Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple iexplore.exe/realplayer.exe causing slow navig and freeze.

Started by AlAdams , Aug 09 2011 11:02 AM

  • Please log in to reply

#1
AlAdams
Posted 09 August 2011 - 11:02 AM

AlAdams

    New Member

  • Member
  • Pip
  • 1 posts
Multiple iexplore.exe/realplayer.exe, though haven't seen realplayer.exe for a day or two, perhaps since first running OTL, causing slow site and program navigation, and rogue freezes, without any apparent cause, sometimes completely idle for extended periods then freeze.
i do have to admit to multi-tasking a bit much and having 30+ sites open and a number of programs running. Don't quite know the limits of the machine, but, if you could provide a clue it would help me adjust my work habits as well.

Your assistance is appreciated.

Al Adams


OTL-08092011-1230est:

ComboFix 11-08-09.02 - INTL 08/09/2011 12:14:19.2.1 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1983.1285 [GMT -4:00]
Running from: c:\users\INTL\Desktop\Username123.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-09 16:21 . 2011-08-09 16:21 -------- d-----w- c:\users\INTL\AppData\Local\temp
2011-08-09 16:21 . 2011-08-09 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-09 16:21 . 2011-08-09 16:21 -------- d-----w- c:\users\Al\AppData\Local\temp
2011-08-09 16:21 . 2011-08-09 16:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-07 23:42 . 2011-08-09 13:43 -------- d-----w- c:\users\UpdatusUser
2011-08-07 23:41 . 2011-05-25 06:09 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-07 23:41 . 2011-05-25 06:09 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-07 23:41 . 2011-05-25 06:09 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-07 23:41 . 2011-05-25 06:09 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-07 23:41 . 2011-05-25 06:09 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-07 23:41 . 2011-05-25 06:09 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-07 23:36 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-08-07 23:36 . 2011-05-25 06:09 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-07 23:36 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-07 23:36 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-07 23:36 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-07 23:36 . 2011-05-25 06:09 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-08-07 23:36 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-07 22:19 . 2011-08-07 22:19 -------- d-----w- c:\windows\Security
2011-08-07 22:18 . 2009-07-14 16:29 4223008 ----a-w- c:\windows\system32\NVStWiz.exe
2011-08-04 17:56 . 2009-11-24 13:55 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2011-08-04 17:56 . 2009-11-24 13:55 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2011-08-04 17:56 . 2011-06-30 20:14 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-08-04 17:56 . 2011-07-07 23:46 2189928 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-08-04 17:56 . 2011-07-07 21:39 3531176 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-08-04 17:56 . 2011-07-06 17:27 76392 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-08-04 17:55 . 2011-07-07 01:42 4187240 ----a-w- c:\windows\system32\RtkAPO.dll
2011-08-04 17:55 . 2011-07-01 18:05 1264232 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-08-04 17:55 . 2010-11-08 11:31 78680 ----a-w- c:\windows\system32\RTEEL32A.dll
2011-08-04 17:55 . 2010-11-08 11:31 359768 ----a-w- c:\windows\system32\RTEEP32A.dll
2011-08-04 17:55 . 2010-11-08 11:31 64856 ----a-w- c:\windows\system32\RTEEG32A.dll
2011-08-04 17:55 . 2010-11-08 11:31 170840 ----a-w- c:\windows\system32\RTEED32A.dll
2011-08-04 17:55 . 2010-11-08 11:31 295768 ----a-w- c:\windows\system32\RP3DHT32.dll
2011-08-04 17:55 . 2010-11-08 11:31 295768 ----a-w- c:\windows\system32\RP3DAA32.dll
2011-08-04 17:55 . 2011-05-05 19:24 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2011-08-04 17:55 . 2009-11-17 22:13 96160 ----a-w- c:\windows\system32\AERTARen.dll
2011-08-04 17:55 . 2010-07-22 20:37 175200 ----a-w- c:\windows\system32\AERTACap.dll
2011-08-04 17:47 . 2011-08-04 17:57 -------- d--h--w- c:\program files\Temp
2011-08-04 17:46 . 2011-08-04 17:46 -------- d-----w- c:\program files\Common Files\InstallShield
2011-08-04 17:13 . 2011-08-04 17:13 -------- d-----w- c:\users\INTL\AppData\Roaming\ParetoLogic
2011-08-04 17:13 . 2011-08-04 17:13 -------- d-----w- c:\users\INTL\AppData\Roaming\DriverCure
2011-08-04 17:08 . 2011-08-04 17:08 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-08-04 17:08 . 2011-08-04 17:08 -------- d-----w- c:\programdata\ParetoLogic
2011-08-04 14:04 . 2011-08-04 17:52 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-03 22:55 . 2011-08-03 22:55 -------- d-----w- c:\program files\Safari
2011-08-03 22:55 . 2011-08-03 23:19 -------- d-----w- c:\users\INTL\AppData\Local\Apple Computer
2011-08-03 22:54 . 2011-08-03 22:54 -------- dc----w- c:\windows\system32\DRVSTORE
2011-08-03 22:54 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-03 22:54 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-08-03 22:54 . 2011-08-03 22:54 -------- d-----w- c:\program files\iPod
2011-08-03 22:54 . 2011-08-03 22:54 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-03 22:54 . 2011-08-03 22:54 -------- d-----w- c:\program files\iTunes
2011-08-03 22:53 . 2011-08-03 22:53 -------- d-----w- c:\program files\Bonjour
2011-08-03 22:53 . 2011-08-03 22:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-03 22:53 . 2011-08-03 22:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-03 22:53 . 2011-08-03 22:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-03 22:53 . 2011-08-03 22:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-03 22:53 . 2011-08-03 22:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-03 22:53 . 2011-08-03 22:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-03 22:53 . 2011-08-03 22:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-03 07:09 . 2011-08-09 13:39 2208 ----a-w- c:\windows\system32\ASOROSet.bin
2011-08-01 21:40 . 2011-08-01 21:40 -------- d-----w- c:\windows\CheckSur
2011-07-31 22:52 . 2011-08-01 21:35 -------- d-----w- c:\windows\Logs
2011-07-29 22:37 . 2011-07-29 22:37 -------- d-----w- c:\users\INTL\AppData\Roaming\CyberDefender
2011-07-29 22:37 . 2011-07-29 22:37 -------- d-----w- c:\program files\CyberDefender
2011-07-29 22:32 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-28 16:17 . 2011-07-28 16:17 -------- d-----w- c:\program files\Apple Software Update
2011-07-27 23:28 . 2011-07-27 23:28 -------- dc-h--w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-07-27 23:28 . 2011-07-27 23:28 -------- d-----w- c:\program files\Uniblue
2011-07-27 13:56 . 2011-07-27 13:56 -------- d-----w- c:\users\INTL\AppData\Roaming\UltimateDomainFinder
2011-07-27 13:06 . 2011-07-27 13:06 -------- d-----w- c:\users\INTL\AppData\Roaming\com.finetune.air.FinetuneDesktop.5A5745AF31CA8642D8B7AB0B66869F7EAE12B728.1
2011-07-23 04:52 . 2011-07-23 04:52 -------- d-----w- c:\programdata\McAfee Security Scan
2011-07-23 04:52 . 2011-07-26 04:58 -------- d-----w- c:\program files\McAfee Security Scan
2011-07-22 17:41 . 2011-07-22 17:41 -------- d-----w- c:\program files\Verizon
2011-07-22 17:41 . 2011-07-22 17:41 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-07-22 17:41 . 2011-07-22 17:41 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-07-22 15:28 . 2011-07-22 15:28 -------- d-----w- c:\windows\Sun
2011-07-22 06:18 . 2011-07-22 06:18 -------- d-----w- c:\users\INTL\AppData\Roaming\Systweak
2011-07-22 06:18 . 2011-07-07 17:26 17280 ----a-w- c:\windows\system32\roboot.exe
2011-07-22 06:18 . 2011-07-22 06:18 -------- d-----w- c:\program files\RegClean Pro
2011-07-21 01:49 . 2011-07-22 16:55 -------- d-----w- c:\users\INTL\AppData\Local\Citrix
2011-07-20 02:40 . 2011-07-20 02:40 -------- d-----w- c:\program files\SystemRequirementsLab
2011-07-19 22:29 . 2011-07-19 22:29 -------- d-----w- c:\users\INTL\AppData\Local\Mozilla
2011-07-19 00:49 . 2011-07-19 00:49 -------- d-----w- c:\program files\Common Files\Java
2011-07-19 00:48 . 2011-07-19 00:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 00:47 . 2011-07-19 00:47 -------- d-----w- c:\program files\Java
2011-07-16 20:01 . 2011-08-04 00:02 -------- d-----w- c:\users\INTL\AppData\Roaming\Apple Computer
2011-07-16 04:06 . 2011-07-16 04:21 -------- d-----w- c:\users\INTL\AppData\Roaming\Article Marketing Robot
2011-07-15 16:30 . 2011-08-03 22:54 -------- d-----w- c:\programdata\Apple Computer
2011-07-15 16:28 . 2011-08-03 22:54 -------- d-----w- c:\program files\Common Files\Apple
2011-07-15 16:27 . 2011-07-15 16:27 -------- d-----w- c:\users\INTL\AppData\Local\Apple
2011-07-15 16:27 . 2011-07-15 16:27 -------- d-----w- c:\programdata\Apple
2011-07-15 16:11 . 2011-07-15 16:11 -------- d-----w- c:\users\INTL\AppData\Roaming\webex
2011-07-15 16:09 . 2011-07-15 17:27 -------- d-----w- c:\programdata\WebEx
2011-07-15 15:03 . 2011-07-15 15:03 -------- d-----w- c:\windows\system32\drivers\NSS
2011-07-15 15:03 . 2011-07-15 15:03 -------- d-----w- c:\program files\Norton Security Scan
2011-07-15 15:03 . 2011-07-15 15:03 -------- d-----w- c:\program files\NortonInstaller
2011-07-15 13:04 . 2011-07-15 13:04 -------- d-----w- c:\program files\Real
2011-07-15 13:04 . 2011-07-15 13:04 -------- d-----w- c:\program files\Common Files\xing shared
2011-07-15 13:04 . 2011-07-15 13:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-15 13:04 . 2011-07-15 13:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-15 13:03 . 2011-07-15 13:03 -------- d-----w- c:\users\INTL\AppData\Local\Real
2011-07-13 12:53 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-07-13 12:53 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-07-13 12:53 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-07-13 12:53 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-07-13 12:53 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-07-13 12:53 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-07-13 12:53 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-07-13 12:53 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-07-13 12:53 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-07-13 12:51 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-13 12:51 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-13 12:51 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-13 12:51 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-07-13 12:51 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-13 12:51 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-13 12:51 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-13 12:51 . 2011-06-03 06:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 12:51 . 2011-06-03 05:56 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 04:53 . 2011-06-18 06:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:39 . 2011-06-25 13:45 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-27 23:22 . 2011-06-27 23:22 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-06-25 01:39 . 2011-06-25 01:39 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{168CCB1D-7A68-44E6-BD10-C04F9A142B43}\gapaengine.dll
2011-06-18 05:06 . 2011-06-18 05:06 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-18 05:06 . 2011-06-18 05:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-18 05:06 . 2011-06-18 05:06 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-18 05:06 . 2011-06-18 05:06 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-18 05:06 . 2011-06-18 05:06 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-18 05:06 . 2011-06-18 05:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-18 05:06 . 2011-06-18 05:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-18 05:06 . 2011-06-18 05:06 367104 ----a-w- c:\windows\system32\html.iec
2011-06-18 05:06 . 2011-06-18 05:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-18 05:06 . 2011-06-18 05:06 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-18 05:06 . 2011-06-18 05:06 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-18 05:06 . 2011-06-18 05:06 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-18 05:06 . 2011-06-18 05:06 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-18 05:06 . 2011-06-18 05:06 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-18 05:06 . 2011-06-18 05:06 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-06-18 05:06 . 2011-06-18 05:06 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-18 05:06 . 2011-06-18 05:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-18 05:06 . 2011-06-18 05:06 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-18 05:06 . 2011-06-18 05:06 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-18 05:06 . 2011-06-18 05:06 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-18 05:06 . 2011-06-18 05:06 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-07 15:55 . 2011-06-24 10:14 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{367A0DB2-9B7D-45DC-BA44-8D46677D886E}\mpengine.dll
2011-05-25 06:09 . 2011-06-25 04:03 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-25 04:03 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-25 04:03 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-08-07 23:36 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 06:09 . 2011-06-25 04:03 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-24 10:44 . 2011-06-28 23:37 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="d:\programfiles\1_UT\1_PW\RF\RoboTaskBarIcon.exe" [2011-07-23 107000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\1_UT\1_MEDIA\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed Typing]
2002-12-12 18:18 101376 -c--a-w- d:\programfiles\1_UT\InventionPilot\SpeedTyping\STyping.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-07-15 13:04 273544 ----a-w- c:\program files\1_UT\1_MEDIA\Real\Update\realsched.exe
.
R1 MpKsl019b7619;MpKsl019b7619; [x]
R1 MpKsl0317bdcc;MpKsl0317bdcc; [x]
R1 MpKsl04db6ceb;MpKsl04db6ceb; [x]
R1 MpKsl06dd79b8;MpKsl06dd79b8; [x]
R1 MpKsl07e165ef;MpKsl07e165ef; [x]
R1 MpKsl0e488c63;MpKsl0e488c63; [x]
R1 MpKsl10dfc5fb;MpKsl10dfc5fb; [x]
R1 MpKsl1367f5a0;MpKsl1367f5a0; [x]
R1 MpKsl13723b38;MpKsl13723b38; [x]
R1 MpKsl182845aa;MpKsl182845aa; [x]
R1 MpKsl1b2a6347;MpKsl1b2a6347; [x]
R1 MpKsl1bf38f2b;MpKsl1bf38f2b; [x]
R1 MpKsl1c21dbfd;MpKsl1c21dbfd; [x]
R1 MpKsl200a38c7;MpKsl200a38c7; [x]
R1 MpKsl20d6af17;MpKsl20d6af17; [x]
R1 MpKsl21f826c1;MpKsl21f826c1; [x]
R1 MpKsl22c8719c;MpKsl22c8719c; [x]
R1 MpKsl27ac74a2;MpKsl27ac74a2; [x]
R1 MpKsl2873a1f7;MpKsl2873a1f7; [x]
R1 MpKsl289a08a1;MpKsl289a08a1; [x]
R1 MpKsl2d5a55bb;MpKsl2d5a55bb; [x]
R1 MpKsl2d734a20;MpKsl2d734a20; [x]
R1 MpKsl2d955d41;MpKsl2d955d41; [x]
R1 MpKsl2f714d64;MpKsl2f714d64; [x]
R1 MpKsl31e96fab;MpKsl31e96fab; [x]
R1 MpKsl3228e2dc;MpKsl3228e2dc; [x]
R1 MpKsl32c1b4ef;MpKsl32c1b4ef; [x]
R1 MpKsl34760b9f;MpKsl34760b9f; [x]
R1 MpKsl35a8cc10;MpKsl35a8cc10; [x]
R1 MpKsl3847cf8f;MpKsl3847cf8f; [x]
R1 MpKsl38c04f7a;MpKsl38c04f7a; [x]
R1 MpKsl3b14f56e;MpKsl3b14f56e; [x]
R1 MpKsl3c0338c1;MpKsl3c0338c1; [x]
R1 MpKsl3dad767e;MpKsl3dad767e; [x]
R1 MpKsl3dddae60;MpKsl3dddae60; [x]
R1 MpKsl3ee4f3c1;MpKsl3ee4f3c1; [x]
R1 MpKsl408d0798;MpKsl408d0798; [x]
R1 MpKsl40ab2d06;MpKsl40ab2d06; [x]
R1 MpKsl40f6c264;MpKsl40f6c264; [x]
R1 MpKsl44f0826f;MpKsl44f0826f; [x]
R1 MpKsl45419a26;MpKsl45419a26; [x]
R1 MpKsl45b7520d;MpKsl45b7520d; [x]
R1 MpKsl45ba9538;MpKsl45ba9538; [x]
R1 MpKsl4948493c;MpKsl4948493c; [x]
R1 MpKsl4b1a0de2;MpKsl4b1a0de2; [x]
R1 MpKsl4c2a52d4;MpKsl4c2a52d4; [x]
R1 MpKsl4cb7810f;MpKsl4cb7810f; [x]
R1 MpKsl51dcd38c;MpKsl51dcd38c; [x]
R1 MpKsl5252baf1;MpKsl5252baf1; [x]
R1 MpKsl53f290d5;MpKsl53f290d5; [x]
R1 MpKsl557d204e;MpKsl557d204e; [x]
R1 MpKsl56a66e64;MpKsl56a66e64; [x]
R1 MpKsl56c9fa8d;MpKsl56c9fa8d; [x]
R1 MpKsl57514979;MpKsl57514979; [x]
R1 MpKsl5801fb56;MpKsl5801fb56; [x]
R1 MpKsl5d48896a;MpKsl5d48896a; [x]
R1 MpKsl5db51729;MpKsl5db51729; [x]
R1 MpKsl60d6aed8;MpKsl60d6aed8; [x]
R1 MpKsl6368f0ad;MpKsl6368f0ad; [x]
R1 MpKsl637ac9ed;MpKsl637ac9ed; [x]
R1 MpKsl6450b363;MpKsl6450b363; [x]
R1 MpKsl651c8217;MpKsl651c8217; [x]
R1 MpKsl660d764c;MpKsl660d764c; [x]
R1 MpKsl6cfa184c;MpKsl6cfa184c; [x]
R1 MpKsl6db26420;MpKsl6db26420; [x]
R1 MpKsl6e274754;MpKsl6e274754; [x]
R1 MpKsl75378106;MpKsl75378106; [x]
R1 MpKsl765bf025;MpKsl765bf025; [x]
R1 MpKsl786665c7;MpKsl786665c7; [x]
R1 MpKsl7cb3b721;MpKsl7cb3b721; [x]
R1 MpKsl7cb64520;MpKsl7cb64520; [x]
R1 MpKsl7cc4d0cb;MpKsl7cc4d0cb; [x]
R1 MpKsl7cfe5129;MpKsl7cfe5129; [x]
R1 MpKsl7e1f5c9c;MpKsl7e1f5c9c; [x]
R1 MpKsl7f48c77b;MpKsl7f48c77b; [x]
R1 MpKsl818c29fb;MpKsl818c29fb; [x]
R1 MpKsl8328b3a8;MpKsl8328b3a8; [x]
R1 MpKsl850d7264;MpKsl850d7264; [x]
R1 MpKsl8687f9ad;MpKsl8687f9ad; [x]
R1 MpKsl86db1f66;MpKsl86db1f66; [x]
R1 MpKsl8740f464;MpKsl8740f464; [x]
R1 MpKsl8a92af15;MpKsl8a92af15; [x]
R1 MpKsl8ffeb118;MpKsl8ffeb118; [x]
R1 MpKsl929d4f37;MpKsl929d4f37; [x]
R1 MpKsl92c4f61a;MpKsl92c4f61a; [x]
R1 MpKsl9336d26b;MpKsl9336d26b; [x]
R1 MpKsl93f6e13c;MpKsl93f6e13c; [x]
R1 MpKsl94ba35a7;MpKsl94ba35a7; [x]
R1 MpKsl95fd0555;MpKsl95fd0555; [x]
R1 MpKsl9752c3e9;MpKsl9752c3e9; [x]
R1 MpKsl9758c869;MpKsl9758c869; [x]
R1 MpKsl97d71e03;MpKsl97d71e03; [x]
R1 MpKsl9878bcce;MpKsl9878bcce; [x]
R1 MpKsl9a1f6f52;MpKsl9a1f6f52; [x]
R1 MpKsl9c159d24;MpKsl9c159d24; [x]
R1 MpKsl9d3e2d50;MpKsl9d3e2d50; [x]
R1 MpKsl9d9342aa;MpKsl9d9342aa; [x]
R1 MpKsl9f4c122d;MpKsl9f4c122d; [x]
R1 MpKsl9faba678;MpKsl9faba678; [x]
R1 MpKsla029286c;MpKsla029286c; [x]
R1 MpKsla1e3fa81;MpKsla1e3fa81; [x]
R1 MpKsla2f0fad6;MpKsla2f0fad6; [x]
R1 MpKsla391cf6a;MpKsla391cf6a; [x]
R1 MpKsla3f7516e;MpKsla3f7516e; [x]
R1 MpKsla45e96f9;MpKsla45e96f9; [x]
R1 MpKsla5e934c9;MpKsla5e934c9; [x]
R1 MpKsla61c55bd;MpKsla61c55bd; [x]
R1 MpKsla7beb4d0;MpKsla7beb4d0; [x]
R1 MpKsla898196d;MpKsla898196d; [x]
R1 MpKsla9d329dc;MpKsla9d329dc; [x]
R1 MpKslaa47751b;MpKslaa47751b; [x]
R1 MpKslaa770b45;MpKslaa770b45; [x]
R1 MpKslab0892d3;MpKslab0892d3; [x]
R1 MpKslabc3fcce;MpKslabc3fcce; [x]
R1 MpKslabd53b2f;MpKslabd53b2f; [x]
R1 MpKslae70d318;MpKslae70d318; [x]
R1 MpKslb02b81d0;MpKslb02b81d0; [x]
R1 MpKslb20d11d3;MpKslb20d11d3; [x]
R1 MpKslb6b2e8d1;MpKslb6b2e8d1; [x]
R1 MpKslb720d3ec;MpKslb720d3ec; [x]
R1 MpKslb77c6c85;MpKslb77c6c85; [x]
R1 MpKslb92ac043;MpKslb92ac043; [x]
R1 MpKslb9d41273;MpKslb9d41273; [x]
R1 MpKslbc05f125;MpKslbc05f125; [x]
R1 MpKslbcae613a;MpKslbcae613a; [x]
R1 MpKslbdf74b75;MpKslbdf74b75; [x]
R1 MpKslbe315cad;MpKslbe315cad; [x]
R1 MpKslc342a6b6;MpKslc342a6b6; [x]
R1 MpKslc3b2af74;MpKslc3b2af74; [x]
R1 MpKslc5b23a45;MpKslc5b23a45; [x]
R1 MpKslca39b576;MpKslca39b576; [x]
R1 MpKslca6cdd34;MpKslca6cdd34; [x]
R1 MpKslca6ea9ae;MpKslca6ea9ae; [x]
R1 MpKslccab5e49;MpKslccab5e49; [x]
R1 MpKslcd3a441d;MpKslcd3a441d; [x]
R1 MpKslce894e08;MpKslce894e08; [x]
R1 MpKsld021f4ce;MpKsld021f4ce; [x]
R1 MpKsld2252563;MpKsld2252563; [x]
R1 MpKsld260e256;MpKsld260e256; [x]
R1 MpKsld37a02b8;MpKsld37a02b8; [x]
R1 MpKsld401da02;MpKsld401da02; [x]
R1 MpKsld4408aa3;MpKsld4408aa3; [x]
R1 MpKsld49a37b9;MpKsld49a37b9; [x]
R1 MpKsld7fc8ce3;MpKsld7fc8ce3; [x]
R1 MpKsldad14841;MpKsldad14841; [x]
R1 MpKslde3c46de;MpKslde3c46de; [x]
R1 MpKsle9c5dddd;MpKsle9c5dddd; [x]
R1 MpKsleac31a09;MpKsleac31a09; [x]
R1 MpKsledb5ded7;MpKsledb5ded7; [x]
R1 MpKsleeed9da8;MpKsleeed9da8; [x]
R1 MpKslf205c422;MpKslf205c422; [x]
R1 MpKslf43ca211;MpKslf43ca211; [x]
R1 MpKslf475224a;MpKslf475224a; [x]
R1 MpKslf61b5da4;MpKslf61b5da4; [x]
R1 MpKslf628e432;MpKslf628e432; [x]
R1 MpKslf6e69c10;MpKslf6e69c10; [x]
R1 MpKslfbab92b0;MpKslfbab92b0; [x]
R1 MpKslfcb9391d;MpKslfcb9391d; [x]
R1 MpKslfd75fd76;MpKslfd75fd76; [x]
R1 MpKslfdc9db2d;MpKslfdc9db2d; [x]
R1 MpKslfe075c2c;MpKslfe075c2c; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-18 1343400]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-18 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-18 136176]
R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-07-01 151552]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-07-17 24608]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-18 06:34]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-18 06:34]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-486675301-1912010962-731436405-1000Core.job
- c:\users\INTL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 06:34]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-486675301-1912010962-731436405-1000UA.job
- c:\users\INTL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 06:34]
.
2011-08-07 c:\windows\Tasks\Norton Security Scan for INTL.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-07-15 11:19]
.
2011-08-08 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-08-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-08-04 c:\windows\Tasks\PC Health Advisor Defrag.job
- d:\programfiles\1_UT\1_SYS\1_DIAG\Paretologic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-08-09 c:\windows\Tasks\PC Health Advisor.job
- d:\programfiles\1_UT\1_SYS\1_DIAG\Paretologic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-08-08 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-07-22 17:26]
.
2011-08-03 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-07-22 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://d:\programfiles\1_UT\1_PW\RF\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - d:\progra~1\MS\Office\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://d:\programfiles\1_UT\1_PW\RF\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: RoboForm Options - file://d:\programfiles\1_UT\1_PW\RF\RoboFormComOptions.html
IE: RoboForm Toolbar - file://d:\programfiles\1_UT\1_PW\RF\RoboFormComShowToolbar.html
IE: Save Forms - file://d:\programfiles\1_UT\1_PW\RF\RoboFormComSavePass.html
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
Trusted Zone: clubuois.com
Trusted Zone: warriorforum.com\www
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
FF - ProfilePath - c:\users\INTL\AppData\Roaming\Mozilla\Firefox\Profiles\n58rk6yf.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST380811 rev.3.AA -> Harddisk0\DR0 -> \Device\000000ee
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-09 12:24:09
ComboFix-quarantined-files.txt 2011-08-09 16:24
ComboFix2.txt 2011-08-09 04:42
.
Pre-Run: 30,200,020,992 bytes free
Post-Run: 30,294,974,464 bytes free
.
- - End Of File - - FE97FC2C3A14EAE5645F4BE2A303104D
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP