
.
2012-07-22 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 23:07]
.
2012-06-20 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2012-06-06 13:14]
.
2012-06-24 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-06-11 22:31]
.
2011-11-09 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-06-11 22:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 14:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1300)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-07-22 14:35:54
ComboFix-quarantined-files.txt 2012-07-22 21:35
ComboFix2.txt 2012-07-22 05:28
.
Pre-Run: 54,311,297,024 bytes free
Post-Run: 54,368,563,200 bytes free
.
- - End Of File - - AEEFFEF8C69A19819A8C5A06E808B1A9

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 AM

Posted 22 July 2012 - 08:15 PM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:10:02 AM

Posted 22 July 2012 - 08:36 PM

Before I start, please advise if you would like me to uninstall the previous version of Java before installing the update, or wait until instructed.

Thank you.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 AM

Posted 22 July 2012 - 08:56 PM

yes go ahead and uninstall all java before installing
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:10:02 AM

Posted 22 July 2012 - 09:32 PM

Scans you requested are running.

In the meantime, I have another question.

The PC that we are working on has THREE user accounts:
The user account under which we have been working that has Admin Priviliges
A Standard Used Account for my spouse
An Administrator Account that exists but is little used.

Do the tools & scans that we have been running in this thread scan ALL user accounts, or just the one that is currently in use?

I ask this question because you requested I run CCleaner, and if my understanding is correct, CCleaner only operates on the account that is CURRENTLY in use. For the purpose of this thread, I ran CCleaner on all but the Administrator Account.

Please let me know if I need to repeat any of the steps in this thread on my spouse's account.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users