Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow computer, needs cleaned


  • This topic is locked This topic is locked
21 replies to this topic

#1 the_tone

the_tone

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 08 October 2012 - 06:32 PM

my windows XP desktop has slowed dramatically in the recent past and needs a thorough cleaning.
messaging gringo to provide the same excellent help that he has in the past.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 08 October 2012 - 11:43 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 09 October 2012 - 05:09 PM

the computer was very slow, often freezing when attempting to complete these steps.


checkup log:

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````


dds log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
Run by user at 17:55:59 on 2012-10-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.266 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Verizon\IHA_MessageCenter\bin\IHAMCNotify.exe
C:\Program Files\Western Digital\WD SmartWare\WDLockedFiles.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://online.bethpage.coop/Loans.aspx?acctID=8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.9.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.9.0.9\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.9.0.9\coIEPlg.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WD Quick View] c:\program files\western digital\wd quick view\WDDMStatus.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/user/Application%20Data/Smilebox/OzDesktopImporter.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F45D62E3-444C-4B33-A9D6-2472594B9EA6} : DhcpNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\9vlkxjfq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\user\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\9vlkxjfq.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\user\desktop\picasa3\npPicasa3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1309000.009\symds.sys [2012-10-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1309000.009\symefa.sys [2012-10-1 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1309000.009\ccsetx86.sys [2012-10-1 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1309000.009\ironx86.sys [2012-10-1 149624]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2012-6-11 335888]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-23 2253120]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2012-6-2 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2012-6-2 185640]
R2 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2012-6-14 248248]
R2 WDRulesService;WD Rules;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2012-6-14 1177536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20121006.001\IDSXpx86.sys [2012-10-10 373728]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-10-19 30560]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-10-9 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-18 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-18 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-16 114144]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\virusdefs\20121009.003\NAVENG.SYS [2012-10-11 92704]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\virusdefs\20121009.003\NAVEX15.SYS [2012-10-11 1601184]
.
=============== Created Last 30 ================
.
2012-10-09 22:45:10 -------- d-----w- c:\windows\system32\NtmsData
2012-10-09 21:48:20 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2012-10-09 21:41:54 -------- d-----w- c:\program files\Western Digital
2012-10-07 14:14:37 -------- d-----w- c:\documents and settings\user\local settings\application data\Western_Digital
2012-10-06 23:29:51 -------- d-----w- c:\documents and settings\all users\application data\Western Digital
2012-10-06 23:27:49 -------- d-----w- c:\documents and settings\user\local settings\application data\Western Digital
2012-10-01 20:49:58 924320 ----a-w- c:\windows\system32\drivers\nis\1309000.009\symefa.sys
2012-10-01 20:49:58 388216 ----a-w- c:\windows\system32\drivers\nis\1309000.009\symtdi.sys
2012-10-01 20:49:58 345208 ----a-w- c:\windows\system32\drivers\nis\1309000.009\symtdiv.sys
2012-10-01 20:49:58 340088 ----a-r- c:\windows\system32\drivers\nis\1309000.009\symds.sys
2012-10-01 20:49:58 318584 ----a-w- c:\windows\system32\drivers\nis\1309000.009\symnets.sys
2012-10-01 20:49:57 574112 ----a-w- c:\windows\system32\drivers\nis\1309000.009\srtsp.sys
2012-10-01 20:49:57 32928 ----a-w- c:\windows\system32\drivers\nis\1309000.009\srtspx.sys
2012-10-01 20:49:57 149624 ----a-w- c:\windows\system32\drivers\nis\1309000.009\ironx86.sys
2012-10-01 20:49:57 132768 ----a-w- c:\windows\system32\drivers\nis\1309000.009\ccsetx86.sys
2012-10-01 20:49:37 8942 ----a-w- c:\windows\system32\drivers\nis\1309000.009\symvtcer.dat
2012-10-01 20:49:36 -------- d-----w- c:\windows\system32\drivers\nis\1309000.009
2012-09-21 01:46:28 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-10-11 17:47:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 17:47:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-04 00:00:54 230840 ----a-r- c:\windows\system32\cpnprt2.cid
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-60MHB5 rev.10.02E04 -> Harddisk0\DR0 -> \Device\0000006f
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce™ IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x86F19AB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000070[0x86F89AC0]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\0000006e[0x86F17030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 18:04:07.32 ===============


thanks

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 09 October 2012 - 05:32 PM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 09 October 2012 - 09:11 PM

computer still slow/freezing...

logs:

# AdwCleaner v2.004 - Logfile created 10/11/2012 at 21:06:05
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : user - USER-30DED2C6EC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\user\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9vlkxjfq.default\prefs.js

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9vlkxjfq.default\user.js ... Deleted !

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.userId", "{2bdaac52-31df-4e87-85f7-be13e2692829}");

*************************

AdwCleaner[S1].txt - [1803 octets] - [11/10/2012 21:06:05]

########## EOF - C:\AdwCleaner[S1].txt - [1863 octets] ##########


.................................................................

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 10/11/2012 22:04:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x86CFBAD0)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x86CFBB90)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x86691948)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x86CF3CC0)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x86CD8090)
SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x86CF5F58)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x86CF2BB0)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x867056C8)
SSDT[57] : NtDebugActiveProcess @ 0x80643A1C -> HOOKED (Unknown @ 0x86CF3DA0)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x86D034D0)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8667F8B8)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x866828D8)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x866829B8)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x86C91BC8)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x86CF0890)
SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x86CF5E98)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x866FB6D0)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x866F76D0)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x86CF58F8)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x866F4718)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x86CF2C80)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x86247F28)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x86702860)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x86702920)
SSDT[240] : NtSetSystemInformation @ 0x8060FC04 -> HOOKED (Unknown @ 0x86CF4CB0)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x86CF59D8)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x86703850)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x86283E80)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x86703930)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x86CF07B0)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8667F9A8)
S_SSDT[307] : Unknown -> HOOKED (Unknown @ 0x8679E6B8)
S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x8679C6B8)
S_SSDT[414] : Unknown -> HOOKED (Unknown @ 0x8679B6B8)
S_SSDT[416] : Unknown -> HOOKED (Unknown @ 0x8679D6B8)
S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x866A46B8)
S_SSDT[460] : Unknown -> HOOKED (Unknown @ 0x866E58B0)
S_SSDT[475] : Unknown -> HOOKED (Unknown @ 0x866C56B8)
S_SSDT[476] : Unknown -> HOOKED (Unknown @ 0x86CC56F8)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x8674E6B8)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x866E98F0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JS-60MHB5 +++++
--- User ---
[MBR] 4619b694614d56848739c875813add3a
[BSP] 948124840cc13ff34a87d77993ba60e3 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: WDC WD2500JS-60MHB5 +++++
--- User ---
[MBR] dac48233327a3a7cab5387ab9e418d1a
[BSP] dbebc684081253ff2734d57b5c762cba : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238474 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



.........................................................


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 10/11/2012 22:04:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x86CFBAD0)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x86CFBB90)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x86691948)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x86CF3CC0)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x86CD8090)
SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x86CF5F58)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x86CF2BB0)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x867056C8)
SSDT[57] : NtDebugActiveProcess @ 0x80643A1C -> HOOKED (Unknown @ 0x86CF3DA0)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x86D034D0)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8667F8B8)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x866828D8)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x866829B8)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x86C91BC8)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x86CF0890)
SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x86CF5E98)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x866FB6D0)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x866F76D0)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x86CF58F8)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x866F4718)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x86CF2C80)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x86247F28)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x86702860)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x86702920)
SSDT[240] : NtSetSystemInformation @ 0x8060FC04 -> HOOKED (Unknown @ 0x86CF4CB0)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x86CF59D8)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x86703850)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x86283E80)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x86703930)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x86CF07B0)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8667F9A8)
S_SSDT[307] : Unknown -> HOOKED (Unknown @ 0x8679E6B8)
S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x8679C6B8)
S_SSDT[414] : Unknown -> HOOKED (Unknown @ 0x8679B6B8)
S_SSDT[416] : Unknown -> HOOKED (Unknown @ 0x8679D6B8)
S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x866A46B8)
S_SSDT[460] : Unknown -> HOOKED (Unknown @ 0x866E58B0)
S_SSDT[475] : Unknown -> HOOKED (Unknown @ 0x866C56B8)
S_SSDT[476] : Unknown -> HOOKED (Unknown @ 0x86CC56F8)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x8674E6B8)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x866E98F0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JS-60MHB5 +++++
--- User ---
[MBR] 4619b694614d56848739c875813add3a
[BSP] 948124840cc13ff34a87d77993ba60e3 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: WDC WD2500JS-60MHB5 +++++
--- User ---
[MBR] dac48233327a3a7cab5387ab9e418d1a
[BSP] dbebc684081253ff2734d57b5c762cba : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238474 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 09 October 2012 - 09:25 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 10 October 2012 - 06:23 AM

Hello,

the computer seems to be running a little better, although I have not been doing anything with it besides this... no web browsing right now.

also having disconnected the external hard drive and its western digital smartware backup software may have helped.
I have read that it is a resource hog.

conmbofix log:

ComboFix 12-10-09.01 - user 10/12/2012 6:49.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.253 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\user\LOCALS~1\Temp\PT-BR\GarminMapUpdater.resources.dll
c:\docume~1\user\LOCALS~1\Temp\PT\GarminMapUpdater.resources.dll
c:\docume~1\user\LOCALS~1\Temp\RU\GarminMapUpdater.resources.dll
c:\docume~1\user\LOCALS~1\Temp\SK\GarminMapUpdater.resources.dll
c:\docume~1\user\LOCALS~1\Temp\SL\GarminMapUpdater.resources.dll
c:\docume~1\user\LOCALS~1\Temp\SV\GarminMapUpdater.resources.dll
c:\docume~1\user\LOCALS~1\Temp\TH\GarminMapUpdater.resources.dll
c:\docume~1\user\LOCALS~1\Temp\TR\GarminMapUpdater.resources.dll
c:\docume~1\user\LOCALS~1\Temp\UK\GarminMapUpdater.resources.dll
c:\docume~1\user\LOCALS~1\Temp\ZH-CN\GarminMapUpdater.resources.dll
c:\docume~1\user\LOCALS~1\Temp\ZH-TW\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\PT-BR\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\PT\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\RU\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\SK\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\SL\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\SV\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\TH\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\TR\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\UK\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\ZH-CN\GarminMapUpdater.resources.dll
c:\documents and settings\user\Local Settings\Temp\ZH-TW\GarminMapUpdater.resources.dll
c:\documents and settings\user\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 02:09 . 2012-10-12 02:09 -------- d-----w- c:\windows\LastGood
2012-10-09 22:45 . 2012-10-12 01:39 -------- d-----w- c:\windows\system32\NtmsData
2012-10-09 21:48 . 2012-06-14 15:04 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2012-10-09 21:41 . 2012-10-09 21:41 -------- d-----w- c:\program files\Western Digital
2012-10-07 14:14 . 2012-10-09 22:24 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Western_Digital
2012-10-06 23:29 . 2012-10-09 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2012-10-06 23:27 . 2012-10-09 20:47 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Western Digital
2012-10-01 20:49 . 2012-10-02 13:31 -------- d-----w- c:\windows\system32\drivers\NIS\1309000.009
2012-09-21 01:46 . 2012-10-11 17:46 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 17:47 . 2012-04-16 12:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 17:47 . 2011-06-25 14:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 19:12 . 2004-10-08 12:01 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2004-10-08 12:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2004-10-08 12:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2004-10-08 12:01 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-04 00:00 . 2010-01-17 14:52 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-09-07 22:58 . 2012-09-07 22:57 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]
"AGRSMMSG"="AGRSMMSG.exe" [2006-04-28 89542]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2012-06-02 206120]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\documents and settings\user\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\symds.sys [10/1/2012 4:49 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\symefa.sys [10/1/2012 4:49 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [10/1/2012 12:46 PM 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccsetx86.sys [10/1/2012 4:49 PM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\ironx86.sys [10/1/2012 4:49 PM 149624]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [6/11/2012 5:59 PM 335888]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [10/1/2012 4:49 PM 138272]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/23/2011 6:46 PM 2253120]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [6/2/2012 6:34 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [6/2/2012 6:35 AM 185640]
R2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [6/14/2012 11:04 AM 1151424]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [6/14/2012 10:57 AM 248248]
R2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [6/14/2012 11:04 AM 1177536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 10:02 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20121009.001\IDSXpx86.sys [10/11/2012 7:24 PM 373728]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10/19/2009 11:08 PM 30560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2012 6:23 PM 136176]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/16/2012 8:02 AM 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2012 6:23 PM 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/16/2012 4:32 PM 114144]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/9/2012 5:48 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 17:51]
.
2012-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-18 22:23]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-18 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = https://online.bethpage.coop/Loans.aspx?acctID=8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/user/Application%20Data/Smilebox/OzDesktopImporter.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9vlkxjfq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-12 07:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-60MHB5 rev.10.02E04 -> Harddisk0\DR0 -> \Device\0000006f
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1788223648-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:ff,25,bc,95,16,9c,7a,11,1b,fd,69,23,e1,14,bf,dc,35,39,21,f0,bb,
1e,46,fb,35,85,97,e1,5a,da,2f,a5,2c,23,2b,08,95,1e,b0,51,09,84,bb,f6,ef,4f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-10-12 07:15:58
ComboFix-quarantined-files.txt 2012-10-12 11:15
.
Pre-Run: 30,638,374,912 bytes free
Post-Run: 32,461,996,032 bytes free
.
- - End Of File - - 7A199EC3BDE74D799F15464746433BCD


thanks

#8 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 10 October 2012 - 06:24 AM

should i leave the backup disconnected for now?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 10 October 2012 - 05:19 PM

Greetings


yes leave the backup disconnected for now



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 11 October 2012 - 05:40 AM

gringo,

wife texted me that the computer was much improved yesterday.
tonite it is better but still slows from time to time.
the aswmbr scan took a long time


20:12:45.0343 1488 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:12:47.0343 1488 ============================================================
20:12:47.0343 1488 Current date / time: 2012/10/10 20:12:47.0343
20:12:47.0343 1488 SystemInfo:
20:12:47.0343 1488
20:12:47.0343 1488 OS Version: 5.1.2600 ServicePack: 3.0
20:12:47.0343 1488 Product type: Workstation
20:12:47.0343 1488 ComputerName: USER-30DED2C6EC
20:12:47.0343 1488 UserName: user
20:12:47.0343 1488 Windows directory: C:\WINDOWS
20:12:47.0343 1488 System windows directory: C:\WINDOWS
20:12:47.0343 1488 Processor architecture: Intel x86
20:12:47.0343 1488 Number of processors: 2
20:12:47.0343 1488 Page size: 0x1000
20:12:47.0343 1488 Boot type: Normal boot
20:12:47.0343 1488 ============================================================
20:12:50.0062 1488 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:12:50.0078 1488 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x764A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
20:12:50.0140 1488 ============================================================
20:12:50.0140 1488 \Device\Harddisk0\DR0:
20:12:50.0171 1488 MBR partitions:
20:12:50.0171 1488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
20:12:50.0171 1488 \Device\Harddisk1\DR1:
20:12:50.0171 1488 MBR partitions:
20:12:50.0171 1488 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C5541
20:12:50.0171 1488 ============================================================
20:12:50.0343 1488 C: <-> \Device\Harddisk0\DR0\Partition1
20:12:50.0375 1488 D: <-> \Device\Harddisk1\DR1\Partition1
20:12:50.0390 1488 ============================================================
20:12:50.0390 1488 Initialize success
20:12:50.0390 1488 ============================================================
20:12:55.0906 5132 ============================================================
20:12:55.0906 5132 Scan started
20:12:55.0906 5132 Mode: Manual;
20:12:55.0906 5132 ============================================================
20:12:56.0937 5132 ================ Scan system memory ========================
20:12:56.0953 5132 System memory - ok
20:12:56.0953 5132 ================ Scan services =============================
20:12:57.0718 5132 Abiosdsk - ok
20:12:57.0718 5132 abp480n5 - ok
20:12:57.0796 5132 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:12:57.0843 5132 ACPI - ok
20:12:57.0875 5132 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:12:57.0953 5132 ACPIEC - ok
20:12:58.0265 5132 [ 2486C8E3F14496341E90CF2AB8BC82ED ] AdobeActiveFileMonitor4.0 C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
20:12:58.0343 5132 AdobeActiveFileMonitor4.0 - ok
20:12:58.0484 5132 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:12:58.0625 5132 AdobeFlashPlayerUpdateSvc - ok
20:12:58.0781 5132 adpu160m - ok
20:12:58.0796 5132 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:12:58.0796 5132 aec - ok
20:12:58.0843 5132 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:12:58.0859 5132 AFD - ok
20:12:58.0906 5132 [ 9C9D3B7A05445B1AB2DF4D0C4D6B77E8 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
20:12:58.0906 5132 AgereModemAudio - ok
20:12:59.0015 5132 [ 1320B1184BA03E09BDDA5DF480D8E3A0 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:12:59.0078 5132 AgereSoftModem - ok
20:12:59.0093 5132 Aha154x - ok
20:12:59.0093 5132 aic78u2 - ok
20:12:59.0093 5132 aic78xx - ok
20:12:59.0281 5132 [ 34149A136B2B7525113950233F259EC1 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:12:59.0468 5132 ALCXWDM - ok
20:12:59.0515 5132 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:12:59.0515 5132 Alerter - ok
20:12:59.0531 5132 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:12:59.0531 5132 ALG - ok
20:12:59.0531 5132 AliIde - ok
20:12:59.0578 5132 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:12:59.0578 5132 AmdK8 - ok
20:12:59.0593 5132 amsint - ok
20:12:59.0687 5132 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:12:59.0703 5132 Apple Mobile Device - ok
20:12:59.0734 5132 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:12:59.0765 5132 AppMgmt - ok
20:12:59.0796 5132 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:12:59.0812 5132 Arp1394 - ok
20:12:59.0812 5132 asc - ok
20:12:59.0812 5132 asc3350p - ok
20:12:59.0828 5132 asc3550 - ok
20:12:59.0921 5132 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:12:59.0968 5132 aspnet_state - ok
20:12:59.0984 5132 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:12:59.0984 5132 AsyncMac - ok
20:13:00.0015 5132 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:13:00.0031 5132 atapi - ok
20:13:00.0031 5132 Atdisk - ok
20:13:00.0062 5132 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:13:00.0078 5132 Atmarpc - ok
20:13:00.0109 5132 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:13:00.0109 5132 AudioSrv - ok
20:13:00.0156 5132 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:13:00.0171 5132 audstub - ok
20:13:00.0203 5132 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
20:13:00.0218 5132 BANTExt - ok
20:13:00.0265 5132 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:13:00.0281 5132 Beep - ok
20:13:00.0546 5132 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
20:13:00.0593 5132 BHDrvx86 - ok
20:13:00.0656 5132 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:13:00.0765 5132 BITS - ok
20:13:00.0843 5132 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:13:00.0859 5132 Bonjour Service - ok
20:13:00.0890 5132 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:13:00.0906 5132 Browser - ok
20:13:01.0000 5132 catchme - ok
20:13:01.0046 5132 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:13:01.0062 5132 cbidf2k - ok
20:13:01.0109 5132 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:13:01.0125 5132 CCDECODE - ok
20:13:01.0218 5132 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys
20:13:01.0234 5132 ccSet_NIS - ok
20:13:01.0250 5132 cd20xrnt - ok
20:13:01.0281 5132 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:13:01.0281 5132 Cdaudio - ok
20:13:01.0328 5132 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:13:01.0359 5132 Cdfs - ok
20:13:01.0375 5132 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:13:01.0390 5132 Cdrom - ok
20:13:01.0390 5132 Changer - ok
20:13:01.0437 5132 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:13:01.0453 5132 CiSvc - ok
20:13:01.0484 5132 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:13:01.0484 5132 ClipSrv - ok
20:13:01.0515 5132 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:13:01.0593 5132 clr_optimization_v2.0.50727_32 - ok
20:13:01.0640 5132 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:13:01.0671 5132 clr_optimization_v4.0.30319_32 - ok
20:13:01.0671 5132 CmdIde - ok
20:13:01.0671 5132 COMSysApp - ok
20:13:01.0687 5132 Cpqarray - ok
20:13:01.0734 5132 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:13:01.0734 5132 CryptSvc - ok
20:13:01.0734 5132 dac2w2k - ok
20:13:01.0734 5132 dac960nt - ok
20:13:01.0796 5132 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:13:01.0796 5132 DcomLaunch - ok
20:13:01.0859 5132 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:13:01.0859 5132 Dhcp - ok
20:13:01.0906 5132 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:13:01.0906 5132 Disk - ok
20:13:01.0906 5132 dmadmin - ok
20:13:01.0968 5132 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:13:01.0984 5132 dmboot - ok
20:13:02.0000 5132 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:13:02.0000 5132 dmio - ok
20:13:02.0015 5132 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:13:02.0031 5132 dmload - ok
20:13:02.0062 5132 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:13:02.0062 5132 dmserver - ok
20:13:02.0093 5132 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:13:02.0109 5132 DMusic - ok
20:13:02.0140 5132 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:13:02.0140 5132 Dnscache - ok
20:13:02.0187 5132 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:13:02.0203 5132 Dot3svc - ok
20:13:02.0203 5132 dpti2o - ok
20:13:02.0250 5132 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:13:02.0250 5132 drmkaud - ok
20:13:02.0281 5132 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:13:02.0296 5132 EapHost - ok
20:13:02.0359 5132 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:13:02.0359 5132 eeCtrl - ok
20:13:02.0437 5132 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
20:13:02.0437 5132 ehRecvr - ok
20:13:02.0468 5132 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
20:13:02.0468 5132 ehSched - ok
20:13:02.0515 5132 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilDrv11220 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
20:13:02.0515 5132 EraserUtilDrv11220 - ok
20:13:02.0531 5132 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:13:02.0531 5132 ERSvc - ok
20:13:02.0578 5132 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:13:02.0578 5132 Eventlog - ok
20:13:02.0640 5132 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:13:02.0640 5132 EventSystem - ok
20:13:02.0671 5132 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:13:02.0671 5132 Fastfat - ok
20:13:02.0718 5132 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:13:02.0718 5132 FastUserSwitchingCompatibility - ok
20:13:02.0750 5132 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:13:02.0765 5132 Fdc - ok
20:13:02.0812 5132 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:13:02.0812 5132 Fips - ok
20:13:02.0828 5132 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:13:02.0828 5132 Flpydisk - ok
20:13:02.0875 5132 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:13:02.0906 5132 FltMgr - ok
20:13:02.0968 5132 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:13:02.0984 5132 FontCache3.0.0.0 - ok
20:13:03.0000 5132 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:13:03.0015 5132 Fs_Rec - ok
20:13:03.0046 5132 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:13:03.0046 5132 Ftdisk - ok
20:13:03.0078 5132 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:13:03.0109 5132 GEARAspiWDM - ok
20:13:03.0156 5132 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:13:03.0171 5132 Gpc - ok
20:13:03.0281 5132 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:03.0281 5132 gupdate - ok
20:13:03.0281 5132 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:03.0281 5132 gupdatem - ok
20:13:03.0328 5132 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:13:03.0359 5132 gusvc - ok
20:13:03.0437 5132 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:13:03.0453 5132 helpsvc - ok
20:13:03.0484 5132 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:13:03.0484 5132 HidServ - ok
20:13:03.0531 5132 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:13:03.0531 5132 HidUsb - ok
20:13:03.0562 5132 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:13:03.0578 5132 hkmsvc - ok
20:13:03.0578 5132 hpn - ok
20:13:03.0625 5132 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:13:03.0640 5132 HTTP - ok
20:13:03.0703 5132 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:13:03.0734 5132 HTTPFilter - ok
20:13:03.0734 5132 i2omgmt - ok
20:13:03.0734 5132 i2omp - ok
20:13:03.0765 5132 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:13:03.0796 5132 i8042prt - ok
20:13:03.0890 5132 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:13:03.0906 5132 IDriverT - ok
20:13:03.0984 5132 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:13:04.0015 5132 idsvc - ok
20:13:04.0125 5132 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20121009.001\IDSxpx86.sys
20:13:04.0125 5132 IDSxpx86 - ok
20:13:04.0265 5132 [ 5CAB9D1AB5C9384D28DFF89DBE7A72BB ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
20:13:04.0265 5132 IHA_MessageCenter - ok
20:13:04.0296 5132 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:13:04.0296 5132 Imapi - ok
20:13:04.0359 5132 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:13:04.0359 5132 ImapiService - ok
20:13:04.0359 5132 ini910u - ok
20:13:04.0375 5132 IntelIde - ok
20:13:04.0406 5132 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:13:04.0406 5132 Ip6Fw - ok
20:13:04.0453 5132 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:13:04.0468 5132 IpFilterDriver - ok
20:13:04.0484 5132 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:13:04.0484 5132 IpInIp - ok
20:13:04.0515 5132 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:13:04.0515 5132 IpNat - ok
20:13:04.0593 5132 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:13:04.0640 5132 iPod Service - ok
20:13:04.0703 5132 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:13:04.0703 5132 IPSec - ok
20:13:04.0734 5132 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:13:04.0750 5132 IRENUM - ok
20:13:04.0765 5132 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:13:04.0765 5132 isapnp - ok
20:13:04.0890 5132 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:13:04.0890 5132 JavaQuickStarterService - ok
20:13:04.0906 5132 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:13:04.0906 5132 Kbdclass - ok
20:13:04.0921 5132 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:13:04.0921 5132 kbdhid - ok
20:13:04.0984 5132 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:13:04.0984 5132 kmixer - ok
20:13:05.0015 5132 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:13:05.0015 5132 KSecDD - ok
20:13:05.0046 5132 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:13:05.0062 5132 lanmanserver - ok
20:13:05.0109 5132 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:13:05.0125 5132 lanmanworkstation - ok
20:13:05.0125 5132 lbrtfdc - ok
20:13:05.0187 5132 [ 38FC5C640DDAAA062CED247B979AA648 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
20:13:05.0187 5132 LexBceS - ok
20:13:05.0250 5132 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:13:05.0250 5132 LmHosts - ok
20:13:05.0296 5132 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
20:13:05.0296 5132 McrdSvc - ok
20:13:05.0406 5132 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:13:05.0406 5132 MDM - ok
20:13:05.0453 5132 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:13:05.0468 5132 Messenger - ok
20:13:05.0531 5132 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
20:13:05.0578 5132 MHN - ok
20:13:05.0593 5132 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:13:05.0593 5132 MHNDRV - ok
20:13:05.0640 5132 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:13:05.0656 5132 mnmdd - ok
20:13:05.0687 5132 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:13:05.0687 5132 mnmsrvc - ok
20:13:05.0734 5132 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:13:05.0734 5132 Modem - ok
20:13:05.0750 5132 [ 201BFC4EF8B33D02D133FBF6535E515B ] motccgp C:\WINDOWS\system32\DRIVERS\motccgp.sys
20:13:05.0750 5132 motccgp - ok
20:13:05.0765 5132 [ D0242A3832EB7C97801BB25889561E23 ] motccgpfl C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
20:13:05.0781 5132 motccgpfl - ok
20:13:05.0812 5132 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motport C:\WINDOWS\system32\DRIVERS\motport.sys
20:13:05.0828 5132 motport - ok
20:13:05.0859 5132 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:13:05.0859 5132 Mouclass - ok
20:13:05.0875 5132 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:13:05.0875 5132 MountMgr - ok
20:13:05.0953 5132 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:13:05.0984 5132 MozillaMaintenance - ok
20:13:05.0984 5132 mraid35x - ok
20:13:05.0984 5132 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:13:06.0000 5132 MRxDAV - ok
20:13:06.0046 5132 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:13:06.0062 5132 MRxSmb - ok
20:13:06.0109 5132 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:13:06.0125 5132 MSDTC - ok
20:13:06.0140 5132 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:13:06.0140 5132 Msfs - ok
20:13:06.0187 5132 [ 29E0EC2A9DC4C7913657A51DFFF97856 ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
20:13:06.0203 5132 MSHUSBVideo - ok
20:13:06.0203 5132 MSIServer - ok
20:13:06.0234 5132 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:13:06.0234 5132 MSKSSRV - ok
20:13:06.0265 5132 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:13:06.0265 5132 MSPCLOCK - ok
20:13:06.0281 5132 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:13:06.0281 5132 MSPQM - ok
20:13:06.0328 5132 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:13:06.0328 5132 mssmbios - ok
20:13:06.0359 5132 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:13:06.0375 5132 MSTEE - ok
20:13:06.0421 5132 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:13:06.0437 5132 Mup - ok
20:13:06.0468 5132 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:13:06.0468 5132 NABTSFEC - ok
20:13:06.0500 5132 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:13:06.0531 5132 napagent - ok
20:13:06.0625 5132 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20121010.020\NAVENG.SYS
20:13:06.0625 5132 NAVENG - ok
20:13:06.0703 5132 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20121010.020\NAVEX15.SYS
20:13:06.0765 5132 NAVEX15 - ok
20:13:06.0812 5132 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:13:06.0812 5132 NDIS - ok
20:13:06.0843 5132 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:13:06.0859 5132 NdisIP - ok
20:13:06.0890 5132 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:13:06.0906 5132 NdisTapi - ok
20:13:06.0953 5132 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:13:06.0953 5132 Ndisuio - ok
20:13:06.0984 5132 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:13:07.0000 5132 NdisWan - ok
20:13:07.0031 5132 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:13:07.0062 5132 NDProxy - ok
20:13:07.0093 5132 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:13:07.0109 5132 NetBIOS - ok
20:13:07.0156 5132 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:13:07.0156 5132 NetBT - ok
20:13:07.0203 5132 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:13:07.0218 5132 NetDDE - ok
20:13:07.0218 5132 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:13:07.0218 5132 NetDDEdsdm - ok
20:13:07.0281 5132 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:13:07.0281 5132 Netlogon - ok
20:13:07.0328 5132 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:13:07.0328 5132 Netman - ok
20:13:07.0375 5132 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:13:07.0406 5132 NetTcpPortSharing - ok
20:13:07.0437 5132 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:13:07.0437 5132 NIC1394 - ok
20:13:07.0515 5132 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
20:13:07.0515 5132 NIS - ok
20:13:07.0562 5132 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:13:07.0562 5132 Nla - ok
20:13:07.0609 5132 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:13:07.0609 5132 Npfs - ok
20:13:07.0625 5132 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:13:07.0656 5132 Ntfs - ok
20:13:07.0671 5132 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:13:07.0671 5132 NtLmSsp - ok
20:13:07.0718 5132 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:13:07.0734 5132 NtmsSvc - ok
20:13:07.0765 5132 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:13:07.0765 5132 Null - ok
20:13:08.0234 5132 [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:13:08.0812 5132 nv - ok
20:13:08.0859 5132 [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
20:13:08.0875 5132 nvata - ok
20:13:08.0875 5132 [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvatabus C:\WINDOWS\system32\drivers\nvatabus.sys
20:13:08.0875 5132 nvatabus - ok
20:13:08.0921 5132 [ A545DF28F75BCB109A3AADBB07552B12 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:13:08.0968 5132 NVENETFD - ok
20:13:09.0015 5132 [ EA41F641420F3D8271804D287C1EF461 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:13:09.0031 5132 nvnetbus - ok
20:13:09.0093 5132 [ 0573C75A2895D973EA6EF2495620BA49 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:13:09.0156 5132 NVSvc - ok
20:13:09.0390 5132 [ 9C84945FEEE40EA42D3BCA5C22250D47 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:13:09.0468 5132 nvUpdatusService - ok
20:13:09.0515 5132 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:13:09.0531 5132 NwlnkFlt - ok
20:13:09.0562 5132 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:13:09.0562 5132 NwlnkFwd - ok
20:13:09.0593 5132 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:13:09.0593 5132 ohci1394 - ok
20:13:09.0625 5132 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:13:09.0640 5132 ose - ok
20:13:09.0687 5132 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:13:09.0703 5132 Parport - ok
20:13:09.0703 5132 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:13:09.0703 5132 PartMgr - ok
20:13:09.0765 5132 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:13:09.0781 5132 ParVdm - ok
20:13:09.0796 5132 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:13:09.0796 5132 PCI - ok
20:13:09.0812 5132 PCIDump - ok
20:13:09.0828 5132 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:13:09.0843 5132 PCIIde - ok
20:13:09.0875 5132 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:13:09.0890 5132 Pcmcia - ok
20:13:09.0890 5132 PDCOMP - ok
20:13:09.0906 5132 PDFRAME - ok
20:13:09.0906 5132 PDRELI - ok
20:13:09.0906 5132 PDRFRAME - ok
20:13:09.0921 5132 perc2 - ok
20:13:09.0921 5132 perc2hib - ok
20:13:09.0968 5132 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:13:09.0968 5132 PlugPlay - ok
20:13:09.0984 5132 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:13:09.0984 5132 PolicyAgent - ok
20:13:10.0031 5132 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:13:10.0031 5132 PptpMiniport - ok
20:13:10.0046 5132 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:13:10.0046 5132 Processor - ok
20:13:10.0046 5132 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:13:10.0046 5132 ProtectedStorage - ok
20:13:10.0062 5132 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:13:10.0078 5132 PSched - ok
20:13:10.0093 5132 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:13:10.0093 5132 Ptilink - ok
20:13:10.0125 5132 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:13:10.0140 5132 PxHelp20 - ok
20:13:10.0140 5132 ql1080 - ok
20:13:10.0156 5132 Ql10wnt - ok
20:13:10.0156 5132 ql12160 - ok
20:13:10.0171 5132 ql1240 - ok
20:13:10.0171 5132 ql1280 - ok
20:13:10.0203 5132 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:13:10.0203 5132 RasAcd - ok
20:13:10.0250 5132 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:13:10.0265 5132 RasAuto - ok
20:13:10.0296 5132 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:13:10.0296 5132 Rasl2tp - ok
20:13:10.0343 5132 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:13:10.0343 5132 RasMan - ok
20:13:10.0359 5132 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:13:10.0359 5132 RasPppoe - ok
20:13:10.0390 5132 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:13:10.0390 5132 Raspti - ok
20:13:10.0437 5132 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:13:10.0453 5132 Rdbss - ok
20:13:10.0484 5132 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:13:10.0484 5132 RDPCDD - ok
20:13:10.0500 5132 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:13:10.0500 5132 rdpdr - ok
20:13:10.0562 5132 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:13:10.0578 5132 RDPWD - ok
20:13:10.0609 5132 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:13:10.0625 5132 RDSessMgr - ok
20:13:10.0656 5132 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:13:10.0671 5132 redbook - ok
20:13:10.0734 5132 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:13:10.0750 5132 RemoteAccess - ok
20:13:10.0843 5132 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:13:10.0843 5132 RemoteRegistry - ok
20:13:10.0921 5132 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:13:10.0937 5132 RpcLocator - ok
20:13:10.0984 5132 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:13:10.0984 5132 RpcSs - ok
20:13:11.0031 5132 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:13:11.0046 5132 RSVP - ok
20:13:11.0078 5132 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:13:11.0078 5132 SamSs - ok
20:13:11.0109 5132 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:13:11.0109 5132 SCardSvr - ok
20:13:11.0156 5132 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:13:11.0156 5132 Schedule - ok
20:13:11.0203 5132 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:13:11.0218 5132 Secdrv - ok
20:13:11.0250 5132 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:13:11.0265 5132 seclogon - ok
20:13:11.0281 5132 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:13:11.0281 5132 SENS - ok
20:13:11.0328 5132 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:13:11.0328 5132 serenum - ok
20:13:11.0343 5132 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:13:11.0359 5132 Serial - ok
20:13:11.0406 5132 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:13:11.0421 5132 Sfloppy - ok
20:13:11.0468 5132 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:13:11.0468 5132 SharedAccess - ok
20:13:11.0500 5132 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:13:11.0500 5132 ShellHWDetection - ok
20:13:11.0515 5132 Simbad - ok
20:13:11.0656 5132 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:13:11.0750 5132 Skype C2C Service - ok
20:13:11.0812 5132 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:13:11.0812 5132 SkypeUpdate - ok
20:13:11.0843 5132 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:13:11.0843 5132 SLIP - ok
20:13:11.0859 5132 Sparrow - ok
20:13:11.0906 5132 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:13:11.0906 5132 splitter - ok
20:13:11.0937 5132 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:13:11.0937 5132 Spooler - ok
20:13:11.0984 5132 sprtsvc_verizondm - ok
20:13:12.0000 5132 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:13:12.0031 5132 sr - ok
20:13:12.0062 5132 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:13:12.0078 5132 srservice - ok
20:13:12.0125 5132 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS
20:13:12.0140 5132 SRTSP - ok
20:13:12.0156 5132 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1309000.009\SRTSPX.SYS
20:13:12.0203 5132 SRTSPX - ok
20:13:12.0296 5132 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:13:12.0359 5132 Srv - ok
20:13:12.0406 5132 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:13:12.0406 5132 SSDPSRV - ok
20:13:12.0421 5132 Steam Client Service - ok
20:13:12.0484 5132 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:13:12.0484 5132 stisvc - ok
20:13:12.0515 5132 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:13:12.0531 5132 streamip - ok
20:13:12.0562 5132 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:13:12.0562 5132 swenum - ok
20:13:12.0578 5132 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:13:12.0609 5132 swmidi - ok
20:13:12.0609 5132 SwPrv - ok
20:13:12.0609 5132 symc810 - ok
20:13:12.0625 5132 symc8xx - ok
20:13:12.0671 5132 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMDS.SYS
20:13:12.0671 5132 SymDS - ok
20:13:12.0734 5132 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMEFA.SYS
20:13:12.0781 5132 SymEFA - ok
20:13:12.0828 5132 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:13:12.0843 5132 SymEvent - ok
20:13:12.0875 5132 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1309000.009\Ironx86.SYS
20:13:12.0890 5132 SymIRON - ok
20:13:12.0921 5132 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS
20:13:12.0953 5132 SYMTDI - ok
20:13:12.0953 5132 sym_hi - ok
20:13:12.0953 5132 sym_u3 - ok
20:13:12.0984 5132 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:13:12.0984 5132 sysaudio - ok
20:13:13.0031 5132 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:13:13.0046 5132 SysmonLog - ok
20:13:13.0093 5132 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:13:13.0093 5132 TapiSrv - ok
20:13:13.0171 5132 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:13:13.0187 5132 Tcpip - ok
20:13:13.0218 5132 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:13:13.0218 5132 TDPIPE - ok
20:13:13.0250 5132 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:13:13.0250 5132 TDTCP - ok
20:13:13.0265 5132 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:13:13.0281 5132 TermDD - ok
20:13:13.0343 5132 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:13:13.0343 5132 TermService - ok
20:13:13.0343 5132 tgsrvc_verizondm - ok
20:13:13.0375 5132 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:13:13.0375 5132 Themes - ok
20:13:13.0421 5132 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:13:13.0437 5132 TlntSvr - ok
20:13:13.0437 5132 TosIde - ok
20:13:13.0484 5132 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:13:13.0484 5132 TrkWks - ok
20:13:13.0515 5132 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:13:13.0515 5132 Udfs - ok
20:13:13.0515 5132 ultra - ok
20:13:13.0578 5132 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:13:13.0609 5132 Update - ok
20:13:13.0656 5132 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:13:13.0656 5132 upnphost - ok
20:13:13.0703 5132 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:13:13.0703 5132 UPS - ok
20:13:13.0750 5132 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:13:13.0750 5132 USBAAPL - ok
20:13:13.0781 5132 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:13:13.0796 5132 usbaudio - ok
20:13:13.0796 5132 usbbus - ok
20:13:13.0828 5132 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:13:13.0828 5132 usbccgp - ok
20:13:13.0828 5132 UsbDiag - ok
20:13:13.0859 5132 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:13:13.0859 5132 usbehci - ok
20:13:13.0921 5132 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:13:13.0937 5132 usbhub - ok
20:13:13.0937 5132 USBModem - ok
20:13:13.0984 5132 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:13:13.0984 5132 usbohci - ok
20:13:14.0031 5132 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:13:14.0046 5132 usbprint - ok
20:13:14.0078 5132 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:13:14.0093 5132 usbscan - ok
20:13:14.0109 5132 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:13:14.0125 5132 USBSTOR - ok
20:13:14.0140 5132 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:13:14.0140 5132 usbvideo - ok
20:13:14.0187 5132 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:13:14.0187 5132 VgaSave - ok
20:13:14.0203 5132 ViaIde - ok
20:13:14.0203 5132 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:13:14.0218 5132 VolSnap - ok
20:13:14.0265 5132 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:13:14.0296 5132 VSS - ok
20:13:14.0328 5132 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:13:14.0328 5132 W32Time - ok
20:13:14.0359 5132 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:13:14.0390 5132 Wanarp - ok
20:13:14.0484 5132 [ D634CFE93E0CD001499D0D6D68890C9E ] WDBackup C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
20:13:14.0546 5132 WDBackup - ok
20:13:14.0578 5132 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
20:13:14.0593 5132 WDC_SAM - ok
20:13:14.0640 5132 [ 2277CD5B13B18B6DF5F80E8A84254EA7 ] WDDriveService C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
20:13:14.0640 5132 WDDriveService - ok
20:13:14.0703 5132 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:13:14.0734 5132 Wdf01000 - ok
20:13:14.0750 5132 WDICA - ok
20:13:14.0796 5132 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:13:14.0812 5132 wdmaud - ok
20:13:14.0968 5132 [ A578AE45097ACAD346C86C96F1C0D5A7 ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
20:13:15.0156 5132 WDRulesService - ok
20:13:15.0203 5132 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:13:15.0203 5132 WebClient - ok
20:13:15.0312 5132 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:13:15.0312 5132 winmgmt - ok
20:13:15.0343 5132 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:13:15.0343 5132 WmdmPmSN - ok
20:13:15.0406 5132 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:13:15.0421 5132 Wmi - ok
20:13:15.0468 5132 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:13:15.0484 5132 WmiApSrv - ok
20:13:15.0562 5132 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:13:15.0609 5132 WMPNetworkSvc - ok
20:13:15.0656 5132 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:13:15.0671 5132 WpdUsb - ok
20:13:15.0750 5132 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:13:15.0796 5132 WPFFontCache_v0400 - ok
20:13:15.0828 5132 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:13:15.0843 5132 WS2IFSL - ok
20:13:15.0875 5132 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:13:15.0906 5132 wscsvc - ok
20:13:15.0937 5132 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:13:15.0953 5132 WSTCODEC - ok
20:13:16.0000 5132 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:13:16.0015 5132 wuauserv - ok
20:13:16.0062 5132 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:13:16.0156 5132 WudfPf - ok
20:13:16.0203 5132 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:13:16.0218 5132 WudfRd - ok
20:13:16.0250 5132 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:13:16.0250 5132 WudfSvc - ok
20:13:16.0312 5132 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:13:16.0500 5132 WZCSVC - ok
20:13:16.0546 5132 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:13:16.0640 5132 xmlprov - ok
20:13:16.0640 5132 ================ Scan global ===============================
20:13:16.0671 5132 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:13:16.0765 5132 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:13:16.0828 5132 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:13:16.0875 5132 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:13:16.0875 5132 [Global] - ok
20:13:16.0875 5132 ================ Scan MBR ==================================
20:13:16.0890 5132 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:13:17.0015 5132 \Device\Harddisk0\DR0 - ok
20:13:17.0015 5132 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:13:17.0031 5132 \Device\Harddisk1\DR1 - ok
20:13:17.0031 5132 ================ Scan VBR ==================================
20:13:17.0031 5132 [ C822C175FCF483444BDEBB7CD76326D2 ] \Device\Harddisk0\DR0\Partition1
20:13:17.0031 5132 \Device\Harddisk0\DR0\Partition1 - ok
20:13:17.0031 5132 [ 0AA1587DFB839D235BC0D06CA7D4589B ] \Device\Harddisk1\DR1\Partition1
20:13:17.0046 5132 \Device\Harddisk1\DR1\Partition1 - ok
20:13:17.0046 5132 ============================================================
20:13:17.0046 5132 Scan finished
20:13:17.0046 5132 ============================================================
20:13:17.0062 6044 Detected object count: 0
20:13:17.0062 6044 Actual detected object count: 0




mbr log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-10 20:47:33
-----------------------------
20:47:33.812 OS Version: Windows 5.1.2600 Service Pack 3
20:47:33.812 Number of processors: 2 586 0x4B02
20:47:33.812 ComputerName: USER-30DED2C6EC UserName: user
20:47:35.796 Initialize success
20:53:34.937 AVAST engine defs: 12101001
20:53:46.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
20:53:46.765 Disk 0 Vendor: WDC_WD2500JS-60MHB5 10.02E04 Size: 238475MB BusType: 3
20:53:46.765 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000070
20:53:46.765 Disk 1 Vendor: WDC_WD2500JS-60MHB5 10.02E04 Size: 238475MB BusType: 3
20:53:46.796 Disk 0 MBR read successfully
20:53:46.812 Disk 0 MBR scan
20:53:46.906 Disk 0 Windows XP default MBR code
20:53:46.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
20:53:46.937 Disk 0 scanning sectors +488376000
20:53:47.093 Disk 0 scanning C:\WINDOWS\system32\drivers
20:54:07.390 Service scanning
20:54:34.937 Modules scanning
20:54:48.046 Disk 0 trace - called modules:
20:54:48.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
20:54:48.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5aab8]
20:54:48.078 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000071[0x86ef6608]
20:54:48.078 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\0000006f[0x86f5a030]
20:54:48.656 AVAST engine scan C:\WINDOWS
20:55:02.296 AVAST engine scan C:\WINDOWS\system32
20:59:19.875 AVAST engine scan C:\WINDOWS\system32\drivers
20:59:46.312 AVAST engine scan C:\Documents and Settings\user
23:02:20.406 AVAST engine scan C:\Documents and Settings\All Users
23:04:24.015 File: C:\Documents and Settings\All Users\Application Data\DivX\Setup\finishPlugin.dll **HIDDEN**
23:04:25.171 File: C:\Documents and Settings\All Users\Application Data\DivX\Setup\RunAsUser\RUNASUSERPROCESS.dll **HIDDEN**
23:06:23.078 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYRLauncher.exe **HIDDEN**
23:06:23.843 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\BYRAppUninstall.exe **HIDDEN**
23:06:24.359 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\BYRClient_VZW.exe **HIDDEN**
23:06:24.968 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\BYRLauncher.exe **HIDDEN**
23:06:25.546 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\BYRUAUninstall.exe **HIDDEN**
23:06:26.218 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\CommonDL.dll **HIDDEN**
23:06:27.062 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\LGMobileDL.dll **HIDDEN**
23:06:27.765 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\LGMobileDLRapi.dll **HIDDEN**
23:06:28.328 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\mfc42.dll **HIDDEN**
23:06:28.890 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\msvcp60.dll **HIDDEN**
23:06:29.453 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\msvcrt.dll **HIDDEN**
23:06:30.109 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\msxml4.dll **HIDDEN**
23:06:30.625 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\msxml4a.dll **HIDDEN**
23:06:31.078 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\msxml4r.dll **HIDDEN**
23:06:32.437 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe **HIDDEN**
23:06:33.109 File: C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe **HIDDEN**
23:06:48.781 File: C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady\Cache\indiv01.key **HIDDEN**
23:06:50.093 File: C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady\Cache\S-1-5-21-1177238915-1788223648-682003330-1003\MSPRindiv01.key **HIDDEN**
23:06:57.718 Scan finished successfully
06:37:52.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
06:37:52.187 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 12 October 2012 - 12:13 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 13 October 2012 - 07:37 PM

hey gringo,

the log is below...
combofix repeatedly asked me to update, 3x, I did it twice and thought it would keep happening so the third time I said "no" to update.
the computer seems to be better, but (possibly related to internet load on our DSL, which is the lowest tier they offer) sometimes slows/freezes at night.

log:
ComboFix 12-10-09.01 - user 10/12/2012 21:56:54.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.309 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\user\LOCALS~1\Temp\_av4_\aswCmnB.dll
c:\docume~1\user\LOCALS~1\Temp\_av4_\aswCmnOS.dll
c:\docume~1\user\LOCALS~1\Temp\_av4_\aswCmnS.dll
c:\docume~1\user\LOCALS~1\Temp\_av4_\aswEngin.dll
c:\docume~1\user\LOCALS~1\Temp\_av4_\aswScan.dll
c:\documents and settings\user\Local Settings\Temp\_av4_\aswCmnB.dll
c:\documents and settings\user\Local Settings\Temp\_av4_\aswCmnOS.dll
c:\documents and settings\user\Local Settings\Temp\_av4_\aswCmnS.dll
c:\documents and settings\user\Local Settings\Temp\_av4_\aswEngin.dll
c:\documents and settings\user\Local Settings\Temp\_av4_\aswScan.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-09 22:45 . 2012-10-12 01:39 -------- d-----w- c:\windows\system32\NtmsData
2012-10-09 21:48 . 2012-06-14 15:04 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2012-10-09 21:41 . 2012-10-09 21:41 -------- d-----w- c:\program files\Western Digital
2012-10-07 14:14 . 2012-10-09 22:24 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Western_Digital
2012-10-06 23:29 . 2012-10-09 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2012-10-06 23:27 . 2012-10-09 20:47 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Western Digital
2012-10-01 20:49 . 2012-10-02 13:31 -------- d-----w- c:\windows\system32\drivers\NIS\1309000.009
2012-09-21 01:46 . 2012-10-11 17:46 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 17:47 . 2012-04-16 12:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 17:47 . 2011-06-25 14:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 19:12 . 2004-10-08 12:01 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2004-10-08 12:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2004-10-08 12:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2004-10-08 12:01 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 13:53 . 2004-10-08 12:01 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-10-08 12:01 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-08-04 00:00 . 2010-01-17 14:52 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-09-07 22:58 . 2012-09-07 22:57 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]
"AGRSMMSG"="AGRSMMSG.exe" [2006-04-28 89542]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2012-06-02 206120]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\documents and settings\user\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\symds.sys [10/1/2012 4:49 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\symefa.sys [10/1/2012 4:49 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [10/1/2012 12:46 PM 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccsetx86.sys [10/1/2012 4:49 PM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\ironx86.sys [10/1/2012 4:49 PM 149624]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [10/1/2012 4:49 PM 138272]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/23/2011 6:46 PM 2253120]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [6/2/2012 6:34 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [6/2/2012 6:35 AM 185640]
R2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [6/14/2012 11:04 AM 1151424]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [6/14/2012 10:57 AM 248248]
R2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [6/14/2012 11:04 AM 1177536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/11/2012 9:01 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20121012.001\IDSXpx86.sys [10/12/2012 9:38 PM 373728]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10/19/2009 11:08 PM 30560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2012 6:23 PM 136176]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [6/11/2012 5:59 PM 335888]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/16/2012 8:02 AM 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/18/2012 6:23 PM 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/16/2012 4:32 PM 114144]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/9/2012 5:48 PM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 17:51]
.
2012-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-18 22:23]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-18 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = https://online.bethpage.coop/Loans.aspx?acctID=8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/user/Application%20Data/Smilebox/OzDesktopImporter.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9vlkxjfq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-12 22:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-60MHB5 rev.10.02E04 -> Harddisk0\DR0 -> \Device\00000070
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1788223648-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:ff,25,bc,95,16,9c,7a,11,1b,fd,69,23,e1,14,bf,dc,35,39,21,f0,bb,
1e,46,fb,35,85,97,e1,5a,da,2f,a5,2c,23,2b,08,95,1e,b0,51,09,84,bb,f6,ef,4f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-10-12 22:23:22
ComboFix-quarantined-files.txt 2012-10-13 02:23
ComboFix2.txt 2012-10-12 11:15
.
Pre-Run: 34,782,150,656 bytes free
Post-Run: 34,987,753,472 bytes free
.
- - End Of File - - 7DD6B8B7A32040B7556557CF75C045FE


thanks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 13 October 2012 - 07:41 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 the_tone

the_tone
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 13 October 2012 - 09:22 PM

here is the report

(how is this a combofix report if I don't run combofix?)

7-Zip 9.22beta
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Agere Systems PCI Soft Modem
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belarc Advisor 8.2
Bonjour
CCleaner
CivCity
ClosetMaid v1.5.2
Compatibility Pack for the 2007 Office system
Costco Photo Organizer
Coupon Printer for Windows
DataPilot Trial
DING!
Dropbox
ESET Online Scanner v3
Facebook Plug-In
FaxTools
Garmin BaseCamp
Garmin Lifetime Updater
Garmin USB Drivers
Garmin WebUpdater
Google Earth Plug-in
Google Update Helper
GoToMeeting 5.0.0.799
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IC Card Reader Driver v1.9e
IHA_MessageCenter
Image Resizer Powertoy for Windows XP
iTunes
Java Auto Updater
Java™ 6 Update 31
Lexmark X74-X75
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
MyCar-Monitor 4.2.0.4
Norton Internet Security
NVIDIA Control Panel 285.58
NVIDIA Drivers
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA Update 1.5.20
NVIDIA Update Components
OverDrive Media Console
Picasa 3
Portal
Portal 2
QuickTime
Realtek AC'97 Audio
Seagate Manager Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Click to Call
Skype™ 5.10
SPORE™
Spotify
Steam
System Requirements Lab
TeamViewer 7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Verizon Download Manager
Vz In Home Agent
WD SmartWare
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

??

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 13 October 2012 - 11:44 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Coupon Printer for Windows
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users