Hello, and thank you for your time!
Symptoms:
I attempted a few simple things to no avail (malware bytes, norton scans = nothing). I also attempted a system restore, but for each of the attmepts XP indicated that the restore failed, and I should choose a different restore point - I got tired of that.
Per my understanding of the initial steps, I offer the following...
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 10:58:02 on 2014-09-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1320 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us9.hpwis.com/
uSearch Bar = hxxp://srch-us9.hpwis.com/
uSearch Page = hxxp://srch-us9.hpwis.com/
uDefault_Page_URL = hxxp://us9.hpwis.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uProxyOverride = localhost;*.local
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\21.5.0.19\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: hp view: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - c:\windows\system32\shdocvw.dll
uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Amazon Music] "c:\documents and settings\owner\local settings\application data\amazon music\Amazon Music Helper.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSubtract.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{96FDA021-C783-4C88-A20A-5A5A37C7B670} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\p2j0ludd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1505000.013\symds.sys [2014-8-13 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1505000.013\symefa.sys [2014-8-13 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\bashdefs\20140821.007\BHDrvx86.sys [2014-8-18 1138480]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys [2014-8-13 127064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1505000.013\ironx86.sys [2014-8-13 206936]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-8-31 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-8-31 860472]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\21.5.0.19\nis.exe [2014-8-13 276376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-19 109872]
R3 IDSxpx86;IDSxpx86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\ipsdefs\20140829.001\IDSXpx86.sys [2014-8-29 448664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-8-31 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-31 110296]
R3 NAVENG;NAVENG;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\virusdefs\20140831.022\NAVENG.SYS [2014-9-1 95704]
R3 NAVEX15;NAVEX15;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\virusdefs\20140831.022\NAVEX15.SYS [2014-9-1 1636696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-09-01 00:23:29 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-01 00:21:59 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-01 00:21:59 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-01 00:21:58 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-01 00:21:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-09-01 00:19:01 17292760 ----a-w- C:\mbam-setup-2.0.2.1012.exe
2014-08-15 12:53:47 -------- d-----w- c:\program files\iPod
2014-08-15 12:53:43 -------- d-----w- c:\program files\iTunes
2014-08-15 12:53:43 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-14 02:17:49 936152 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symefa.sys
2014-08-14 02:17:49 664280 ----a-w- c:\windows\system32\drivers\nis\1505000.013\srtsp.sys
2014-08-14 02:17:49 447704 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symnets.sys
2014-08-14 02:17:49 423256 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symtdi.sys
2014-08-14 02:17:49 384728 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symtdiv.sys
2014-08-14 02:17:49 367704 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symds.sys
2014-08-14 02:17:49 32344 ----a-r- c:\windows\system32\drivers\nis\1505000.013\srtspx.sys
2014-08-14 02:17:49 21520 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symelam.sys
2014-08-14 02:17:49 206936 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ironx86.sys
2014-08-14 02:17:49 127064 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys
2014-08-14 02:17:26 30068 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symvtcer.dat
2014-08-14 02:17:25 -------- d-----w- c:\windows\system32\drivers\nis\1505000.013
2014-08-03 09:53:47 188304 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-08-03 09:53:47 188304 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2014-07-09 00:07:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 00:07:23 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 10:59:16.40 ===============
Symptoms:
- system very slow to respond with some programs sometimes & windows in general
- fan running much more often than usual
- Firefox will not open (first from quick launch, but I was able to open a couple of times from the start menu. Now FF would no longer open at all). That was a curious unfolding of events for myself.
- IE will not open.
I attempted a few simple things to no avail (malware bytes, norton scans = nothing). I also attempted a system restore, but for each of the attmepts XP indicated that the restore failed, and I should choose a different restore point - I got tired of that.
Per my understanding of the initial steps, I offer the following...
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 10:58:02 on 2014-09-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1320 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us9.hpwis.com/
uSearch Bar = hxxp://srch-us9.hpwis.com/
uSearch Page = hxxp://srch-us9.hpwis.com/
uDefault_Page_URL = hxxp://us9.hpwis.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uProxyOverride = localhost;*.local
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\21.5.0.19\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: hp view: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - c:\windows\system32\shdocvw.dll
uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Amazon Music] "c:\documents and settings\owner\local settings\application data\amazon music\Amazon Music Helper.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSubtract.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{96FDA021-C783-4C88-A20A-5A5A37C7B670} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\p2j0ludd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1505000.013\symds.sys [2014-8-13 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1505000.013\symefa.sys [2014-8-13 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\bashdefs\20140821.007\BHDrvx86.sys [2014-8-18 1138480]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys [2014-8-13 127064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1505000.013\ironx86.sys [2014-8-13 206936]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-8-31 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-8-31 860472]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\21.5.0.19\nis.exe [2014-8-13 276376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-19 109872]
R3 IDSxpx86;IDSxpx86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\ipsdefs\20140829.001\IDSXpx86.sys [2014-8-29 448664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-8-31 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-31 110296]
R3 NAVENG;NAVENG;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\virusdefs\20140831.022\NAVENG.SYS [2014-9-1 95704]
R3 NAVEX15;NAVEX15;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\virusdefs\20140831.022\NAVEX15.SYS [2014-9-1 1636696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-09-01 00:23:29 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-01 00:21:59 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-01 00:21:59 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-01 00:21:58 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-01 00:21:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-09-01 00:19:01 17292760 ----a-w- C:\mbam-setup-2.0.2.1012.exe
2014-08-15 12:53:47 -------- d-----w- c:\program files\iPod
2014-08-15 12:53:43 -------- d-----w- c:\program files\iTunes
2014-08-15 12:53:43 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-14 02:17:49 936152 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symefa.sys
2014-08-14 02:17:49 664280 ----a-w- c:\windows\system32\drivers\nis\1505000.013\srtsp.sys
2014-08-14 02:17:49 447704 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symnets.sys
2014-08-14 02:17:49 423256 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symtdi.sys
2014-08-14 02:17:49 384728 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symtdiv.sys
2014-08-14 02:17:49 367704 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symds.sys
2014-08-14 02:17:49 32344 ----a-r- c:\windows\system32\drivers\nis\1505000.013\srtspx.sys
2014-08-14 02:17:49 21520 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symelam.sys
2014-08-14 02:17:49 206936 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ironx86.sys
2014-08-14 02:17:49 127064 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys
2014-08-14 02:17:26 30068 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symvtcer.dat
2014-08-14 02:17:25 -------- d-----w- c:\windows\system32\drivers\nis\1505000.013
2014-08-03 09:53:47 188304 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-08-03 09:53:47 188304 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2014-07-09 00:07:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 00:07:23 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 10:59:16.40 ===============