Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Lags when Using Internet


  • This topic is locked This topic is locked
27 replies to this topic

#1 wjason777

wjason777

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 09 August 2012 - 07:25 PM

Mod edit:MOVED to Virus,Trojan and Malware Removal Logs ~~boopme

My computer is lagging badly and crashing,and freezing when using the internet especiallyy when trying to go to different web pages. Im using firefox. I also tried using IE but it does the same thing. 'd really appreciate if someone would look over my logs and help me find out what the problem is. Here is my pic of my windows task manger and a copy of my log. http://i240.photobucket.com/albums/ff210/ilovemymarine25-07/Untitled.jpg


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:13:14 PM, on 8/9/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\program files (x86)\i want this\i want this.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
H:\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4060384399-3820371411-581424263-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PremierOpinion - VoiceFive, Inc. - C:\Program Files (x86)\PremierOpinion\pmservice.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12277 bytes

Edited by boopme, 09 August 2012 - 08:25 PM.


BC AdBot (Login to Remove)

 


#2 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 09 August 2012 - 08:03 PM

Also I just ran speccy and cpu temp is at 48c

#3 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 11 August 2012 - 05:31 PM

I changed virus software to Norton Internet 2012, did a complete scan and its still doing the samething here is a updated log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:28:35 PM, on 8/11/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
H:\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4060384399-3820371411-581424263-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PremierOpinion - VoiceFive, Inc. - C:\Program Files (x86)\PremierOpinion\pmservice.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11820 bytes

#4 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 14 August 2012 - 07:09 PM

Could anyone help its been 5 days. Computer is really lagging worst than ever now.

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 14 August 2012 - 07:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464576 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 14 August 2012 - 07:40 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Jason at 20:35:37 on 2012-08-14
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6134.4029 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\PremierOpinion\pmservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\PremierOpinion\pmropn64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=C:\Windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00105-0001-0005-ABCDEFFEDCBC}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D4058FF4-680D-43DE-A3BA-735410BF3F1B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D41198F4-17B0-4B2C-8B75-6951A180043C} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
BHO-X64: Funmoods Helper Object - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: acaptuser32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\dr4rwc9b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://torrentleech.org/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728&q=
FF - user.js: extensions.funmoods.id - 001FBC013F9F4D52
FF - user.js: extensions.funmoods.instlDay - 15538
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:1:44
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120813.001\IDSviA64.sys [2012-8-14 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMTDIV.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-8-9 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-15 1262400]
R2 PremierOpinion;PremierOpinion;C:\Program Files (x86)\PremierOpinion\pmservice.exe [2012-7-17 111680]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys --> C:\Windows\system32\DRIVERS\wdcsam.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-15 250056]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-15 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-7-24 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-10 03:36:08 737912 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\srtsp64.sys
2012-08-10 03:36:08 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\symds64.sys
2012-08-10 03:36:08 445560 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\symtdiv.sys
2012-08-10 03:36:08 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\symnets.sys
2012-08-10 03:36:08 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\srtspx64.sys
2012-08-10 03:36:08 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\ironx64.sys
2012-08-10 03:36:08 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\ccsetx64.sys
2012-08-10 03:36:08 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\symefa64.sys
2012-08-10 03:36:04 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307010.005
2012-08-10 02:18:25 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-08-10 02:07:03 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-08-10 02:07:03 -------- d-----w- C:\Program Files\Symantec
2012-08-10 02:07:03 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-08-10 02:06:22 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-08-10 02:06:21 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-08-10 02:06:15 -------- d-----w- C:\ProgramData\Norton
2012-08-10 02:05:13 -------- d-----w- C:\ProgramData\NortonInstaller
2012-08-10 02:05:13 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-08-10 01:01:27 -------- d-----w- C:\Users\Jason\AppData\Roaming\NVIDIA
2012-08-10 01:00:30 -------- d-----w- C:\Program Files\Speccy
2012-08-07 01:58:10 -------- d-----w- C:\Users\Jason\AppData\Local\SKIDROW
2012-08-06 21:45:59 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll
2012-08-06 21:40:30 -------- d-----w- C:\Windows\SysWow64\directx
2012-08-04 12:10:47 -------- d-----w- C:\temp
2012-08-04 12:04:29 -------- d-----w- C:\ProgramData\Trend Micro
2012-08-03 14:40:33 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BDF13EA4-C9C0-4F39-8BF0-E4B5C5B5B63C}\mpengine.dll
2012-08-02 09:49:45 -------- d-----w- C:\Users\Jason\AppData\Local\Apple Computer
2012-08-02 09:49:24 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-02 09:49:24 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-02 09:49:24 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-02 09:48:27 -------- d-----w- C:\Program Files\iPod
2012-08-02 09:48:26 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-08-02 09:48:26 -------- d-----w- C:\Program Files\iTunes
2012-08-02 09:48:26 -------- d-----w- C:\Program Files (x86)\iTunes
2012-08-02 09:47:20 -------- d-----w- C:\Users\Jason\AppData\Local\Apple
2012-08-02 09:45:35 -------- d-----w- C:\Program Files\Bonjour
2012-08-02 09:45:35 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-07-26 07:18:30 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2012-07-26 07:18:28 -------- d-----w- C:\Program Files\Windows Portable Devices
2012-07-26 01:48:29 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2012-07-26 01:48:29 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-07-26 01:48:28 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-07-26 01:48:28 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-07-26 01:48:28 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-07-26 01:48:28 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-07-26 01:48:28 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-07-26 01:48:28 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-07-26 01:48:28 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-07-26 01:48:28 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-07-26 01:48:27 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-07-26 01:48:27 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-07-25 22:56:47 78848 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKAiO2PPR.dll
2012-07-25 22:50:26 -------- d-----w- C:\Windows\SysWow64\kodak
2012-07-25 08:16:31 -------- d-----w- C:\Windows\SysWow64\spool
2012-07-25 07:27:17 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2012-07-25 07:26:31 3584 ----a-w- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
2012-07-25 07:11:53 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2012-07-25 07:11:53 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-07-25 07:11:53 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-07-25 07:11:53 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-07-25 07:11:53 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2012-07-25 07:11:52 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-07-25 07:11:30 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-07-25 07:11:30 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-07-25 07:11:30 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-07-25 07:11:30 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-07-25 07:11:30 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-07-25 07:11:30 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-07-25 07:11:30 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-07-25 07:01:10 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-07-25 00:08:58 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-25 00:07:57 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-07-25 00:01:49 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-07-24 23:58:07 708096 ----a-w- C:\Windows\System32\rdpencom.dll
2012-07-24 23:58:07 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2012-07-24 23:05:17 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-07-24 23:05:17 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-07-24 23:05:17 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-07-24 22:55:08 -------- d-----w- C:\Windows\SysWow64\vi-VN
2012-07-24 22:55:08 -------- d-----w- C:\Windows\SysWow64\eu-ES
2012-07-24 22:55:08 -------- d-----w- C:\Windows\SysWow64\ca-ES
2012-07-24 22:55:08 -------- d-----w- C:\Windows\System32\vi-VN
2012-07-24 22:55:08 -------- d-----w- C:\Windows\System32\eu-ES
2012-07-24 22:55:08 -------- d-----w- C:\Windows\System32\ca-ES
2012-07-24 22:51:26 -------- d-----w- C:\Windows\System32\SPReview
2012-07-24 22:33:27 3584 ----a-w- C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
2012-07-24 22:33:17 56320 ----a-w- C:\Windows\System32\compcln.exe
2012-07-24 22:33:07 7680 ----a-w- C:\Windows\System32\drivers\en-US\bthport.sys.mui
2012-07-24 22:31:54 717312 ----a-w- C:\Windows\System32\netlogon.dll
2012-07-24 22:30:59 69120 ----a-w- C:\Windows\System32\DevicePairingWizard.exe
2012-07-24 22:29:25 1114112 ----a-w- C:\Windows\System32\WerFaultSecure.exe
2012-07-24 22:28:58 328704 ----a-w- C:\Windows\System32\Wldap32.dll
2012-07-24 22:27:18 489984 ----a-w- C:\Windows\System32\wlangpui.dll
2012-07-24 22:27:18 405504 ----a-w- C:\Windows\System32\winlogon.exe
2012-07-24 22:27:18 399360 ----a-w- C:\Windows\SysWow64\wlangpui.dll
2012-07-24 22:27:18 314368 ----a-w- C:\Windows\SysWow64\winlogon.exe
2012-07-24 22:27:18 287744 ----a-w- C:\Windows\System32\wisptis.exe
2012-07-24 22:27:18 218624 ----a-w- C:\Windows\System32\wlanui.dll
2012-07-24 22:27:18 202752 ----a-w- C:\Windows\SysWow64\wlanui.dll
2012-07-24 22:27:18 1792512 ----a-w- C:\Windows\System32\wlanpref.dll
2012-07-24 22:27:18 1671680 ----a-w- C:\Windows\SysWow64\wlanpref.dll
2012-07-24 22:27:16 936448 ----a-w- C:\Windows\System32\SmiEngine.dll
2012-07-24 21:56:54 -------- d-----w- C:\Windows\System32\EventProviders
2012-07-24 21:38:37 -------- d-----w- C:\ProgramData\Battle.net
2012-07-23 02:14:11 -------- d-----w- C:\Users\Jason\etpro
2012-07-17 04:03:24 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-07-17 04:02:11 -------- d-----w- C:\Program Files (x86)\PremierOpinion
2012-07-17 04:01:55 -------- d-----w- C:\Users\Jason\AppData\Local\I Want This
2012-07-17 04:01:54 -------- d-----w- C:\Program Files (x86)\I Want This
2012-07-17 04:01:47 -------- d-----w- C:\Users\Jason\AppData\Local\Google
2012-07-17 04:01:44 -------- d-----w- C:\Program Files (x86)\Funmoods
2012-07-17 02:07:31 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-07-17 02:07:30 -------- d-----w- C:\Users\Jason\AppData\Local\Adobe
2012-07-17 02:06:58 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-07-17 00:34:35 -------- d-----w- C:\Program Files (x86)\VLC Media Player
2012-07-16 22:11:26 -------- d-----w- C:\Windows\System32\kodak
2012-07-16 22:10:12 -------- d-----w- C:\Users\Jason\AppData\Local\Eastman_Kodak_Company
2012-07-16 22:09:10 -------- d-----w- C:\Users\Jason\AppData\Local\Eastman Kodak Company
2012-07-16 22:06:15 -------- d-----w- C:\Program Files (x86)\Kodak
2012-07-16 22:05:03 -------- d-----w- C:\Users\Jason\AppData\Roaming\Temp
2012-07-16 22:05:02 -------- d-----w- C:\ProgramData\Kodak
2012-07-16 21:43:11 -------- d-----w- C:\Windows\PCHEALTH
2012-07-16 21:40:43 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-07-16 05:08:17 -------- d-----w- C:\Windows\Panther
2012-07-16 04:56:47 -------- d-----w- C:\Windows.old
2012-07-16 04:10:47 -------- d-----w- C:\Users\Jason\AppData\Local\Microsoft Help
2012-07-16 04:09:16 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
2012-07-16 04:09:03 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-07-16 04:09:03 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2012-07-16 04:09:03 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-07-16 04:09:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2012-07-16 04:09:03 12288 ----a-w- C:\Windows\System32\sscore.dll
2012-07-16 03:52:47 18904 ----a-w- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
2012-07-16 03:52:47 18904 ----a-w- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2012-07-16 03:45:03 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-07-16 03:45:03 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-07-16 03:45:03 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-07-16 03:45:03 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-07-16 03:45:03 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-07-16 03:45:03 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-07-16 03:45:03 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-07-16 03:45:03 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-07-16 03:45:03 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-07-16 03:45:03 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-07-16 03:43:11 2048 ----a-w- C:\Windows\SysWow64\winrsmgr.dll
2012-07-16 03:43:11 2048 ----a-w- C:\Windows\System32\winrsmgr.dll
2012-07-16 03:43:10 13312 ----a-w- C:\Windows\System32\wsmplpxy.dll
2012-07-16 03:43:10 13312 ----a-w- C:\Windows\System32\winrssrv.dll
2012-07-16 03:43:05 10240 ----a-w- C:\Windows\SysWow64\wsmplpxy.dll
2012-07-16 03:43:05 10240 ----a-w- C:\Windows\SysWow64\winrssrv.dll
2012-07-16 03:43:01 53760 ----a-w- C:\Windows\System32\pwrshplugin.dll
2012-07-16 03:43:01 51200 ----a-w- C:\Windows\System32\winrs.exe
2012-07-16 03:43:01 41472 ----a-w- C:\Windows\SysWow64\pwrshplugin.dll
2012-07-16 03:43:01 24064 ----a-w- C:\Windows\System32\winrshost.exe
2012-07-16 03:43:01 13824 ----a-w- C:\Windows\System32\wsmprovhost.exe
2012-07-16 02:49:28 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2012-07-16 02:49:28 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2012-07-16 02:49:27 620032 ----a-w- C:\Windows\System32\drivers\http.sys
2012-07-16 02:49:27 33792 ----a-w- C:\Windows\System32\httpapi.dll
2012-07-16 02:49:27 30720 ----a-w- C:\Windows\SysWow64\httpapi.dll
2012-07-16 02:38:15 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-16 02:38:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-07-16 02:29:25 256576 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-07-16 02:29:22 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2012-07-16 02:28:57 -------- d-----w- C:\Users\Jason\AppData\Roaming\DAEMON Tools Pro
2012-07-16 02:28:57 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2012-07-16 02:20:34 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe
2012-07-16 02:20:33 372736 ----a-w- C:\Windows\System32\unregmp2.exe
2012-07-16 02:20:33 310784 ----a-w- C:\Windows\SysWow64\unregmp2.exe
2012-07-16 02:20:33 1418752 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
2012-07-16 02:20:09 368128 ----a-w- C:\Windows\System32\wmpdxm.dll
2012-07-16 02:20:09 313344 ----a-w- C:\Windows\SysWow64\wmpdxm.dll
2012-07-16 02:20:07 43520 ----a-w- C:\Windows\SysWow64\msdxm.tlb
2012-07-16 02:20:07 43520 ----a-w- C:\Windows\System32\msdxm.tlb
2012-07-16 02:20:07 18432 ----a-w- C:\Windows\SysWow64\amcompat.tlb
2012-07-16 02:20:07 18432 ----a-w- C:\Windows\System32\amcompat.tlb
2012-07-16 02:16:59 280576 ----a-w- C:\Windows\System32\rastls.dll
2012-07-16 01:58:08 -------- d-----w- C:\Users\Jason\.swt
2012-07-16 01:58:06 -------- d-----w- C:\Users\Jason\AppData\Roaming\Azureus
2012-07-16 01:57:49 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-07-16 01:57:49 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-07-16 01:57:49 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-07-16 01:55:08 -------- d-----w- C:\Program Files (x86)\Vuze
2012-07-16 01:55:00 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-07-16 01:53:14 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-16 01:53:14 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-16 01:52:29 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-07-16 01:50:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 01:50:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-16 01:47:14 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-16 01:46:54 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-16 01:46:54 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-16 01:46:25 -------- d-----w- C:\Users\Jason\AppData\Local\Mozilla
2012-07-16 01:42:28 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-07-16 01:42:28 508520 ----a-w- C:\Windows\System32\drivers\Rtlh64.sys
2012-07-16 01:42:28 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-07-16 01:38:11 -------- d-sh--w- C:\Windows\Installer
.
==================== Find3M ====================
.
2012-07-25 07:27:17 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2012-07-25 07:26:30 974848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2012-06-18 13:48:14 122368 ----a-w- C:\Windows\System32\EKaio2WiaCoInst.dll
2012-06-18 13:48:10 10240 ----a-w- C:\Windows\System32\EKaio2WiaCoInstRes.dll
2012-06-12 13:48:40 1644544 ----a-w- C:\Windows\System32\EKAiO2MON.dll
2012-06-12 13:48:20 177664 ----a-w- C:\Windows\System32\EKAiO2COI09.dll
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 20:36:14.39 ===============

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 15 August 2012 - 10:19 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 15 August 2012 - 06:42 PM

Computer is still lagging, nothing has change.
No problems

Results of screen317's Security Check version 0.99.44
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 15 August 2012 - 06:51 PM

let me have the combofix report when it is complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 15 August 2012 - 07:24 PM

I disable norton smart firewall and antivirus auto- protect mode. and combofix still recognized it was running,
while combofix was running i received to message, 1. Sin to receive asynchronous callbacks for WMI client application has stop working and 2. task scheduler engine has stopped working.
For some reason now, I cant connect to the internet now. Here is the log.


ComboFix 12-08-15.01 - Jason 08/15/2012 19:58:11.1.8 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6134.2831 [GMT -4:00]
Running from: c:\users\Jason\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\I Want This
c:\program files (x86)\I Want This\I Want This.ico
c:\program files (x86)\I Want This\I Want This.ini
c:\program files (x86)\I Want This\I Want ThisInstaller.log
c:\program files (x86)\premieropinion
c:\program files (x86)\premieropinion\chrome.manifest
c:\program files (x86)\premieropinion\components\pmxg.dll
c:\program files (x86)\premieropinion\components\pmxh.dll
c:\program files (x86)\premieropinion\components\pmxi.dll
c:\program files (x86)\premieropinion\components\pmxj.dll
c:\program files (x86)\premieropinion\components\pmxk.dll
c:\program files (x86)\premieropinion\install.rdf
c:\program files (x86)\premieropinion\nscf.dat
c:\program files (x86)\premieropinion\pmcm.crx
c:\program files (x86)\premieropinion\pmcm.txt
c:\program files (x86)\premieropinion\pmls.dll
c:\program files (x86)\premieropinion\pmls64.dll
c:\program files (x86)\premieropinion\pmoci.bin
c:\program files (x86)\premieropinion\pmph.dll
c:\program files (x86)\premieropinion\pmropn.exe
c:\program files (x86)\premieropinion\pmropn64.exe
c:\program files (x86)\premieropinion\pmservice.exe
c:\program files (x86)\premieropinion\pmxf.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\PremierOpinion
c:\programdata\Microsoft\Windows\Start Menu\Programs\PremierOpinion\About PremierOpinion.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Member of GRID - Goodware Repository Information Database.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Uninstall Instructions.lnk
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\users\Jason\AppData\Local\I Want This
c:\users\Jason\AppData\Local\I Want This\Chrome\I Want This.crx
D:\rfg.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PremierOpinion
-------\Service_PremierOpinion
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 00:06 . 2012-08-16 00:06 -------- d-----w- c:\users\Jason\AppData\Local\CrashDumps
2012-08-15 11:57 . 2012-08-15 11:57 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-10 02:18 . 2012-08-10 02:18 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-08-10 02:07 . 2012-08-10 03:36 -------- d-----w- c:\program files\Symantec
2012-08-10 02:07 . 2012-08-10 03:36 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-10 02:07 . 2012-08-10 02:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-10 02:06 . 2012-08-16 00:10 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-08-10 02:06 . 2012-08-10 02:06 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-08-10 02:06 . 2012-08-10 02:07 -------- d-----w- c:\programdata\Norton
2012-08-10 02:05 . 2012-08-10 02:05 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-08-10 01:01 . 2012-08-10 01:01 -------- d-----w- c:\users\Jason\AppData\Roaming\NVIDIA
2012-08-10 01:00 . 2012-08-10 01:01 -------- d-----w- c:\program files\Speccy
2012-08-07 01:58 . 2012-08-07 01:58 -------- d-----w- c:\users\Jason\AppData\Local\SKIDROW
2012-08-06 21:45 . 2008-05-30 18:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2012-08-04 12:10 . 2012-08-06 21:40 -------- d-----w- C:\temp
2012-08-04 12:04 . 2012-08-10 02:04 -------- d-----w- c:\programdata\Trend Micro
2012-08-03 14:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDF13EA4-C9C0-4F39-8BF0-E4B5C5B5B63C}\mpengine.dll
2012-08-02 09:49 . 2012-08-02 21:21 -------- d-----w- c:\users\Jason\AppData\Roaming\Apple Computer
2012-08-02 09:49 . 2012-08-02 09:49 -------- d-----w- c:\users\Jason\AppData\Local\Apple Computer
2012-08-02 09:49 . 2012-08-02 09:49 -------- dc----w- c:\windows\system32\DRVSTORE
2012-08-02 09:49 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-02 09:49 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-02 09:49 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-02 09:48 . 2012-08-02 09:48 -------- d-----w- c:\program files\iPod
2012-08-02 09:48 . 2012-08-02 09:49 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-08-02 09:48 . 2012-08-02 09:49 -------- d-----w- c:\program files\iTunes
2012-08-02 09:48 . 2012-08-02 09:49 -------- d-----w- c:\program files (x86)\iTunes
2012-08-02 09:48 . 2012-08-02 09:48 -------- d-----w- c:\programdata\Apple Computer
2012-08-02 09:47 . 2012-08-02 09:47 -------- d-----w- c:\users\Jason\AppData\Local\Apple
2012-08-02 09:47 . 2012-08-02 09:47 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-02 09:45 . 2012-08-02 09:45 -------- d-----w- c:\program files\Common Files\Apple
2012-08-02 09:45 . 2012-08-02 09:45 -------- d-----w- c:\program files\Bonjour
2012-08-02 09:45 . 2012-08-02 09:45 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-02 09:45 . 2012-08-02 09:48 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-02 09:45 . 2012-08-02 09:47 -------- d-----w- c:\programdata\Apple
2012-07-26 07:18 . 2012-07-26 07:18 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-07-26 07:18 . 2012-07-26 07:18 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-26 01:48 . 2012-02-29 14:06 1556480 ----a-w- c:\windows\system32\DWrite.dll
2012-07-26 01:48 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-26 01:48 . 2012-03-01 15:39 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-26 01:48 . 2012-03-01 15:39 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-26 01:48 . 2012-03-01 14:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-07-26 01:48 . 2012-03-01 14:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-07-26 01:48 . 2012-02-29 14:40 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-26 01:48 . 2012-02-29 14:09 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-07-26 01:48 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-07-26 01:48 . 2012-02-29 13:44 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-07-26 01:48 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-07-26 01:48 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-07-25 22:56 . 2012-06-28 16:14 78848 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKAiO2PPR.dll
2012-07-25 22:51 . 2012-07-25 22:52 -------- d-----w- c:\users\Default\AppData\Local\Eastman_Kodak_Company
2012-07-25 22:50 . 2012-07-25 22:50 -------- d-----w- c:\windows\SysWow64\kodak
2012-07-25 22:46 . 2012-07-25 22:46 -------- d-----w- c:\users\Default\AppData\Roaming\KODAK AiO Home Center1997812852
2012-07-25 08:16 . 2012-07-25 08:16 -------- d-----w- c:\windows\SysWow64\spool
2012-07-25 07:27 . 2012-07-25 07:27 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2012-07-25 07:26 . 2012-07-25 07:26 3584 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-25 07:11 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-25 07:11 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-25 07:11 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-25 07:11 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-07-25 07:11 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-07-25 07:11 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-07-25 07:11 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-07-25 07:11 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-07-25 07:11 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-25 07:11 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-25 07:11 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-25 07:11 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-25 07:11 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-25 07:01 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-07-25 00:08 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-25 00:07 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-25 00:02 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-07-25 00:01 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-24 23:58 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-24 23:58 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-07-24 23:05 . 2012-07-24 23:35 -------- d-----w- c:\program files (x86)\Diablo III
2012-07-24 23:05 . 2012-07-24 23:30 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-07-24 23:05 . 2012-07-24 23:30 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\system32\ca-ES
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\system32\eu-ES
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\system32\vi-VN
2012-07-24 22:51 . 2012-07-24 22:51 -------- d-----w- c:\windows\system32\SPReview
2012-07-24 22:33 . 2009-04-11 04:07 3584 ----a-w- c:\windows\system32\drivers\en-US\hdaudbus.sys.mui
2012-07-24 22:33 . 2009-04-11 04:10 56320 ----a-w- c:\windows\system32\compcln.exe
2012-07-24 22:33 . 2009-04-11 04:05 7680 ----a-w- c:\windows\system32\drivers\en-US\bthport.sys.mui
2012-07-24 22:31 . 2009-04-11 04:15 347112 ----a-w- c:\windows\system32\drivers\netio.sys
2012-07-24 22:30 . 2009-04-11 04:11 57856 ----a-w- c:\windows\system32\DevicePairingProxy.dll
2012-07-24 22:29 . 2009-04-11 04:11 1114112 ----a-w- c:\windows\system32\WerFaultSecure.exe
2012-07-24 22:28 . 2009-04-11 04:11 328704 ----a-w- c:\windows\system32\Wldap32.dll
2012-07-24 22:27 . 2009-04-11 04:11 489984 ----a-w- c:\windows\system32\wlangpui.dll
2012-07-24 22:27 . 2009-04-11 04:11 218624 ----a-w- c:\windows\system32\wlanui.dll
2012-07-24 22:27 . 2009-04-11 04:11 1792512 ----a-w- c:\windows\system32\wlanpref.dll
2012-07-24 22:27 . 2009-04-11 04:11 287744 ----a-w- c:\windows\system32\wisptis.exe
2012-07-24 22:27 . 2009-04-11 04:11 405504 ----a-w- c:\windows\system32\winlogon.exe
2012-07-24 22:27 . 2009-04-11 03:28 399360 ----a-w- c:\windows\SysWow64\wlangpui.dll
2012-07-24 22:27 . 2009-04-11 03:28 202752 ----a-w- c:\windows\SysWow64\wlanui.dll
2012-07-24 22:27 . 2009-04-11 03:28 1671680 ----a-w- c:\windows\SysWow64\wlanpref.dll
2012-07-24 22:27 . 2009-04-11 03:28 314368 ----a-w- c:\windows\SysWow64\winlogon.exe
2012-07-24 22:27 . 2009-04-11 04:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll
2012-07-24 21:56 . 2012-07-24 21:56 -------- d-----w- c:\windows\system32\EventProviders
2012-07-24 21:38 . 2012-07-24 21:38 -------- d-----w- c:\programdata\Battle.net
2012-07-23 02:14 . 2012-07-23 02:14 -------- d-----w- c:\users\Jason\etpro
2012-07-17 07:02 . 2012-07-17 07:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-17 04:04 . 2012-08-11 03:48 -------- d-----w- c:\users\Jason\AppData\Roaming\vlc
2012-07-17 04:03 . 2012-07-17 04:03 -------- d-----w- c:\program files (x86)\VideoLAN
2012-07-17 04:01 . 2012-07-17 04:01 -------- d-----w- c:\users\Jason\AppData\Local\Google
2012-07-17 04:01 . 2012-07-17 04:01 -------- d-----w- c:\program files (x86)\Funmoods
2012-07-17 02:11 . 2012-07-17 02:11 -------- d-----w- c:\programdata\FLEXnet
2012-07-17 02:07 . 2012-07-17 02:07 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-07-17 02:07 . 2012-07-17 02:11 -------- d-----w- c:\users\Jason\AppData\Local\Adobe
2012-07-17 02:06 . 2008-04-07 09:38 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-07-17 02:00 . 2012-07-23 01:27 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-17 00:34 . 2012-07-17 00:34 -------- d-----w- c:\program files (x86)\VLC Media Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 11:57 . 2012-07-16 01:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 11:57 . 2012-07-16 01:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 02:29 . 2012-07-16 02:29 256576 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-16 01:46 . 2012-07-16 01:46 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-16 01:46 . 2012-07-16 01:46 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 07:19 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-18 13:48 . 2012-06-18 13:48 122368 ----a-w- c:\windows\system32\EKaio2WiaCoInst.dll
2012-06-18 13:48 . 2012-06-18 13:48 10240 ----a-w- c:\windows\system32\EKaio2WiaCoInstRes.dll
2012-06-12 13:48 . 2012-06-12 13:48 1644544 ----a-w- c:\windows\system32\EKAiO2MON.dll
2012-06-12 13:48 . 2012-06-12 13:48 177664 ----a-w- c:\windows\system32\EKAiO2COI09.dll
2012-05-31 16:25 . 2012-07-16 02:38 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2010-11-11 570688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe" [2012-06-19 2784256]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af59c998-cef5-11e1-b04d-001fbc013f9f}]
\shell\AutoRun\command - G:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 11:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF29279.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\dr4rwc9b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://torrentleech.org/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728&q=
FF - user.js: extensions.funmoods.id - 001FBC013F9F4D52
FF - user.js: extensions.funmoods.instlDay - 15538
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:1:44
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-I Want This - c:\program files (x86)\I Want This\Uninstall.exe
AddRemove-{eeb86aef-4a5d-4b75-9d74-f16d438fc286} - c:\program files (x86)\PremierOpinion\pmropn.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\01\10\017\10-"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-08-15 20:16:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 00:16
.
Pre-Run: 326,991,941,632 bytes free
Post-Run: 326,845,415,424 bytes free
.
- - End Of File - - 0F5FF2930F11DC90FC654989518036C3

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 15 August 2012 - 07:32 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 15 August 2012 - 07:58 PM

Internet is connecting now



20:35:05.0907 1792 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
20:35:06.0391 1792 ============================================================
20:35:06.0391 1792 Current date / time: 2012/08/15 20:35:06.0391
20:35:06.0391 1792 SystemInfo:
20:35:06.0391 1792
20:35:06.0391 1792 OS Version: 6.0.6002 ServicePack: 2.0
20:35:06.0391 1792 Product type: Workstation
20:35:06.0391 1792 ComputerName: JASON-PC
20:35:06.0391 1792 UserName: Jason
20:35:06.0391 1792 Windows directory: C:\Windows
20:35:06.0391 1792 System windows directory: C:\Windows
20:35:06.0391 1792 Running under WOW64
20:35:06.0391 1792 Processor architecture: Intel x64
20:35:06.0391 1792 Number of processors: 8
20:35:06.0391 1792 Page size: 0x1000
20:35:06.0391 1792 Boot type: Normal boot
20:35:06.0391 1792 ============================================================
20:35:08.0079 1792 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:35:08.0094 1792 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:35:08.0110 1792 Drive \Device\Harddisk2\DR2 - Size: 0xE8E1000000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:35:08.0110 1792 ============================================================
20:35:08.0110 1792 \Device\Harddisk0\DR0:
20:35:08.0110 1792 MBR partitions:
20:35:08.0110 1792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
20:35:08.0110 1792 \Device\Harddisk1\DR1:
20:35:08.0110 1792 MBR partitions:
20:35:08.0110 1792 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
20:35:08.0110 1792 \Device\Harddisk2\DR2:
20:35:08.0110 1792 MBR partitions:
20:35:08.0110 1792 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74706800
20:35:08.0110 1792 ============================================================
20:35:08.0188 1792 C: <-> \Device\Harddisk0\DR0\Partition1
20:35:08.0204 1792 D: <-> \Device\Harddisk1\DR1\Partition1
20:35:08.0235 1792 F: <-> \Device\Harddisk2\DR2\Partition1
20:35:08.0235 1792 ============================================================
20:35:08.0235 1792 Initialize success
20:35:08.0235 1792 ============================================================
20:35:21.0844 4784 ============================================================
20:35:21.0844 4784 Scan started
20:35:21.0844 4784 Mode: Manual;
20:35:21.0844 4784 ============================================================
20:35:22.0407 4784 ================ Scan services =============================
20:35:22.0672 4784 [ 1965aaffab07e3fb03c77f81beba3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:35:22.0672 4784 ACPI - ok
20:35:22.0766 4784 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:35:22.0766 4784 AdobeARMservice - ok
20:35:22.0860 4784 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:35:22.0860 4784 AdobeFlashPlayerUpdateSvc - ok
20:35:22.0922 4784 [ f14215e37cf124104575073f782111d2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:35:22.0922 4784 adp94xx - ok
20:35:22.0922 4784 [ 7d05a75e3066861a6610f7ee04ff085c ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:35:22.0938 4784 adpahci - ok
20:35:22.0938 4784 [ 820a201fe08a0c345b3bedbc30e1a77c ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:35:22.0938 4784 adpu160m - ok
20:35:22.0938 4784 [ 9b4ab6854559dc168fbb4c24fc52e794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:35:22.0938 4784 adpu320 - ok
20:35:22.0985 4784 [ 0f421175574bfe0bf2f4d8e910a253bb ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:35:22.0985 4784 AeLookupSvc - ok
20:35:23.0032 4784 [ c4f6ce6087760ad70960c9eb130e7943 ] AFD C:\Windows\system32\drivers\afd.sys
20:35:23.0047 4784 AFD - ok
20:35:23.0063 4784 [ f6f6793b7f17b550ecfdbd3b229173f7 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:35:23.0063 4784 agp440 - ok
20:35:23.0094 4784 [ 222cb641b4b8a1d1126f8033f9fd6a00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:35:23.0094 4784 aic78xx - ok
20:35:23.0110 4784 [ 5922f4f59b7868f3d74bbbbeb7b825a3 ] ALG C:\Windows\System32\alg.exe
20:35:23.0110 4784 ALG - ok
20:35:23.0126 4784 [ 157d0898d4b73f075ce9fa26b482df98 ] aliide C:\Windows\system32\drivers\aliide.sys
20:35:23.0126 4784 aliide - ok
20:35:23.0141 4784 [ 970fa5059e61e30d25307b99903e991e ] amdide C:\Windows\system32\drivers\amdide.sys
20:35:23.0141 4784 amdide - ok
20:35:23.0141 4784 [ cdc3632a3a5ea4dbb83e46076a3165a1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:35:23.0141 4784 AmdK8 - ok
20:35:23.0172 4784 [ 9c37b3fd5615477cb9a0cd116cf43f5c ] Appinfo C:\Windows\System32\appinfo.dll
20:35:23.0172 4784 Appinfo - ok
20:35:23.0251 4784 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:35:23.0251 4784 Apple Mobile Device - ok
20:35:23.0251 4784 [ 3da98c07b18a676180fe7eed924d1673 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:35:23.0251 4784 AppMgmt - ok
20:35:23.0266 4784 [ ba8417d4765f3988ff921f30f630e303 ] arc C:\Windows\system32\drivers\arc.sys
20:35:23.0266 4784 arc - ok
20:35:23.0282 4784 [ 9d41c435619733b34cc16a511e644b11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:35:23.0282 4784 arcsas - ok
20:35:23.0313 4784 [ 22d13ff3dafec2a80634752b1eaa2de6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:35:23.0313 4784 AsyncMac - ok
20:35:23.0313 4784 [ e68d9b3a3905619732f7fe039466a623 ] atapi C:\Windows\system32\drivers\atapi.sys
20:35:23.0313 4784 atapi - ok
20:35:23.0344 4784 [ 79318c744693ec983d20e9337a2f8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:35:23.0344 4784 AudioEndpointBuilder - ok
20:35:23.0344 4784 [ 79318c744693ec983d20e9337a2f8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:35:23.0344 4784 AudioSrv - ok
20:35:23.0469 4784 [ f48feb7da35821da15e0b006dcb9a169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
20:35:23.0469 4784 BBSvc - ok
20:35:23.0485 4784 [ 8e16f7a85441986fd2b9ce6c879524e4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
20:35:23.0485 4784 BBUpdate - ok
20:35:23.0501 4784 Beep - ok
20:35:23.0501 4784 [ ffb96c2589ffa60473ead78b39fbde29 ] BFE C:\Windows\System32\bfe.dll
20:35:23.0501 4784 BFE - ok
20:35:23.0610 4784 [ e99f59342171101ee2446d0cd1a60a8d ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx64.sys
20:35:23.0610 4784 BHDrvx64 - ok
20:35:23.0672 4784 [ 6d316f4859634071cc25c4fd4589ad2c ] BITS C:\Windows\system32\qmgr.dll
20:35:23.0672 4784 BITS - ok
20:35:23.0688 4784 [ 79feeb40056683f8f61398d81dda65d2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:35:23.0704 4784 blbdrive - ok
20:35:23.0735 4784 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:35:23.0735 4784 Bonjour Service - ok
20:35:23.0766 4784 [ 2348447a80920b2493a9b582a23e81e1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:35:23.0766 4784 bowser - ok
20:35:23.0797 4784 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:35:23.0797 4784 BrFiltLo - ok
20:35:23.0797 4784 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:35:23.0797 4784 BrFiltUp - ok
20:35:23.0833 4784 [ a1b39de453433b115b4ea69ee0343816 ] Browser C:\Windows\System32\browser.dll
20:35:23.0834 4784 Browser - ok
20:35:23.0866 4784 [ f0f0ba4d815be446aa6a4583ca3bca9b ] Brserid C:\Windows\system32\drivers\brserid.sys
20:35:23.0868 4784 Brserid - ok
20:35:23.0876 4784 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:35:23.0877 4784 BrSerWdm - ok
20:35:23.0889 4784 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:35:23.0890 4784 BrUsbMdm - ok
20:35:23.0921 4784 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:35:23.0922 4784 BrUsbSer - ok
20:35:23.0951 4784 [ e0777b34e05f8a82a21856efc900c29f ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:35:23.0953 4784 BTHMODEM - ok
20:35:23.0966 4784 catchme - ok
20:35:24.0028 4784 [ 2c6ffcca37b002aab3c7c31a6d780a76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys
20:35:24.0029 4784 ccSet_NIS - ok
20:35:24.0032 4784 [ b4d787db8d30793a4d4df9feed18f136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:35:24.0034 4784 cdfs - ok
20:35:24.0079 4784 [ c025aa69be3d0d25c7a2e746ef6f94fc ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:35:24.0086 4784 cdrom - ok
20:35:24.0281 4784 [ 5a268127633c7ee2a7fb87f39d748d56 ] CertPropSvc C:\Windows\System32\certprop.dll
20:35:24.0296 4784 CertPropSvc - ok
20:35:24.0312 4784 [ 02ea568d498bbdd4ba55bf3fce34d456 ] circlass C:\Windows\system32\drivers\circlass.sys
20:35:24.0312 4784 circlass - ok
20:35:24.0343 4784 [ 3dca9a18b204939cfb24bea53e31eb48 ] CLFS C:\Windows\system32\CLFS.sys
20:35:24.0343 4784 CLFS - ok
20:35:24.0408 4784 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:35:24.0408 4784 clr_optimization_v2.0.50727_32 - ok
20:35:24.0455 4784 [ ce07a466201096f021cd09d631b21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:35:24.0470 4784 clr_optimization_v2.0.50727_64 - ok
20:35:24.0517 4784 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:35:24.0517 4784 clr_optimization_v4.0.30319_32 - ok
20:35:24.0548 4784 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:35:24.0548 4784 clr_optimization_v4.0.30319_64 - ok
20:35:24.0564 4784 [ e5d5499a1c50a54b5161296b6afe6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:35:24.0564 4784 cmdide - ok
20:35:24.0580 4784 [ 7fb8ad01db0eabe60c8a861531a8f431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:35:24.0580 4784 Compbatt - ok
20:35:24.0580 4784 COMSysApp - ok
20:35:24.0595 4784 [ a8585b6412253803ce8efcbd6d6dc15c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:35:24.0595 4784 crcdisk - ok
20:35:24.0642 4784 [ 62740b9d2a137e8ced41a9e4239a7a31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:35:24.0642 4784 CryptSvc - ok
20:35:24.0658 4784 [ f60f50c8ed3fcbe358430b95fe27d09c ] CSC C:\Windows\system32\drivers\csc.sys
20:35:24.0658 4784 CSC - ok
20:35:24.0783 4784 [ 1b5f256d31836ed2ba60b3a6c800200c ] CscService C:\Windows\System32\cscsvc.dll
20:35:24.0783 4784 CscService - ok
20:35:24.0845 4784 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] DcomLaunch C:\Windows\system32\rpcss.dll
20:35:24.0845 4784 DcomLaunch - ok
20:35:24.0861 4784 [ 8b722ba35205c71e7951cdc4cdbade19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:35:24.0861 4784 DfsC - ok
20:35:24.0923 4784 [ c647f468f7de343df8c143655c5557d4 ] DFSR C:\Windows\system32\DFSR.exe
20:35:24.0986 4784 DFSR - ok
20:35:25.0048 4784 [ 3ed0321127ce70acdaabbf77e157c2a7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:35:25.0048 4784 Dhcp - ok
20:35:25.0064 4784 [ b0107e40ecdb5fa692ebf832f295d905 ] disk C:\Windows\system32\drivers\disk.sys
20:35:25.0064 4784 disk - ok
20:35:25.0080 4784 [ 06230f1b721494a6df8d47fd395bb1b0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:35:25.0080 4784 Dnscache - ok
20:35:25.0095 4784 [ 1a7156dd1e850e9914e5e991e3225b94 ] dot3svc C:\Windows\System32\dot3svc.dll
20:35:25.0095 4784 dot3svc - ok
20:35:25.0111 4784 [ 1583b39790db3eaec7edb0cb0140c708 ] DPS C:\Windows\system32\dps.dll
20:35:25.0111 4784 DPS - ok
20:35:25.0158 4784 [ f1a78a98cfc2ee02144c6bec945447e6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:35:25.0158 4784 drmkaud - ok
20:35:25.0189 4784 [ 8aae70d76436e4695455aa9ca634a9f4 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:35:25.0189 4784 dtsoftbus01 - ok
20:35:25.0205 4784 [ b8e554e502d5123bc111f99d6a2181b4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:35:25.0220 4784 DXGKrnl - ok
20:35:25.0236 4784 [ 264cee7b031a9d6c827f3d0cb031f2fe ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
20:35:25.0252 4784 E1G60 - ok
20:35:25.0267 4784 [ c2303883fd9be49dc36a6400643002ea ] EapHost C:\Windows\System32\eapsvc.dll
20:35:25.0267 4784 EapHost - ok
20:35:25.0298 4784 [ 5f94962be5a62db6e447ff6470c4f48a ] Ecache C:\Windows\system32\drivers\ecache.sys
20:35:25.0298 4784 Ecache - ok
20:35:25.0361 4784 [ 4353ff94d47a0a9d52b89eccf0cdb013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:35:25.0361 4784 eeCtrl - ok
20:35:25.0423 4784 [ 14ce384d2e27b64c256bda4dc39c312d ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:35:25.0439 4784 ehRecvr - ok
20:35:25.0439 4784 [ b93159c1313d66fdfbbe876f5189cd52 ] ehSched C:\Windows\ehome\ehsched.exe
20:35:25.0455 4784 ehSched - ok
20:35:25.0455 4784 [ f5ee2527d74449868e3c3227a59bcd28 ] ehstart C:\Windows\ehome\ehstart.dll
20:35:25.0455 4784 ehstart - ok
20:35:25.0486 4784 [ c4636d6e10469404ab5308d9fd45ed07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:35:25.0486 4784 elxstor - ok
20:35:25.0517 4784 [ a9b18b63a4fd6baab83326706d857fab ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:35:25.0517 4784 EMDMgmt - ok
20:35:25.0533 4784 [ c5bccb378d0a896304a3e71be7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:35:25.0533 4784 EraserUtilRebootDrv - ok
20:35:25.0548 4784 [ bc3a58e938bb277e46bf4b3003b01abd ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:35:25.0548 4784 ErrDev - ok
20:35:25.0564 4784 [ e12f22b73f153dece721cd45ec05b4af ] EventSystem C:\Windows\system32\es.dll
20:35:25.0564 4784 EventSystem - ok
20:35:25.0595 4784 [ 486844f47b6636044a42454614ed4523 ] exfat C:\Windows\system32\drivers\exfat.sys
20:35:25.0595 4784 exfat - ok
20:35:25.0611 4784 [ 1a4bee34277784619ddaf0422c0c6e23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:35:25.0627 4784 fastfat - ok
20:35:25.0642 4784 [ 989a776a2ff32a148fcf15c44058b129 ] Fax C:\Windows\system32\fxssvc.exe
20:35:25.0642 4784 Fax - ok
20:35:25.0673 4784 [ 81b79b6df71fa1d2c6d688d830616e39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:35:25.0673 4784 fdc - ok
20:35:25.0689 4784 [ bb9267acacd8b7533dd936c34a0cba5e ] fdPHost C:\Windows\system32\fdPHost.dll
20:35:25.0689 4784 fdPHost - ok
20:35:25.0705 4784 [ 300c80931eabbe1db7591c516efe8d0f ] FDResPub C:\Windows\system32\fdrespub.dll
20:35:25.0705 4784 FDResPub - ok
20:35:25.0705 4784 [ 457b7d1d533e4bd62a99aed9c7bb4c59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:35:25.0705 4784 FileInfo - ok
20:35:25.0720 4784 [ d421327fd6efccaf884a54c58e1b0d7f ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:35:25.0783 4784 Filetrace - ok
20:35:25.0845 4784 [ f76d04f7413b07daa029f6520b64b4e8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:35:25.0861 4784 FLEXnet Licensing Service - ok
20:35:25.0892 4784 [ 230923ea2b80f79b0f88d90f87b87ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:35:25.0892 4784 flpydisk - ok
20:35:25.0923 4784 [ e3041bc26d6930d61f42aedb79c91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:35:25.0923 4784 FltMgr - ok
20:35:25.0986 4784 [ be1c5bd1ca7ed015bc6fa1ae67e592c8 ] FontCache C:\Windows\system32\FntCache.dll
20:35:25.0986 4784 FontCache - ok
20:35:26.0048 4784 [ bc5b0be5af3510b0fd8c140ee42c6d3e ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:35:26.0048 4784 FontCache3.0.0.0 - ok
20:35:26.0080 4784 [ 5779b86cd8b32519fbecb136394d946a ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:35:26.0080 4784 Fs_Rec - ok
20:35:26.0095 4784 [ 849e38db7d829962d0233a0a252b60c3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:35:26.0095 4784 fvevol - ok
20:35:26.0111 4784 [ c8e416668d3dc2be3d4fe4c79224997f ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:35:26.0127 4784 gagp30kx - ok
20:35:26.0142 4784 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:35:26.0142 4784 GEARAspiWDM - ok
20:35:26.0173 4784 [ a0e1b575ba8f504968cd40c0faeb2384 ] gpsvc C:\Windows\System32\gpsvc.dll
20:35:26.0173 4784 gpsvc - ok
20:35:26.0220 4784 [ 68e732382b32417ff61fd663259b4b09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:35:26.0220 4784 HdAudAddService - ok
20:35:26.0252 4784 [ f942c5820205f2fb453243edfec82a3d ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:35:26.0252 4784 HDAudBus - ok
20:35:26.0267 4784 [ b4881c84a180e75b8c25dc1d726c375f ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:35:26.0283 4784 HidBth - ok
20:35:26.0283 4784 [ 4e77a77e2c986e8f88f996bb3e1ad829 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:35:26.0283 4784 HidIr - ok
20:35:26.0283 4784 [ 59361d38a297755d46a540e450202b2a ] hidserv C:\Windows\System32\hidserv.dll
20:35:26.0283 4784 hidserv - ok
20:35:26.0298 4784 [ 443bdd2d30bb4f00795c797e2cf99edf ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:35:26.0298 4784 HidUsb - ok
20:35:26.0330 4784 [ b12f367ea39c0795fd57e31242ce1a5a ] hkmsvc C:\Windows\system32\kmsvc.dll
20:35:26.0330 4784 hkmsvc - ok
20:35:26.0361 4784 [ d7109a1e6bd2dfdbcba72a6bc626a13b ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:35:26.0361 4784 HpCISSs - ok
20:35:26.0392 4784 [ 098f1e4e5c9cb5b0063a959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:35:26.0392 4784 HTTP - ok
20:35:26.0408 4784 [ da94c854cea5fac549d4e1f6e88349e8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:35:26.0408 4784 i2omp - ok
20:35:26.0423 4784 [ cbb597659a2713ce0c9cc20c88c7591f ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:35:26.0423 4784 i8042prt - ok
20:35:26.0455 4784 [ 3e3bf3627d886736d0b4e90054f929f6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:35:26.0455 4784 iaStorV - ok
20:35:26.0502 4784 [ 749f5f8cedca70f2a512945325fc489d ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:35:26.0517 4784 idsvc - ok
20:35:26.0564 4784 [ ce0bf35c79e03bb89da6b14fac838605 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120815.002\IDSvia64.sys
20:35:26.0564 4784 IDSVia64 - ok
20:35:26.0580 4784 [ 8c3951ad2fe886ef76c7b5027c3125d3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:35:26.0580 4784 iirsp - ok
20:35:26.0611 4784 [ 0c9ea6e654e7b0471741e343a6c671af ] IKEEXT C:\Windows\System32\ikeext.dll
20:35:26.0611 4784 IKEEXT - ok
20:35:26.0642 4784 [ df797a12176f11b2d301c5b234bb200e ] intelide C:\Windows\system32\drivers\intelide.sys
20:35:26.0642 4784 intelide - ok
20:35:26.0658 4784 [ bfd84af32fa1bad6231c4585cb469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:35:26.0658 4784 intelppm - ok
20:35:26.0689 4784 [ 5624bc1bc5eeb49c0ab76a8114f05ea3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:35:26.0689 4784 IPBusEnum - ok
20:35:26.0705 4784 [ d8aabc341311e4780d6fce8c73c0ad81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:35:26.0705 4784 IpFilterDriver - ok
20:35:26.0736 4784 [ bf0dbfa9792c5c14fa00f61c75116c1b ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:35:26.0736 4784 iphlpsvc - ok
20:35:26.0736 4784 IpInIp - ok
20:35:26.0752 4784 [ 9c2ee2e6e5a7203bfae15c299475ec67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:35:26.0752 4784 IPMIDRV - ok
20:35:26.0752 4784 [ b7e6212f581ea5f6ab0c3a6ceeeb89be ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:35:26.0752 4784 IPNAT - ok
20:35:26.0783 4784 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:35:26.0783 4784 iPod Service - ok
20:35:26.0798 4784 [ 8c42ca155343a2f11d29feca67faa88d ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:35:26.0798 4784 IRENUM - ok
20:35:26.0814 4784 [ 0672bfcedc6fc468a2b0500d81437f4f ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:35:26.0814 4784 isapnp - ok
20:35:26.0845 4784 [ e4fdf99599f27ec25d2cf6d754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:35:26.0845 4784 iScsiPrt - ok
20:35:26.0861 4784 [ 63c766cdc609ff8206cb447a65abba4a ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:35:26.0861 4784 iteatapi - ok
20:35:26.0877 4784 [ 1281fe73b17664631d12f643cbea3f59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:35:26.0877 4784 iteraid - ok
20:35:26.0892 4784 [ 423696f3ba6472dd17699209b933bc26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:35:26.0892 4784 kbdclass - ok
20:35:26.0908 4784 [ dbdf75d51464fbc47d0104ec3d572c05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:35:26.0939 4784 kbdhid - ok
20:35:26.0986 4784 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] KeyIso C:\Windows\system32\lsass.exe
20:35:26.0986 4784 KeyIso - ok
20:35:27.0048 4784 [ 162a5e3a691b903111526147c8d29e6d ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
20:35:27.0048 4784 Kodak AiO Network Discovery Service - ok
20:35:27.0080 4784 [ b5e53fca219a6491e9a1ba146a5d2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
20:35:27.0095 4784 Kodak AiO Status Monitor Service - ok
20:35:27.0095 4784 [ 88956ad9fa510848ad176777a6c6c1f5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:35:27.0111 4784 KSecDD - ok
20:35:27.0142 4784 [ 1d419cf43db29396ecd7113d129d94eb ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:35:27.0142 4784 ksthunk - ok
20:35:27.0173 4784 [ 1faf6926f3416d3da05c5b265491bdae ] KtmRm C:\Windows\system32\msdtckrm.dll
20:35:27.0173 4784 KtmRm - ok
20:35:27.0220 4784 [ 50c7a3cb427e9bb5ed0708a669956ab5 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:35:27.0220 4784 LanmanServer - ok
20:35:27.0267 4784 [ caf86fc1388be1e470f1a7b43e348adb ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:35:27.0267 4784 LanmanWorkstation - ok
20:35:27.0283 4784 [ 96ece2659b6654c10a0c310ae3a6d02c ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:35:27.0283 4784 lltdio - ok
20:35:27.0314 4784 [ 961ccbd0b1ccb5675d64976fae37d092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:35:27.0314 4784 lltdsvc - ok
20:35:27.0330 4784 [ a47f8080cacc23c91fe823ad19aa5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:35:27.0330 4784 lmhosts - ok
20:35:27.0345 4784 [ acbe1af32d3123e330a07bfbc5ec4a9b ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:35:27.0345 4784 LSI_FC - ok
20:35:27.0345 4784 [ 799ffb2fc4729fa46d2157c0065b3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:35:27.0345 4784 LSI_SAS - ok
20:35:27.0377 4784 [ f445ff1daad8a226366bfaf42551226b ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:35:27.0392 4784 LSI_SCSI - ok
20:35:27.0408 4784 [ 52f87b9cc8932c2a7375c3b2a9be5e3e ] luafv C:\Windows\system32\drivers\luafv.sys
20:35:27.0408 4784 luafv - ok
20:35:27.0423 4784 [ 76a58df02bd4ea29f189b82d0bef17f8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:35:27.0439 4784 Mcx2Svc - ok
20:35:27.0439 4784 [ 5c5cd6aaced32fb26c3fb34b3dcf972f ] megasas C:\Windows\system32\drivers\megasas.sys
20:35:27.0439 4784 megasas - ok
20:35:27.0470 4784 [ 859bc2436b076c77c159ed694acfe8f8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:35:27.0470 4784 MegaSR - ok
20:35:27.0517 4784 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:35:27.0533 4784 Microsoft Office Groove Audit Service - ok
20:35:27.0548 4784 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] MMCSS C:\Windows\system32\mmcss.dll
20:35:27.0548 4784 MMCSS - ok
20:35:27.0564 4784 [ 59848d5cc74606f0ee7557983bb73c2e ] Modem C:\Windows\system32\drivers\modem.sys
20:35:27.0564 4784 Modem - ok
20:35:27.0580 4784 [ c247cc2a57e0a0c8c6dccf7807b3e9e5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:35:27.0580 4784 monitor - ok
20:35:27.0595 4784 [ 9367304e5e412b120cf5f4ea14e4e4f1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:35:27.0595 4784 mouclass - ok
20:35:27.0611 4784 [ c2c2bd5c5ce5aaf786ddd74b75d2ac69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:35:27.0611 4784 mouhid - ok
20:35:27.0627 4784 [ 11bc9b1e8801b01f7f6adb9ead30019b ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:35:27.0627 4784 MountMgr - ok
20:35:27.0673 4784 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:35:27.0673 4784 MozillaMaintenance - ok
20:35:27.0689 4784 [ f8276eb8698142884498a528dfea8478 ] mpio C:\Windows\system32\drivers\mpio.sys
20:35:27.0689 4784 mpio - ok
20:35:27.0705 4784 [ c92b9abdb65a5991e00c28f13491dba2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:35:27.0705 4784 mpsdrv - ok
20:35:27.0736 4784 [ 897e3baf68ba406a61682ae39c83900c ] MpsSvc C:\Windows\system32\mpssvc.dll
20:35:27.0736 4784 MpsSvc - ok
20:35:27.0752 4784 [ 3c200630a89ef2c0864d515b7a75802e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:35:27.0752 4784 Mraid35x - ok
20:35:27.0767 4784 [ 7c1de4aa96dc0c071611f9e7de02a68d ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:35:27.0767 4784 MRxDAV - ok
20:35:27.0783 4784 [ 1485811b320ff8c7edad1caebb1c6c2b ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:35:27.0783 4784 mrxsmb - ok
20:35:27.0783 4784 [ 3b929a60c833fc615fd97fba82bc7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:35:27.0798 4784 mrxsmb10 - ok
20:35:27.0798 4784 [ c64ab3e1f53b4f5b5bb6d796b2d7bec3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:35:27.0798 4784 mrxsmb20 - ok
20:35:27.0814 4784 [ 1ac860612b85d8e85ee257d372e39f4d ] msahci C:\Windows\system32\drivers\msahci.sys
20:35:27.0814 4784 msahci - ok
20:35:27.0830 4784 [ 264bbb4aaf312a485f0e44b65a6b7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:35:27.0830 4784 msdsm - ok
20:35:27.0845 4784 [ 7ec02ce772f068ed0beafa3da341a9bc ] MSDTC C:\Windows\System32\msdtc.exe
20:35:27.0845 4784 MSDTC - ok
20:35:27.0877 4784 [ 704f59bfc4512d2bb0146aec31b10a7c ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:35:27.0877 4784 Msfs - ok
20:35:27.0908 4784 [ 00ebc952961664780d43dca157e79b27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:35:27.0908 4784 msisadrv - ok
20:35:27.0939 4784 [ 366b0c1f4478b519c181e37d43dcda32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:35:27.0939 4784 MSiSCSI - ok
20:35:27.0955 4784 msiserver - ok
20:35:27.0955 4784 [ 0ea73e498f53b96d83dbfca074ad4cf8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:35:27.0955 4784 MSKSSRV - ok
20:35:27.0986 4784 [ 52e59b7e992a58e740aa63f57edbae8b ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:35:27.0986 4784 MSPCLOCK - ok
20:35:28.0002 4784 [ 49084a75bae043ae02d5b44d02991bb2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:35:28.0002 4784 MSPQM - ok
20:35:28.0033 4784 [ dc6ccf440cdede4293db41c37a5060a5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:35:28.0033 4784 MsRPC - ok
20:35:28.0048 4784 [ 855796e59df77ea93af46f20155bf55b ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:35:28.0048 4784 mssmbios - ok
20:35:28.0080 4784 [ 86d632d75d05d5b7c7c043fa3564ae86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:35:28.0080 4784 MSTEE - ok
20:35:28.0095 4784 [ 0cc49f78d8aca0877d885f149084e543 ] Mup C:\Windows\system32\Drivers\mup.sys
20:35:28.0095 4784 Mup - ok
20:35:28.0127 4784 [ a5b10c845e7538c60c0f5d87a57cb3f5 ] napagent C:\Windows\system32\qagentRT.dll
20:35:28.0127 4784 napagent - ok
20:35:28.0158 4784 [ 2007b826c4acd94ae32232b41f0842b9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:35:28.0158 4784 NativeWifiP - ok
20:35:28.0220 4784 [ 8043d41f881d6ace40b854ad6e32217f ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120815.002\ENG64.SYS
20:35:28.0220 4784 NAVENG - ok
20:35:28.0252 4784 [ 9a9ab2fc45d701daed465d14980f1305 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120815.002\EX64.SYS
20:35:28.0267 4784 NAVEX15 - ok
20:35:28.0298 4784 [ 65950e07329fcee8e6516b17c8d0abb6 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:35:28.0298 4784 NDIS - ok
20:35:28.0298 4784 [ 64df698a425478e321981431ac171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:35:28.0298 4784 NdisTapi - ok
20:35:28.0330 4784 [ 8baa43196d7b5bb972c9a6b2bbf61a19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:35:28.0330 4784 Ndisuio - ok
20:35:28.0345 4784 [ f8158771905260982ce724076419ef19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:35:28.0345 4784 NdisWan - ok
20:35:28.0345 4784 [ 9cb77ed7cb72850253e973a2d6afdf49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:35:28.0345 4784 NDProxy - ok
20:35:28.0361 4784 [ a499294f5029a7862adc115bda7371ce ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:35:28.0361 4784 NetBIOS - ok
20:35:28.0361 4784 [ fc2c792ebddc8e28df939d6a92c83d61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:35:28.0361 4784 netbt - ok
20:35:28.0377 4784 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] Netlogon C:\Windows\system32\lsass.exe
20:35:28.0377 4784 Netlogon - ok
20:35:28.0392 4784 [ 9b63b29defc0f3115a559d2597bf5d75 ] Netman C:\Windows\System32\netman.dll
20:35:28.0392 4784 Netman - ok
20:35:28.0408 4784 [ 7846d0136cc2b264926a73047ba7688a ] netprofm C:\Windows\System32\netprofm.dll
20:35:28.0423 4784 netprofm - ok
20:35:28.0439 4784 [ 74751dda198165947fd7454d83f49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:35:28.0455 4784 NetTcpPortSharing - ok
20:35:28.0455 4784 [ 4ac08bd6af2df42e0c3196d826c8aea7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:35:28.0455 4784 nfrd960 - ok
20:35:28.0548 4784 [ f2840dbfe9322f35557219ae82cc4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
20:35:28.0548 4784 NIS - ok
20:35:28.0564 4784 [ f145bf4c4668e7e312069f81ef847cfc ] NlaSvc C:\Windows\System32\nlasvc.dll
20:35:28.0564 4784 NlaSvc - ok
20:35:28.0595 4784 [ b298874f8e0ea93f06ec40aa8d146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:35:28.0595 4784 Npfs - ok
20:35:28.0595 4784 [ acb62baa1c319b17752553df3026eeeb ] nsi C:\Windows\system32\nsisvc.dll
20:35:28.0595 4784 nsi - ok
20:35:28.0611 4784 [ 1523af19ee8b030ba682f7a53537eaeb ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:35:28.0611 4784 nsiproxy - ok
20:35:28.0627 4784 [ bac869dfb98e499ba4d9bb1fb43270e1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:35:28.0627 4784 Ntfs - ok
20:35:28.0642 4784 [ dd5d684975352b85b52e3fd5347c20cb ] Null C:\Windows\system32\drivers\Null.sys
20:35:28.0642 4784 Null - ok
20:35:28.0877 4784 [ ba0b4889c40380a01ecdf84c227a89c9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:35:28.0923 4784 nvlddmkm - ok
20:35:29.0111 4784 [ 2c040b7ada5b06f6facadac8514aa034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:35:29.0127 4784 nvraid - ok
20:35:29.0142 4784 [ f7ea0fe82842d05eda3efdd376dbfdba ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:35:29.0142 4784 nvstor - ok
20:35:29.0173 4784 [ 06633cf95bea62164c3bfca24bce6b11 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:35:29.0173 4784 nvsvc - ok
20:35:29.0252 4784 [ 53b629ce436b110c5689c2f6439e567b ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:35:29.0267 4784 nvUpdatusService - ok
20:35:29.0377 4784 [ 19067ca93075ef4823e3938a686f532f ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:35:29.0439 4784 nv_agp - ok
20:35:29.0439 4784 NwlnkFlt - ok
20:35:29.0439 4784 NwlnkFwd - ok
20:35:29.0486 4784 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:35:29.0502 4784 odserv - ok
20:35:29.0533 4784 [ b5b1ce65ac15bbd11c0619e3ef7cfc28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:35:29.0533 4784 ohci1394 - ok
20:35:29.0564 4784 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:35:29.0611 4784 ose - ok
20:35:29.0658 4784 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:35:29.0673 4784 p2pimsvc - ok
20:35:29.0673 4784 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2psvc C:\Windows\system32\p2psvc.dll
20:35:29.0689 4784 p2psvc - ok
20:35:29.0689 4784 [ aecd57f94c887f58919f307c35498ea0 ] Parport C:\Windows\system32\drivers\parport.sys
20:35:29.0689 4784 Parport - ok
20:35:29.0705 4784 [ b43751085e2abe389da466bc62a4b987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:35:29.0705 4784 partmgr - ok
20:35:29.0720 4784 [ 9ab157b374192ff276c1628fbdba2b0e ] PcaSvc C:\Windows\System32\pcasvc.dll
20:35:29.0720 4784 PcaSvc - ok
20:35:29.0736 4784 [ 47ab1e0fc9d0e12bb53ba246e3a0906d ] pci C:\Windows\system32\drivers\pci.sys
20:35:29.0736 4784 pci - ok
20:35:29.0767 4784 [ 2657f6c0b78c36d95034be109336e382 ] pciide C:\Windows\system32\drivers\pciide.sys
20:35:29.0767 4784 pciide - ok
20:35:29.0783 4784 [ 037661f3d7c507c9993b7010ceee6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:35:29.0783 4784 pcmcia - ok
20:35:29.0814 4784 [ 58865916f53592a61549b04941bfd80d ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:35:29.0830 4784 PEAUTH - ok
20:35:30.0064 4784 [ 0ed8727ea0172860f47258456c06caea ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:35:30.0064 4784 PerfHost - ok
20:35:30.0111 4784 [ e9e68c1a0f25cf4a7ac966eea74ee89e ] pla C:\Windows\system32\pla.dll
20:35:30.0127 4784 pla - ok
20:35:30.0158 4784 [ fe6b0f59215c9fd9f9d26539c58c8b82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:35:30.0158 4784 PlugPlay - ok
20:35:30.0158 4784 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:35:30.0173 4784 PNRPAutoReg - ok
20:35:30.0173 4784 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:35:30.0173 4784 PNRPsvc - ok
20:35:30.0220 4784 [ 89a5560671c2d8b4a4b51f3e1aa069d8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:35:30.0220 4784 PolicyAgent - ok
20:35:30.0236 4784 [ 23386e9952025f5f21c368971e2e7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:35:30.0236 4784 PptpMiniport - ok
20:35:30.0252 4784 [ 5080e59ecee0bc923f14018803aa7a01 ] Processor C:\Windows\system32\drivers\processr.sys
20:35:30.0252 4784 Processor - ok
20:35:30.0283 4784 [ e058ce4fc2449d8bfa14739c83b7ff2a ] ProfSvc C:\Windows\system32\profsvc.dll
20:35:30.0283 4784 ProfSvc - ok
20:35:30.0283 4784 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] ProtectedStorage C:\Windows\system32\lsass.exe
20:35:30.0283 4784 ProtectedStorage - ok
20:35:30.0298 4784 [ c5ab7f0809392d0da027f4a2a81bfa31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:35:30.0298 4784 PSched - ok
20:35:30.0330 4784 [ 0b83f4e681062f3839be2ec1d98fd94a ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:35:30.0345 4784 ql2300 - ok
20:35:30.0361 4784 [ e1c80f8d4d1e39ef9595809c1369bf2a ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:35:30.0361 4784 ql40xx - ok
20:35:30.0377 4784 [ 90574842c3da781e279061a3eff91f07 ] QWAVE C:\Windows\system32\qwave.dll
20:35:30.0392 4784 QWAVE - ok
20:35:30.0392 4784 [ e8d76edab77ec9c634c27b8eac33adc5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:35:30.0392 4784 QWAVEdrv - ok
20:35:30.0408 4784 [ 1013b3b663a56d3ddd784f581c1bd005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:35:30.0408 4784 RasAcd - ok
20:35:30.0408 4784 [ b2ae18f847d07f0044404ddf7cb04497 ] RasAuto C:\Windows\System32\rasauto.dll
20:35:30.0408 4784 RasAuto - ok
20:35:30.0423 4784 [ ac7bc4d42a7e558718dfdec599bbfc2c ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:35:30.0423 4784 Rasl2tp - ok
20:35:30.0439 4784 [ 3ad83e4046c43be510de681588acb8af ] RasMan C:\Windows\System32\rasmans.dll
20:35:30.0439 4784 RasMan - ok
20:35:30.0455 4784 [ 4517fbf8b42524afe4ede1de102aae3e ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:35:30.0455 4784 RasPppoe - ok
20:35:30.0455 4784 [ c6a593b51f34c33e5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:35:30.0455 4784 RasSstp - ok
20:35:30.0470 4784 [ 322db5c6b55e8d8ee8d6f358b2aaabb1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:35:30.0470 4784 rdbss - ok
20:35:30.0470 4784 [ 603900cc05f6be65ccbf373800af3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:35:30.0470 4784 RDPCDD - ok
20:35:30.0533 4784 [ ae23e79b13feb62939e2ca1189e71735 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
20:35:30.0533 4784 rdpdr - ok
20:35:30.0533 4784 [ cab9421daf3d97b33d0d055858e2c3ab ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:35:30.0533 4784 RDPENCDD - ok
20:35:30.0564 4784 [ ae4bd9e1c33d351d8e607fc81f15160c ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:35:30.0564 4784 RDPWD - ok
20:35:30.0595 4784 [ c612b9557da73f70d41f8a6fbc8e5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:35:30.0595 4784 RemoteAccess - ok
20:35:30.0611 4784 [ 44b9d8ec2f3ef3a0efb00857af70d861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:35:30.0611 4784 RemoteRegistry - ok
20:35:30.0627 4784 [ f46c457840d4b7a4daafee739ce04102 ] RpcLocator C:\Windows\system32\locator.exe
20:35:30.0627 4784 RpcLocator - ok
20:35:30.0642 4784 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] RpcSs C:\Windows\system32\rpcss.dll
20:35:30.0642 4784 RpcSs - ok
20:35:30.0658 4784 [ 22a9cb08b1a6707c1550c6bf099aae73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:35:30.0658 4784 rspndr - ok
20:35:30.0689 4784 [ a6284c8c29ccccad9109c4da5cd916bd ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
20:35:30.0689 4784 RTL8169 - ok
20:35:30.0705 4784 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] SamSs C:\Windows\system32\lsass.exe
20:35:30.0705 4784 SamSs - ok
20:35:30.0720 4784 [ cd9c693589c60ad59bbbcfb0e524e01b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:35:30.0720 4784 sbp2port - ok
20:35:30.0736 4784 [ fd1cdcf108d5ef3366f00d18b70fb89b ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:35:30.0752 4784 SCardSvr - ok
20:35:30.0767 4784 [ 0f838c811ad295d2a4489b9993096c63 ] Schedule C:\Windows\system32\schedsvc.dll
20:35:30.0767 4784 Schedule - ok
20:35:30.0783 4784 [ 5a268127633c7ee2a7fb87f39d748d56 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:35:30.0783 4784 SCPolicySvc - ok
20:35:30.0798 4784 [ 4ff71b076a7760fe75ea5ae2d0ee0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:35:30.0798 4784 SDRSVC - ok
20:35:30.0814 4784 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:35:30.0814 4784 secdrv - ok
20:35:30.0814 4784 [ 5acdcbc67fcf894a1815b9f96d704490 ] seclogon C:\Windows\system32\seclogon.dll
20:35:30.0814 4784 seclogon - ok
20:35:30.0830 4784 [ 90973a64b96cd647ff81c79443618eed ] SENS C:\Windows\system32\sens.dll
20:35:30.0830 4784 SENS - ok
20:35:30.0845 4784 [ 2449316316411d65bd2c761a6ffb2ce2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:35:30.0845 4784 Serenum - ok
20:35:30.0845 4784 [ 4b438170be2fc8e0bd35ee87a960f84f ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:35:30.0845 4784 Serial - ok
20:35:30.0877 4784 [ a842f04833684bceea7336211be478df ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:35:30.0877 4784 sermouse - ok
20:35:30.0892 4784 [ a8e4a4407a09f35dccc3771af590b0c4 ] SessionEnv C:\Windows\system32\sessenv.dll
20:35:30.0892 4784 SessionEnv - ok
20:35:30.0908 4784 [ 14d4b4465193a87c127933978e8c4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:35:30.0923 4784 sffdisk - ok
20:35:30.0923 4784 [ 7073aee3f82f3d598e3825962aa98ab2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:35:30.0923 4784 sffp_mmc - ok
20:35:30.0939 4784 [ 35e59ebe4a01a0532ed67975161c7b82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:35:30.0939 4784 sffp_sd - ok
20:35:30.0955 4784 [ 6b7838c94135768bd455cbdc23e39e5f ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:35:30.0955 4784 sfloppy - ok
20:35:30.0970 4784 [ 4c5aee179da7e1ee9a9ccb9da289af34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:35:30.0970 4784 SharedAccess - ok
20:35:30.0986 4784 [ 56793271ecdedd350c5add305603e963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:35:31.0002 4784 ShellHWDetection - ok
20:35:31.0002 4784 [ 7a5de502aeb719d4594c6471060a78b3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:35:31.0017 4784 SiSRaid2 - ok
20:35:31.0017 4784 [ 3a2f769fab9582bc720e11ea1dfb184d ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:35:31.0017 4784 SiSRaid4 - ok
20:35:31.0080 4784 [ a9a27a8e257b45a604fdad4f26fe7241 ] slsvc C:\Windows\system32\SLsvc.exe
20:35:31.0095 4784 slsvc - ok
20:35:31.0095 4784 [ fd74b4b7c2088e390a30c85a896fc3af ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:35:31.0095 4784 SLUINotify - ok
20:35:31.0111 4784 [ 290b6f6a0ec4fcdfc90f5cb6d7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:35:31.0127 4784 Smb - ok
20:35:31.0127 4784 [ f8f47f38909823b1af28d60b96340cff ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:35:31.0127 4784 SNMPTRAP - ok
20:35:31.0142 4784 [ 386c3c63f00a7040c7ec5e384217e89d ] spldr C:\Windows\system32\drivers\spldr.sys
20:35:31.0142 4784 spldr - ok
20:35:31.0158 4784 [ f66ff751e7efc816d266977939ef5dc3 ] Spooler C:\Windows\System32\spoolsv.exe
20:35:31.0158 4784 Spooler - ok
20:35:31.0220 4784 [ 891793e00432fa055cf040605c260e49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS
20:35:31.0220 4784 SRTSP - ok
20:35:31.0220 4784 [ 1cb7bb3b0561fb5ecfe37f7731e8bf3e ] SRTSPX C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS
20:35:31.0220 4784 SRTSPX - ok
20:35:31.0252 4784 [ 880a57fccb571ebd063d4dd50e93e46d ] srv C:\Windows\system32\DRIVERS\srv.sys
20:35:31.0252 4784 srv - ok
20:35:31.0267 4784 [ a1ad14a6d7a37891fffeca35ebbb0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:35:31.0267 4784 srv2 - ok
20:35:31.0283 4784 [ 4bed62f4fa4d8300973f1151f4c4d8a7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:35:31.0283 4784 srvnet - ok
20:35:31.0298 4784 [ 192c74646ec5725aef3f80d19ff75f6a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:35:31.0298 4784 SSDPSRV - ok
20:35:31.0345 4784 [ 2ee3fa0308e6185ba64a9a7f2e74332b ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:35:31.0345 4784 SstpSvc - ok
20:35:31.0377 4784 [ c354621b6b94e10ae7f5cdbe745feb86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:35:31.0377 4784 Stereo Service - ok
20:35:31.0392 4784 [ 14b4db4381e4a55f570d8bb699b791d6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
20:35:31.0392 4784 StillCam - ok
20:35:31.0423 4784 [ 15825c1fbfb8779992cb65087f316af5 ] stisvc C:\Windows\System32\wiaservc.dll
20:35:31.0423 4784 stisvc - ok
20:35:31.0439 4784 [ 8a851ca908b8b974f89c50d2e18d4f0c ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:35:31.0439 4784 swenum - ok
20:35:31.0439 4784 [ 6de37f4de19d4efd9c48c43addbc949a ] swprv C:\Windows\System32\swprv.dll
20:35:31.0439 4784 swprv - ok
20:35:31.0470 4784 [ 2f26a2c6fc96b29beff5d8ed74e6625b ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:35:31.0470 4784 Symc8xx - ok
20:35:31.0627 4784 [ 8b2430762099598da40686f754632efd ] SymDS C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS
20:35:31.0627 4784 SymDS - ok
20:35:31.0642 4784 [ 5cb7f2fd7e30a0f52f93574bfc3a8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS
20:35:31.0658 4784 SymEFA - ok
20:35:31.0673 4784 [ 898bb48c797483420df523b2bbc1ecdb ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:35:31.0673 4784 SymEvent - ok
20:35:31.0689 4784 [ 5013a76caaa1d7cf1c55214b490b4e35 ] SymIRON C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS
20:35:31.0689 4784 SymIRON - ok
20:35:31.0783 4784 [ a25fee245c78804601d83431386a0bee ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMTDIV.SYS
20:35:31.0783 4784 SYMTDIv - ok
20:35:31.0814 4784 [ a909667976d3bccd1df813fed517d837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:35:31.0861 4784 Sym_hi - ok
20:35:31.0877 4784 [ 36887b56ec2d98b9c362f6ae4de5b7b0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:35:31.0877 4784 Sym_u3 - ok
20:35:31.0908 4784 [ 92d7a8b0f87b036f17d25885937897a6 ] SysMain C:\Windows\system32\sysmain.dll
20:35:31.0923 4784 SysMain - ok
20:35:31.0923 4784 [ 005ce42567f9113a3bccb3b20073b029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:35:31.0923 4784 TabletInputService - ok
20:35:31.0955 4784 [ cc2562b4d55e0b6a4758c65407f63b79 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:35:31.0955 4784 TapiSrv - ok
20:35:31.0970 4784 [ cdbe8d7c1e201b911cdc346d06617fb5 ] TBS C:\Windows\System32\tbssvc.dll
20:35:31.0970 4784 TBS - ok
20:35:32.0002 4784 [ 46d448e9117464e4d3bbf36d7e3fa48e ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:35:32.0017 4784 Tcpip - ok
20:35:32.0033 4784 [ 46d448e9117464e4d3bbf36d7e3fa48e ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:35:32.0048 4784 Tcpip6 - ok
20:35:32.0095 4784 [ c7e72a4071ee0200e3c075dacfb2b334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:35:32.0095 4784 tcpipreg - ok
20:35:32.0111 4784 [ 1d8bf4aaa5fb7a2761475781dc1195bc ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:35:32.0111 4784 TDPIPE - ok
20:35:32.0127 4784 [ 7f7e00cdf609df657f4cda02dd1c9bb1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:35:32.0127 4784 TDTCP - ok
20:35:32.0158 4784 [ 458919c8c42e398dc4802178d5ffee27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:35:32.0158 4784 tdx - ok
20:35:32.0173 4784 [ 8c19678d22649ec002ef2282eae92f98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:35:32.0173 4784 TermDD - ok
20:35:32.0220 4784 [ 5cdd30bc217082dac71a9878d9bfd566 ] TermService C:\Windows\System32\termsrv.dll
20:35:32.0236 4784 TermService - ok
20:35:32.0236 4784 [ 56793271ecdedd350c5add305603e963 ] Themes C:\Windows\system32\shsvcs.dll
20:35:32.0252 4784 Themes - ok
20:35:32.0252 4784 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] THREADORDER C:\Windows\system32\mmcss.dll
20:35:32.0252 4784 THREADORDER - ok
20:35:32.0267 4784 [ f4689f05af472a651a7b1b7b02d200e7 ] TrkWks C:\Windows\System32\trkwks.dll
20:35:32.0267 4784 TrkWks - ok
20:35:32.0283 4784 [ 66328b08ef5a9305d8ede36b93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:35:32.0283 4784 TrustedInstaller - ok
20:35:32.0298 4784 [ 9e5409cd17c8bef193aad498f3bc2cb8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:35:32.0314 4784 tssecsrv - ok
20:35:32.0330 4784 [ 89ec74a9e602d16a75a4170511029b3c ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:35:32.0345 4784 tunmp - ok
20:35:32.0345 4784 [ 30a9b3f45ad081bffc3bcaa9c812b609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:35:32.0345 4784 tunnel - ok
20:35:32.0361 4784 [ fec266ef401966311744bd0f359f7f56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:35:32.0361 4784 uagp35 - ok
20:35:32.0392 4784 [ faf2640a2a76ed03d449e443194c4c34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:35:32.0392 4784 udfs - ok
20:35:32.0408 4784 [ 060507c4113391394478f6953a79eedc ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:35:32.0408 4784 UI0Detect - ok
20:35:32.0439 4784 [ 4ec9447ac3ab462647f60e547208ca00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:35:32.0439 4784 uliagpkx - ok
20:35:32.0439 4784 [ 697f0446134cdc8f99e69306184fbbb4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:35:32.0439 4784 uliahci - ok
20:35:32.0455 4784 [ 31707f09846056651ea2c37858f5ddb0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:35:32.0455 4784 UlSata - ok
20:35:32.0455 4784 [ 85e5e43ed5b48c8376281bab519271b7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:35:32.0455 4784 ulsata2 - ok
20:35:32.0470 4784 [ 46e9a994c4fed537dd951f60b86ad3f4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:35:32.0470 4784 umbus - ok
20:35:32.0486 4784 [ dc5e34f189b827199b9cc8481c648269 ] UmRdpService C:\Windows\System32\umrdp.dll
20:35:32.0486 4784 UmRdpService - ok
20:35:32.0502 4784 [ 7093799ff80e9deca0680d2e3535be60 ] upnphost C:\Windows\System32\upnphost.dll
20:35:32.0502 4784 upnphost - ok
20:35:32.0548 4784 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:35:32.0548 4784 USBAAPL64 - ok
20:35:32.0580 4784 [ 07e3498fc60834219d2356293da0fecc ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:35:32.0580 4784 usbccgp - ok
20:35:32.0580 4784 [ 9247f7e0b65852c1f6631480984d6ed2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:35:32.0580 4784 usbcir - ok
20:35:32.0595 4784 [ 827e44de934a736ea31e91d353eb126f ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:35:32.0595 4784 usbehci - ok
20:35:32.0611 4784 [ bb35cd80a2ececfadc73569b3d70c7d1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:35:32.0611 4784 usbhub - ok
20:35:32.0642 4784 [ eba14ef0c07cec233f1529c698d0d154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:35:32.0642 4784 usbohci - ok
20:35:32.0642 4784 [ acfee697af477021bb3ec78c5431fed2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:35:32.0642 4784 usbprint - ok
20:35:32.0673 4784 [ b854c1558fca0c269a38663e8b59b581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:35:32.0673 4784 USBSTOR - ok
20:35:32.0673 4784 [ b2872cbf9f47316abd0e0c74a1aba507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:35:32.0673 4784 usbuhci - ok
20:35:32.0689 4784 [ d76e231e4850bb3f88a3d9a78df191e3 ] UxSms C:\Windows\System32\uxsms.dll
20:35:32.0689 4784 UxSms - ok
20:35:32.0705 4784 [ 294945381dfa7ce58cecf0a9896af327 ] vds C:\Windows\System32\vds.exe
20:35:32.0705 4784 vds - ok
20:35:32.0736 4784 [ 916b94bcf1e09873fff2d5fb11767bbc ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:35:32.0736 4784 vga - ok
20:35:32.0752 4784 [ b83ab16b51feda65dd81b8c59d114d63 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:35:32.0752 4784 VgaSave - ok
20:35:32.0767 4784 [ 8294b6c3fdb6c33f24e150de647ecdaa ] viaide C:\Windows\system32\drivers\viaide.sys
20:35:32.0767 4784 viaide - ok
20:35:32.0767 4784 [ 2b7e885ed951519a12c450d24535dfca ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:35:32.0767 4784 volmgr - ok
20:35:32.0783 4784 [ cec5ac15277d75d9e5dec2e1c6eaf877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:35:32.0798 4784 volmgrx - ok
20:35:32.0814 4784 [ 5280aada24ab36b01a84a6424c475c8d ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:35:32.0814 4784 volsnap - ok
20:35:32.0830 4784 [ a68f455ed2673835209318dd61bfbb0e ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:35:32.0830 4784 vsmraid - ok
20:35:32.0861 4784 [ b75232dad33bfd95bf6f0a3e6bff51e1 ] VSS C:\Windows\system32\vssvc.exe
20:35:32.0877 4784 VSS - ok
20:35:32.0892 4784 [ f14a7de2ea41883e250892e1e5230a9a ] W32Time C:\Windows\system32\w32time.dll
20:35:32.0892 4784 W32Time - ok
20:35:32.0908 4784 [ fef8fe5923fead2cee4dfabfce3393a7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:35:32.0908 4784 WacomPen - ok
20:35:32.0955 4784 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:35:32.0955 4784 Wanarp - ok
20:35:32.0955 4784 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:35:32.0955 4784 Wanarpv6 - ok
20:35:32.0986 4784 [ 48eee289df9e4989128b2283f3eeacc6 ] wbengine C:\Windows\system32\wbengine.exe
20:35:32.0986 4784 wbengine - ok
20:35:33.0002 4784 [ b4e4c37d0aa6100090a53213ee2bf1c1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:35:33.0002 4784 wcncsvc - ok
20:35:33.0017 4784 [ ea4b369560e986f19d93f45a881484ac ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:35:33.0017 4784 WcsPlugInService - ok
20:35:33.0033 4784 [ 0c17a0816f65b89e362e682ad5e7266e ] Wd C:\Windows\system32\drivers\wd.sys
20:35:33.0033 4784 Wd - ok
20:35:33.0064 4784 [ a3d04ebf5227886029b4532f20d026f7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
20:35:33.0064 4784 WDC_SAM - ok
20:35:33.0095 4784 [ d02e7e4567da1e7582fbf6a91144b0df ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:35:33.0095 4784 Wdf01000 - ok
20:35:33.0111 4784 [ c5efda73ebfca8b02a094898de0a9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:35:33.0111 4784 WdiServiceHost - ok
20:35:33.0127 4784 [ c5efda73ebfca8b02a094898de0a9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:35:33.0127 4784 WdiSystemHost - ok
20:35:33.0142 4784 [ 3e6d05381cf35f75ebb055544a8ed9ac ] WebClient C:\Windows\System32\webclnt.dll
20:35:33.0142 4784 WebClient - ok
20:35:33.0173 4784 [ 8d40bc587993f876658bf9fb0f7d3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:35:33.0173 4784 Wecsvc - ok
20:35:33.0189 4784 [ 9c980351d7e96288ea0c23ae232bd065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:35:33.0189 4784 wercplsupport - ok
20:35:33.0205 4784 [ 66b9ecebc46683f47edc06333c075fef ] WerSvc C:\Windows\System32\WerSvc.dll
20:35:33.0205 4784 WerSvc - ok
20:35:33.0220 4784 WinDefend - ok
20:35:33.0220 4784 WinHttpAutoProxySvc - ok
20:35:33.0252 4784 [ d2e7296ed1bd26d8db2799770c077a02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:35:33.0252 4784 Winmgmt - ok
20:35:33.0298 4784 [ 6cbb0c68f13b9c2ec1b16f5fa5e7c869 ] WinRM C:\Windows\system32\WsmSvc.dll
20:35:33.0502 4784 WinRM - ok
20:35:33.0533 4784 [ ec339c8115e91baed835957e9a677f16 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:35:33.0548 4784 Wlansvc - ok
20:35:33.0548 4784 [ e18aebaaa5a773fe11aa2c70f65320f5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:35:33.0548 4784 WmiAcpi - ok
20:35:33.0548 4784 [ 21fa389e65a852698b6a1341f36ee02d ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:35:33.0548 4784 wmiApSrv - ok
20:35:33.0564 4784 WMPNetworkSvc - ok
20:35:33.0580 4784 [ cbc156c913f099e6680d1df9307db7a8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:35:33.0580 4784 WPCSvc - ok
20:35:33.0595 4784 [ 490a18b4e4d53dc10879deaa8e8b70d9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:35:33.0611 4784 WPDBusEnum - ok
20:35:33.0611 4784 [ 5e2401b3fc1089c90e081291357371a9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:35:33.0611 4784 WpdUsb - ok
20:35:33.0798 4784 [ 991e2c2cf3bc204c2bb2ee1476149e4e ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:35:33.0830 4784 WPFFontCache_v0400 - ok
20:35:33.0845 4784 [ 8a900348370e359b6bff6a550e4649e1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:35:33.0845 4784 ws2ifsl - ok
20:35:33.0877 4784 [ 9ea3e6d0ef7a5c2b9181961052a4b01a ] wscsvc C:\Windows\system32\wscsvc.dll
20:35:33.0877 4784 wscsvc - ok
20:35:33.0877 4784 WSearch - ok
20:35:33.0923 4784 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:35:33.0939 4784 wuauserv - ok
20:35:33.0986 4784 [ 501a65252617b495c0f1832f908d54d8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:35:33.0986 4784 WUDFRd - ok
20:35:34.0017 4784 [ 6cbd51ff913c851d56ed9dc7f2a27dde ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:35:34.0017 4784 wudfsvc - ok
20:35:34.0048 4784 [ da1c23f65ef1894ab5b6ff79d81f544a ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
20:35:34.0048 4784 xnacc - ok
20:35:34.0080 4784 ================ Scan global ===============================
20:35:34.0111 4784 (060dc3a7a9a2626031eb23d90151428d) C:\Windows\system32\basesrv.dll
20:35:34.0127 4784 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
20:35:34.0142 4784 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
20:35:34.0173 4784 (934e0b7d77ff78c18d9f8891221b6de3) C:\Windows\system32\services.exe
20:35:34.0173 4784 [Global] - ok
20:35:34.0173 4784 ================ Scan MBR ==================================
20:35:34.0173 4784 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:35:34.0627 4784 \Device\Harddisk0\DR0 - ok
20:35:34.0642 4784 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
20:35:34.0642 4784 \Device\Harddisk1\DR1 - ok
20:35:34.0642 4784 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
20:35:34.0642 4784 \Device\Harddisk2\DR2 - ok
20:35:34.0658 4784 ================ Scan VBR ==================================
20:35:34.0673 4784 Boot (0x1200) (5fa32186e0291859112c19c5fac48c28) \Device\Harddisk0\DR0\Partition1
20:35:34.0673 4784 \Device\Harddisk0\DR0\Partition1 - ok
20:35:34.0673 4784 Boot (0x1200) (e89844501272f3ea0867289cbd111f6d) \Device\Harddisk1\DR1\Partition1
20:35:34.0673 4784 \Device\Harddisk1\DR1\Partition1 - ok
20:35:34.0673 4784 Boot (0x1200) (731152301cca5ad7dc021dd21691c3fa) \Device\Harddisk2\DR2\Partition1
20:35:34.0673 4784 \Device\Harddisk2\DR2\Partition1 - ok
20:35:34.0673 4784 ============================================================
20:35:34.0673 4784 Scan finished
20:35:34.0673 4784 ============================================================
20:35:34.0689 1812 Detected object count: 0
20:35:34.0689 1812 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 20:37:44
-----------------------------
20:37:44.607 OS Version: Windows x64 6.0.6002 Service Pack 2
20:37:44.607 Number of processors: 8 586 0x1A04
20:37:44.607 ComputerName: JASON-PC UserName: Jason
20:37:47.294 Initialize success
20:38:39.625 AVAST engine defs: 12081503
20:38:43.346 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
20:38:43.346 Disk 0 Vendor: WDC_WD5001AALS-00L3B2 01.03B01 Size: 476940MB BusType: 3
20:38:43.346 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T1L0-7
20:38:43.346 Disk 1 Vendor: WDC_WD5001AALS-00L3B2 01.03B01 Size: 476940MB BusType: 3
20:38:43.346 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007a
20:38:43.346 Disk 2 Vendor: Size: 476940MB BusType: 0
20:38:43.409 Disk 0 MBR read successfully
20:38:43.409 Disk 0 MBR scan
20:38:43.424 Disk 0 Windows VISTA default MBR code
20:38:43.424 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
20:38:43.440 Disk 0 scanning C:\Windows\system32\drivers
20:38:52.575 Service scanning
20:39:09.441 Modules scanning
20:39:09.441 Disk 0 trace - called modules:
20:39:09.457 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
20:39:09.457 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a82060]
20:39:09.457 3 CLASSPNP.SYS[fffffa6000fc4c33] -> nt!IofCallDriver -> [0xfffffa80065d7520]
20:39:09.457 5 acpi.sys[fffffa60008fcfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa80065d3520]
20:39:11.176 AVAST engine scan C:\Windows
20:39:14.863 AVAST engine scan C:\Windows\system32
20:42:07.959 AVAST engine scan C:\Windows\system32\drivers
20:42:23.803 AVAST engine scan C:\Users\Jason
20:43:34.718 AVAST engine scan C:\ProgramData
20:44:34.672 Scan finished successfully
20:57:16.894 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Desktop\MBR.dat"
20:57:16.909 The log file has been saved successfully to "C:\Users\Jason\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 15 August 2012 - 08:27 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Funmoods

DDS::
mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728

Firefox::
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\dr4rwc9b.default\
FF - prefs.js: browser.startup.homepage - hxxp://torrentleech.org/
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0B0CtDtCtA0Fzy0FyE0DyDtBtN0D0Tzu0CtCzyzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=477177728&q=
FF - user.js: extensions.funmoods.id - 001FBC013F9F4D52
FF - user.js: extensions.funmoods.instlDay - 15538
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:1:44
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 16 August 2012 - 05:32 PM

ComboFix 12-08-16.01 - Jason 08/16/2012 6:32.2.8 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6134.3911 [GMT -4:00]
Running from: c:\users\Jason\Downloads\ComboFix.exe
Command switches used :: c:\users\Jason\Desktop\CFScript.txt
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Funmoods
c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortApp.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortEng.dll
c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortShld.dll
c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico
c:\program files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe
c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 10:38 . 2012-08-16 10:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-16 10:38 . 2012-08-16 10:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 07:02 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 00:06 . 2012-08-16 00:06 -------- d-----w- c:\users\Jason\AppData\Local\CrashDumps
2012-08-15 19:07 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 19:07 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-15 19:07 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 11:57 . 2012-08-15 11:57 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-10 02:18 . 2012-08-10 02:18 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-08-10 02:07 . 2012-08-10 03:36 -------- d-----w- c:\program files\Symantec
2012-08-10 02:07 . 2012-08-10 03:36 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-10 02:07 . 2012-08-10 02:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-10 02:06 . 2012-08-16 00:10 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-08-10 02:06 . 2012-08-10 02:06 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-08-10 02:06 . 2012-08-10 02:07 -------- d-----w- c:\programdata\Norton
2012-08-10 02:05 . 2012-08-10 02:05 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-08-10 01:01 . 2012-08-10 01:01 -------- d-----w- c:\users\Jason\AppData\Roaming\NVIDIA
2012-08-10 01:00 . 2012-08-10 01:01 -------- d-----w- c:\program files\Speccy
2012-08-07 01:58 . 2012-08-07 01:58 -------- d-----w- c:\users\Jason\AppData\Local\SKIDROW
2012-08-06 21:45 . 2008-05-30 18:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2012-08-04 12:10 . 2012-08-06 21:40 -------- d-----w- C:\temp
2012-08-04 12:04 . 2012-08-10 02:04 -------- d-----w- c:\programdata\Trend Micro
2012-08-03 14:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDF13EA4-C9C0-4F39-8BF0-E4B5C5B5B63C}\mpengine.dll
2012-08-02 09:49 . 2012-08-16 00:19 -------- d-----w- c:\users\Jason\AppData\Roaming\Apple Computer
2012-08-02 09:49 . 2012-08-02 09:49 -------- d-----w- c:\users\Jason\AppData\Local\Apple Computer
2012-08-02 09:49 . 2012-08-02 09:49 -------- dc----w- c:\windows\system32\DRVSTORE
2012-08-02 09:49 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-02 09:49 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-02 09:49 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-02 09:48 . 2012-08-02 09:48 -------- d-----w- c:\program files\iPod
2012-08-02 09:48 . 2012-08-02 09:49 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-08-02 09:48 . 2012-08-02 09:49 -------- d-----w- c:\program files\iTunes
2012-08-02 09:48 . 2012-08-02 09:49 -------- d-----w- c:\program files (x86)\iTunes
2012-08-02 09:48 . 2012-08-02 09:48 -------- d-----w- c:\programdata\Apple Computer
2012-08-02 09:47 . 2012-08-02 09:47 -------- d-----w- c:\users\Jason\AppData\Local\Apple
2012-08-02 09:47 . 2012-08-02 09:47 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-02 09:45 . 2012-08-02 09:45 -------- d-----w- c:\program files\Common Files\Apple
2012-08-02 09:45 . 2012-08-02 09:45 -------- d-----w- c:\program files\Bonjour
2012-08-02 09:45 . 2012-08-02 09:45 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-02 09:45 . 2012-08-02 09:48 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-02 09:45 . 2012-08-02 09:47 -------- d-----w- c:\programdata\Apple
2012-07-26 07:18 . 2012-07-26 07:18 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-07-26 07:18 . 2012-07-26 07:18 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-26 01:48 . 2012-02-29 14:06 1556480 ----a-w- c:\windows\system32\DWrite.dll
2012-07-26 01:48 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-26 01:48 . 2012-03-01 15:39 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-26 01:48 . 2012-03-01 15:39 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-26 01:48 . 2012-03-01 14:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-07-26 01:48 . 2012-03-01 14:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-07-26 01:48 . 2012-02-29 14:40 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-26 01:48 . 2012-02-29 14:09 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-07-26 01:48 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-07-26 01:48 . 2012-02-29 13:44 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-07-26 01:48 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-07-26 01:48 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-07-25 22:56 . 2012-06-28 16:14 78848 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKAiO2PPR.dll
2012-07-25 22:51 . 2012-07-25 22:52 -------- d-----w- c:\users\Default\AppData\Local\Eastman_Kodak_Company
2012-07-25 22:50 . 2012-07-25 22:50 -------- d-----w- c:\windows\SysWow64\kodak
2012-07-25 22:46 . 2012-07-25 22:46 -------- d-----w- c:\users\Default\AppData\Roaming\KODAK AiO Home Center1997812852
2012-07-25 08:16 . 2012-07-25 08:16 -------- d-----w- c:\windows\SysWow64\spool
2012-07-25 07:27 . 2012-07-25 07:27 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2012-07-25 07:26 . 2012-07-25 07:26 3584 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-25 07:11 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-25 07:11 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-25 07:11 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-25 07:11 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-07-25 07:11 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-07-25 07:11 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-07-25 07:11 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-07-25 07:11 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-07-25 07:11 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-25 07:11 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-25 07:11 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-25 07:11 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-25 07:11 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-25 00:08 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-25 00:07 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-25 00:02 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-07-25 00:01 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-24 23:58 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-24 23:58 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-07-24 23:05 . 2012-07-24 23:35 -------- d-----w- c:\program files (x86)\Diablo III
2012-07-24 23:05 . 2012-07-24 23:30 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-07-24 23:05 . 2012-07-24 23:30 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\system32\ca-ES
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\system32\eu-ES
2012-07-24 22:55 . 2012-07-24 22:55 -------- d-----w- c:\windows\system32\vi-VN
2012-07-24 22:51 . 2012-07-24 22:51 -------- d-----w- c:\windows\system32\SPReview
2012-07-24 22:33 . 2009-04-11 04:07 3584 ----a-w- c:\windows\system32\drivers\en-US\hdaudbus.sys.mui
2012-07-24 22:33 . 2009-04-11 04:10 56320 ----a-w- c:\windows\system32\compcln.exe
2012-07-24 22:33 . 2009-04-11 04:05 7680 ----a-w- c:\windows\system32\drivers\en-US\bthport.sys.mui
2012-07-24 22:31 . 2009-04-11 04:15 347112 ----a-w- c:\windows\system32\drivers\netio.sys
2012-07-24 22:30 . 2009-04-11 04:11 57856 ----a-w- c:\windows\system32\DevicePairingProxy.dll
2012-07-24 22:29 . 2009-04-11 04:11 1114112 ----a-w- c:\windows\system32\WerFaultSecure.exe
2012-07-24 22:28 . 2009-04-11 04:11 328704 ----a-w- c:\windows\system32\Wldap32.dll
2012-07-24 22:27 . 2009-04-11 04:11 489984 ----a-w- c:\windows\system32\wlangpui.dll
2012-07-24 22:27 . 2009-04-11 04:11 218624 ----a-w- c:\windows\system32\wlanui.dll
2012-07-24 22:27 . 2009-04-11 04:11 1792512 ----a-w- c:\windows\system32\wlanpref.dll
2012-07-24 22:27 . 2009-04-11 04:11 287744 ----a-w- c:\windows\system32\wisptis.exe
2012-07-24 22:27 . 2009-04-11 04:11 405504 ----a-w- c:\windows\system32\winlogon.exe
2012-07-24 22:27 . 2009-04-11 03:28 399360 ----a-w- c:\windows\SysWow64\wlangpui.dll
2012-07-24 22:27 . 2009-04-11 03:28 202752 ----a-w- c:\windows\SysWow64\wlanui.dll
2012-07-24 22:27 . 2009-04-11 03:28 1671680 ----a-w- c:\windows\SysWow64\wlanpref.dll
2012-07-24 22:27 . 2009-04-11 03:28 314368 ----a-w- c:\windows\SysWow64\winlogon.exe
2012-07-24 22:27 . 2009-04-11 04:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll
2012-07-24 21:56 . 2012-07-24 21:56 -------- d-----w- c:\windows\system32\EventProviders
2012-07-24 21:38 . 2012-07-24 21:38 -------- d-----w- c:\programdata\Battle.net
2012-07-23 02:14 . 2012-07-23 02:14 -------- d-----w- c:\users\Jason\etpro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 07:00 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-15 11:57 . 2012-07-16 01:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 11:57 . 2012-07-16 01:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 02:29 . 2012-07-16 02:29 256576 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-16 01:46 . 2012-07-16 01:46 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-16 01:46 . 2012-07-16 01:46 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-18 13:48 . 2012-06-18 13:48 122368 ----a-w- c:\windows\system32\EKaio2WiaCoInst.dll
2012-06-18 13:48 . 2012-06-18 13:48 10240 ----a-w- c:\windows\system32\EKaio2WiaCoInstRes.dll
2012-06-12 13:48 . 2012-06-12 13:48 1644544 ----a-w- c:\windows\system32\EKAiO2MON.dll
2012-06-12 13:48 . 2012-06-12 13:48 177664 ----a-w- c:\windows\system32\EKAiO2COI09.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-05-31 16:25 . 2012-07-16 02:38 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-16_00.11.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-25 07:28 . 2012-07-25 07:28 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-16 07:03 . 2012-06-28 00:08 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-16 07:03 . 2012-06-28 00:13 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-08-16 07:03 . 2012-06-28 00:13 65024 c:\windows\SysWOW64\jsproxy.dll
- 2008-01-21 03:19 . 2012-08-16 00:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:19 . 2012-08-16 08:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:19 . 2012-08-16 08:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:19 . 2012-08-16 00:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:19 . 2012-08-16 08:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:19 . 2012-08-16 00:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-25 07:28 . 2012-07-25 07:28 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-16 07:03 . 2012-06-28 03:13 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-16 07:03 . 2012-06-28 03:18 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 85504 c:\windows\system32\jsproxy.dll
+ 2012-08-16 07:03 . 2012-06-28 03:17 85504 c:\windows\system32\jsproxy.dll
+ 2012-04-25 16:11 . 2012-04-25 16:11 52736 c:\windows\system32\drivers\usbaapl64.sys
- 2012-07-16 21:46 . 2012-07-17 07:13 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2012-07-16 21:46 . 2012-07-17 07:13 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-07-16 21:46 . 2012-07-17 07:13 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-08-16 00:09 . 2012-08-16 00:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-16 10:40 . 2012-08-16 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-16 00:09 . 2012-08-16 00:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 10:40 . 2012-08-16 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-25 07:28 . 2012-07-25 07:28 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-16 07:03 . 2012-06-28 00:16 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-15 19:07 . 2012-06-29 16:01 467968 c:\windows\SysWOW64\netapi32.dll
+ 2012-08-16 07:03 . 2012-06-28 00:10 717824 c:\windows\SysWOW64\jscript.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-16 07:03 . 2012-06-28 00:12 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-07-25 07:28 . 2012-07-25 07:28 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-08-16 07:03 . 2012-06-28 00:04 176640 c:\windows\SysWOW64\ieui.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 237056 c:\windows\system32\url.dll
+ 2012-08-16 07:03 . 2012-06-28 03:19 237056 c:\windows\system32\url.dll
- 2006-11-02 12:46 . 2012-08-15 00:13 615676 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-16 07:28 615676 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-08-15 00:13 107716 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-08-16 07:28 107716 c:\windows\system32\perfc009.dat
+ 2012-08-16 07:03 . 2012-06-28 03:16 816640 c:\windows\system32\jscript.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-16 07:03 . 2012-06-28 03:16 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-16 07:03 . 2012-06-28 03:08 248320 c:\windows\system32\ieui.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 248320 c:\windows\system32\ieui.dll
+ 2006-11-02 15:21 . 2012-08-16 07:22 379312 c:\windows\system32\FNTCACHE.DAT
- 2006-11-02 15:21 . 2012-07-25 08:19 379312 c:\windows\system32\FNTCACHE.DAT
+ 2012-07-26 07:18 . 2012-08-16 10:38 375656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-07-26 07:18 . 2012-08-16 00:07 375656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-18 19:46 . 2012-07-18 19:46 593408 c:\windows\Installer\17a60d6.msp
- 2012-07-16 21:46 . 2012-07-17 07:13 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2012-07-16 21:46 . 2012-07-17 07:13 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2012-07-16 21:46 . 2012-07-17 07:13 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2012-07-16 21:46 . 2012-07-17 07:13 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2012-07-16 21:46 . 2012-07-17 07:13 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2012-07-16 21:46 . 2012-07-17 07:13 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2012-07-16 21:46 . 2012-07-17 07:13 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-06-23 13:54 . 2011-06-23 13:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2012-08-16 07:03 . 2012-06-28 00:18 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-08-16 07:03 . 2012-06-28 00:18 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-16 07:03 . 2012-06-28 00:27 1800704 c:\windows\SysWOW64\jscript9.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-16 07:03 . 2012-06-28 00:08 1793024 c:\windows\SysWOW64\iertutil.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-08-16 07:03 . 2012-06-28 00:28 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 1392128 c:\windows\system32\wininet.dll
+ 2012-08-16 07:03 . 2012-06-28 03:21 1392128 c:\windows\system32\wininet.dll
+ 2012-04-25 16:11 . 2012-04-25 16:11 4547944 c:\windows\system32\usbaaplrc.dll
+ 2012-08-16 07:03 . 2012-06-28 03:22 1346048 c:\windows\system32\urlmon.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-16 07:03 . 2012-06-28 03:28 2312704 c:\windows\system32\jscript9.dll
- 2012-07-25 07:28 . 2012-07-25 07:28 2144768 c:\windows\system32\iertutil.dll
+ 2012-08-16 07:03 . 2012-06-28 03:14 2144768 c:\windows\system32\iertutil.dll
+ 2012-06-26 22:03 . 2012-06-26 22:03 3875840 c:\windows\Installer\17a6106.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 5009920 c:\windows\Installer\17a60a6.msp
+ 2012-07-16 21:46 . 2012-08-16 07:04 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2012-07-16 21:46 . 2012-07-17 07:13 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2012-07-16 21:46 . 2012-07-17 07:13 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-07-16 21:46 . 2012-08-16 07:04 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-08-16 07:03 . 2012-06-28 00:50 12317184 c:\windows\SysWOW64\mshtml.dll
+ 2006-11-02 12:33 . 2012-08-16 07:20 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-08-16 07:03 . 2012-06-28 04:10 17809920 c:\windows\system32\mshtml.dll
+ 2012-08-16 07:03 . 2012-06-28 03:39 10925568 c:\windows\system32\ieframe.dll
+ 2012-07-26 07:18 . 2012-08-16 10:38 16997464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4060384399-3820371411-581424263-1000-12288.dat
- 2012-07-26 07:18 . 2012-08-16 00:07 16997464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4060384399-3820371411-581424263-1000-12288.dat
+ 2012-07-25 20:59 . 2012-07-25 20:59 11032064 c:\windows\Installer\17a60ee.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 10937344 c:\windows\Installer\17a60be.msp
+ 2011-08-03 23:53 . 2011-08-03 23:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2010-11-11 570688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe" [2012-06-19 2784256]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 11:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\dr4rwc9b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-funmoods - c:\progra~2\Funmoods\1.5.23.22\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\01\10\017\10-"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-08-16 06:46:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 10:46
ComboFix2.txt 2012-08-16 00:16
.
Pre-Run: 325,055,053,824 bytes free
Post-Run: 324,946,923,520 bytes free
.
- - End Of File - - 0A8BF5583F842C6131C9C5724721FF69

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 17 August 2012 - 07:17 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

PremierOpinion
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.




Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users