timberwolf
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by timberwolf
-
-
MBAM updated. Nothing found. Here is the log from the quick scan.
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
Database version: v2012.06.24.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-2CCCC38035 [administrator]
Protection: Enabled
6/24/2012 12:54:23 PM
mbam-log-2012-06-24 (12-54-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 194286
Time elapsed: 6 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
OK, I guess it's a legit alert from MarketLink, who is in fact a vendor of Comcast. I called Comcast's security department after reading a more recent post on Comcast's forum by someone else with a similar problem. Turns out they are doing account audits and mine had the wrong modem MAC number listed. He said this is a new program they are using and not all techs are familiar with it yet, which is why I was originally told by 2 different techs that it wasn't from them. I asked how it got past my AV programs/Firewall and he said it's something that's pushed through from Comcast and sent directly to the modem. So, if anyone else is having similar issues, you'll have to call the number listed for MarketLink to resolve the issue. If in doubt, call Comcast's security department and have them verify it first. Don't just call 1-800-COMCAST, though, call the security dept. directly. 1-888-565-4329.
-
Here is the ComboFix log. This is worth mentioning, but not sure if it's related to an infection. For the last few days, Windows wants me to keep installing the same updates, even though they install successfully. Each day when I boot the PC, it tells me there are updates, but they are always the same ones.
ComboFix 12-06-23.05 - User 06/23/2012 17:55:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2113 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\User\Application Data\vso_ts_preview.xml
c:\documents and settings\User\Favorites\Games.url
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 21:58 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-06-23 21:58 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-06-23 04:56 . 2012-06-23 04:56 -------- d-----w- c:\program files\ERUNT
2012-06-22 17:47 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E3AE5AA-4B3C-4E17-8459-3180915B1D83}\mpengine.dll
2012-06-21 05:49 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-18 06:36 . 2012-06-18 06:36 -------- d-----w- c:\program files\Trend Micro
2012-06-18 02:16 . 2012-06-20 01:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-18 02:16 . 2012-06-19 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-06-18 01:36 . 2010-01-10 22:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-06-17 03:34 . 2012-06-17 17:37 -------- d-----w- c:\program files\Symantec
2012-06-17 03:34 . 2012-06-17 17:37 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-06-17 03:34 . 2012-06-17 17:37 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-17 03:34 . 2012-06-17 04:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-06-17 03:33 . 2012-06-18 05:37 -------- d-----w- c:\windows\system32\drivers\NIS
2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\Norton Internet Security
2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\Windows Sidebar
2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\NortonInstaller
2012-06-17 02:53 . 2012-06-17 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2012-06-17 02:21 . 2012-06-17 08:02 -------- d-----w- c:\program files\Advanced Fix 2012
2012-06-17 00:41 . 2012-06-17 02:53 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ID Vault
2012-06-17 00:40 . 2012-06-17 02:53 -------- d-----w- c:\documents and settings\User\Application Data\ID Vault
2012-06-16 23:25 . 2012-06-16 23:25 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun
2012-06-16 23:09 . 2012-06-16 23:09 -------- d-----w- c:\program files\Common Files\Java
2012-06-16 23:09 . 2012-06-16 23:09 -------- d-----w- c:\program files\Oracle
2012-06-16 23:09 . 2012-06-16 23:09 -------- d-----w- c:\documents and settings\User\Application Data\Oracle
2012-06-16 23:09 . 2012-05-04 23:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 23:09 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-16 23:09 . 2012-05-04 23:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 23:08 . 2012-06-16 23:08 -------- d-----w- c:\program files\Java
2012-06-16 22:09 . 2012-06-16 22:09 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth
2012-06-16 18:20 . 2012-06-17 03:37 -------- d-----w- c:\program files\Constant Guard Protection Suite
2012-06-16 18:20 . 2012-06-16 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
2012-06-16 07:25 . 2012-06-17 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-06-16 07:25 . 2012-06-16 08:07 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\NPE
2012-06-16 06:55 . 2012-06-16 06:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-14 05:43 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 17:05 . 2012-04-17 17:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 17:05 . 2011-07-06 02:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 19:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-07-05 23:14 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-07-05 23:14 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2011-07-05 23:14 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-07-05 23:14 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2011-07-05 23:14 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-07-05 23:14 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-07-05 23:14 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2011-07-16 00:24 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2011-07-16 00:24 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2009-08-06 23:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-07-05 23:12 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 19:56 . 2011-07-16 01:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 04:39 . 2012-04-21 20:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk
backup=c:\windows\pss\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\symds.sys [6/17/2012 1:37 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\symefa.sys [6/17/2012 1:37 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 8:01 PM 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccsetx86.sys [6/17/2012 1:37 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys [6/17/2012 1:37 PM 149624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/15/2011 9:25 PM 654408]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/25/2010 2:39 PM 490280]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [6/17/2012 1:37 PM 138232]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [3/15/2011 2:44 PM 428384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/16/2012 11:35 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSXpx86.sys [6/23/2012 12:34 AM 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/15/2011 9:25 PM 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 11:36 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/17/2012 1:04 PM 250056]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [9/9/2001 8:00 PM 17976]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 11:36 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 17:05]
.
2012-06-15 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]
.
2012-06-19 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]
.
2012-06-23 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]
.
2012-06-23 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-21 03:36]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-21 03:36]
.
2012-06-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 20:50]
.
2011-07-18 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2011-07-18 21:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 180.95.19.8:80
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\et9ohpua.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 203.42.246.231
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 203.42.246.231
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 203.42.246.231
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 203.42.246.231
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-adblock pro - c:\program files\Adblock Pro\abpmain.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 18:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(308)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\stsystra.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-06-23 18:05:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 22:05
.
Pre-Run: 42,003,402,752 bytes free
Post-Run: 45,922,791,424 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1003D062C9CD2089E7C1AB05CB5B1355
-
Here is the log from TDSSKiller. It found 3 things (that appear to be normal). I skipped them.
01:00:42.0921 0976 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
01:00:43.0390 0976 ============================================================
01:00:43.0390 0976 Current date / time: 2012/06/23 01:00:43.0390
01:00:43.0390 0976 SystemInfo:
01:00:43.0390 0976
01:00:43.0390 0976 OS Version: 5.1.2600 ServicePack: 3.0
01:00:43.0390 0976 Product type: Workstation
01:00:43.0390 0976 ComputerName: USER-2CCCC38035
01:00:43.0390 0976 UserName: User
01:00:43.0390 0976 Windows directory: C:\WINDOWS
01:00:43.0390 0976 System windows directory: C:\WINDOWS
01:00:43.0390 0976 Processor architecture: Intel x86
01:00:43.0390 0976 Number of processors: 2
01:00:43.0390 0976 Page size: 0x1000
01:00:43.0390 0976 Boot type: Normal boot
01:00:43.0390 0976 ============================================================
01:00:44.0250 0976 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:00:44.0250 0976 ============================================================
01:00:44.0250 0976 \Device\Harddisk0\DR0:
01:00:44.0250 0976 MBR partitions:
01:00:44.0250 0976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
01:00:44.0250 0976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0x66B5E30
01:00:44.0250 0976 ============================================================
01:00:44.0281 0976 C: <-> \Device\Harddisk0\DR0\Partition0
01:00:44.0328 0976 E: <-> \Device\Harddisk0\DR0\Partition1
01:00:44.0328 0976 ============================================================
01:00:44.0328 0976 Initialize success
01:00:44.0328 0976 ============================================================
01:01:08.0750 3088 ============================================================
01:01:08.0750 3088 Scan started
01:01:08.0750 3088 Mode: Manual; SigCheck; TDLFS;
01:01:08.0750 3088 ============================================================
01:01:09.0093 3088 Abiosdsk - ok
01:01:09.0093 3088 abp480n5 - ok
01:01:09.0156 3088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:01:09.0812 3088 ACPI - ok
01:01:09.0843 3088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:01:09.0968 3088 ACPIEC - ok
01:01:10.0046 3088 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:01:10.0203 3088 AdobeFlashPlayerUpdateSvc - ok
01:01:10.0203 3088 adpu160m - ok
01:01:10.0234 3088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:01:10.0390 3088 aec - ok
01:01:10.0437 3088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:01:10.0515 3088 AFD - ok
01:01:10.0515 3088 Aha154x - ok
01:01:10.0531 3088 aic78u2 - ok
01:01:10.0531 3088 aic78xx - ok
01:01:10.0562 3088 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:01:10.0703 3088 Alerter - ok
01:01:10.0718 3088 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:01:10.0828 3088 ALG - ok
01:01:10.0828 3088 AliIde - ok
01:01:10.0843 3088 amsint - ok
01:01:10.0875 3088 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
01:01:10.0984 3088 AppMgmt - ok
01:01:10.0984 3088 asc - ok
01:01:10.0984 3088 asc3350p - ok
01:01:11.0000 3088 asc3550 - ok
01:01:11.0046 3088 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:01:11.0109 3088 aspnet_state - ok
01:01:11.0125 3088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:01:11.0281 3088 AsyncMac - ok
01:01:11.0312 3088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
01:01:11.0484 3088 atapi - ok
01:01:11.0484 3088 Atdisk - ok
01:01:11.0515 3088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:01:11.0687 3088 Atmarpc - ok
01:01:11.0703 3088 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:01:11.0843 3088 AudioSrv - ok
01:01:11.0875 3088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:01:12.0015 3088 audstub - ok
01:01:12.0031 3088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:01:12.0187 3088 Beep - ok
01:01:12.0390 3088 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
01:01:12.0625 3088 BHDrvx86 - ok
01:01:12.0687 3088 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:01:12.0875 3088 BITS - ok
01:01:12.0906 3088 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:01:13.0046 3088 Browser - ok
01:01:13.0062 3088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:01:13.0203 3088 cbidf2k - ok
01:01:13.0281 3088 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys
01:01:13.0312 3088 ccSet_NIS - ok
01:01:13.0312 3088 cd20xrnt - ok
01:01:13.0343 3088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:01:13.0484 3088 Cdaudio - ok
01:01:13.0531 3088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:01:13.0718 3088 Cdfs - ok
01:01:13.0750 3088 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:01:13.0812 3088 Cdrom - ok
01:01:13.0843 3088 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
01:01:13.0890 3088 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
01:01:13.0890 3088 cercsr6 - detected UnsignedFile.Multi.Generic (1)
01:01:13.0890 3088 Changer - ok
01:01:13.0921 3088 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:01:14.0062 3088 CiSvc - ok
01:01:14.0078 3088 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:01:14.0265 3088 ClipSrv - ok
01:01:14.0375 3088 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:01:14.0421 3088 clr_optimization_v2.0.50727_32 - ok
01:01:14.0421 3088 CmdIde - ok
01:01:14.0421 3088 COMSysApp - ok
01:01:14.0421 3088 Cpqarray - ok
01:01:14.0453 3088 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:01:14.0609 3088 CryptSvc - ok
01:01:14.0609 3088 dac2w2k - ok
01:01:14.0609 3088 dac960nt - ok
01:01:14.0687 3088 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:01:14.0796 3088 DcomLaunch - ok
01:01:14.0843 3088 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:01:14.0984 3088 Dhcp - ok
01:01:15.0015 3088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:01:15.0156 3088 Disk - ok
01:01:15.0156 3088 dmadmin - ok
01:01:15.0234 3088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:01:15.0390 3088 dmboot - ok
01:01:15.0406 3088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:01:15.0562 3088 dmio - ok
01:01:15.0578 3088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:01:15.0703 3088 dmload - ok
01:01:15.0718 3088 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:01:15.0843 3088 dmserver - ok
01:01:15.0875 3088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:01:16.0000 3088 DMusic - ok
01:01:16.0015 3088 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
01:01:16.0109 3088 Dnscache - ok
01:01:16.0140 3088 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:01:16.0312 3088 Dot3svc - ok
01:01:16.0312 3088 dpti2o - ok
01:01:16.0328 3088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:01:16.0484 3088 drmkaud - ok
01:01:16.0546 3088 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
01:01:16.0671 3088 e1express - ok
01:01:16.0687 3088 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:01:16.0828 3088 EapHost - ok
01:01:16.0937 3088 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
01:01:17.0000 3088 eeCtrl - ok
01:01:17.0093 3088 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
01:01:17.0171 3088 ehRecvr - ok
01:01:17.0218 3088 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
01:01:17.0328 3088 ehSched - ok
01:01:17.0343 3088 EPUSBSTOR (9ff9df112f551f34ce7894c7ce41bfee) C:\WINDOWS\system32\DRIVERS\epusbsto.sys
01:01:17.0390 3088 EPUSBSTOR - ok
01:01:17.0421 3088 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
01:01:17.0453 3088 EraserUtilRebootDrv - ok
01:01:17.0484 3088 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:01:17.0609 3088 ERSvc - ok
01:01:17.0640 3088 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:01:17.0718 3088 Eventlog - ok
01:01:17.0765 3088 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
01:01:17.0859 3088 EventSystem - ok
01:01:17.0890 3088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:01:18.0046 3088 Fastfat - ok
01:01:18.0078 3088 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:01:18.0187 3088 FastUserSwitchingCompatibility - ok
01:01:18.0203 3088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
01:01:18.0328 3088 Fdc - ok
01:01:18.0343 3088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:01:18.0484 3088 Fips - ok
01:01:18.0500 3088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:01:18.0609 3088 Flpydisk - ok
01:01:18.0640 3088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:01:18.0781 3088 FltMgr - ok
01:01:18.0875 3088 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:01:18.0906 3088 FontCache3.0.0.0 - ok
01:01:18.0921 3088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:01:19.0031 3088 Fs_Rec - ok
01:01:19.0046 3088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:01:19.0156 3088 Ftdisk - ok
01:01:19.0171 3088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:01:19.0296 3088 Gpc - ok
01:01:19.0375 3088 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:01:19.0453 3088 gupdate - ok
01:01:19.0453 3088 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:01:19.0515 3088 gupdatem - ok
01:01:19.0546 3088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:01:19.0687 3088 HDAudBus - ok
01:01:19.0734 3088 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:01:19.0875 3088 helpsvc - ok
01:01:19.0906 3088 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
01:01:20.0046 3088 HidServ - ok
01:01:20.0078 3088 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:01:20.0203 3088 hidusb - ok
01:01:20.0234 3088 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:01:20.0375 3088 hkmsvc - ok
01:01:20.0375 3088 hpn - ok
01:01:20.0406 3088 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
01:01:20.0484 3088 HSFHWBS2 - ok
01:01:20.0562 3088 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
01:01:20.0640 3088 HSF_DP - ok
01:01:20.0703 3088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:01:20.0796 3088 HTTP - ok
01:01:20.0812 3088 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:01:20.0953 3088 HTTPFilter - ok
01:01:20.0968 3088 i2omgmt - ok
01:01:20.0968 3088 i2omp - ok
01:01:21.0062 3088 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
01:01:21.0171 3088 ialm - ok
01:01:21.0250 3088 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
01:01:21.0312 3088 iastor - ok
01:01:21.0500 3088 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:01:21.0656 3088 idsvc - ok
01:01:21.0843 3088 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSxpx86.sys
01:01:21.0921 3088 IDSxpx86 - ok
01:01:22.0000 3088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:01:22.0140 3088 Imapi - ok
01:01:22.0203 3088 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:01:22.0390 3088 ImapiService - ok
01:01:22.0390 3088 ini910u - ok
01:01:22.0406 3088 IntelIde - ok
01:01:22.0421 3088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:01:22.0546 3088 intelppm - ok
01:01:22.0562 3088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:01:22.0703 3088 Ip6Fw - ok
01:01:22.0718 3088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:01:22.0859 3088 IpFilterDriver - ok
01:01:22.0875 3088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:01:23.0015 3088 IpInIp - ok
01:01:23.0031 3088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:01:23.0171 3088 IpNat - ok
01:01:23.0203 3088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:01:23.0359 3088 IPSec - ok
01:01:23.0375 3088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:01:23.0453 3088 IRENUM - ok
01:01:23.0500 3088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:01:23.0640 3088 isapnp - ok
01:01:23.0703 3088 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
01:01:23.0812 3088 JavaQuickStarterService - ok
01:01:23.0843 3088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:01:23.0968 3088 Kbdclass - ok
01:01:23.0984 3088 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:01:24.0093 3088 kbdhid - ok
01:01:24.0125 3088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:01:24.0250 3088 kmixer - ok
01:01:24.0265 3088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:01:24.0343 3088 KSecDD - ok
01:01:24.0375 3088 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
01:01:24.0453 3088 lanmanserver - ok
01:01:24.0468 3088 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
01:01:24.0546 3088 lanmanworkstation - ok
01:01:24.0546 3088 lbrtfdc - ok
01:01:25.0031 3088 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
01:01:25.0343 3088 LeapFrog Connect Device Service - ok
01:01:25.0468 3088 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:01:25.0593 3088 LmHosts - ok
01:01:25.0640 3088 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
01:01:25.0671 3088 MBAMProtector - ok
01:01:25.0765 3088 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
01:01:25.0875 3088 MBAMService - ok
01:01:25.0968 3088 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
01:01:26.0031 3088 McrdSvc - ok
01:01:26.0046 3088 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
01:01:26.0078 3088 mdmxsdk - ok
01:01:26.0109 3088 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:01:26.0250 3088 Messenger - ok
01:01:26.0296 3088 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
01:01:26.0421 3088 MHN ( UnsignedFile.Multi.Generic ) - warning
01:01:26.0421 3088 MHN - detected UnsignedFile.Multi.Generic (1)
01:01:26.0437 3088 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
01:01:26.0468 3088 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
01:01:26.0468 3088 MHNDRV - detected UnsignedFile.Multi.Generic (1)
01:01:26.0500 3088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:01:26.0609 3088 mnmdd - ok
01:01:26.0640 3088 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
01:01:26.0812 3088 mnmsrvc - ok
01:01:26.0828 3088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:01:26.0953 3088 Modem - ok
01:01:27.0000 3088 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
01:01:27.0109 3088 MODEMCSA - ok
01:01:27.0125 3088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:01:27.0265 3088 Mouclass - ok
01:01:27.0281 3088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:01:27.0421 3088 mouhid - ok
01:01:27.0453 3088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:01:27.0578 3088 MountMgr - ok
01:01:27.0609 3088 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
01:01:27.0640 3088 MpFilter - ok
01:01:27.0718 3088 MpKsl6eb7b14e (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E3AE5AA-4B3C-4E17-8459-3180915B1D83}\MpKsl6eb7b14e.sys
01:01:27.0750 3088 MpKsl6eb7b14e - ok
01:01:27.0765 3088 mraid35x - ok
01:01:27.0765 3088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:01:27.0890 3088 MRxDAV - ok
01:01:27.0953 3088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:01:28.0046 3088 MRxSmb - ok
01:01:28.0078 3088 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
01:01:28.0203 3088 MSDTC - ok
01:01:28.0218 3088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:01:28.0406 3088 Msfs - ok
01:01:28.0406 3088 MSIServer - ok
01:01:28.0437 3088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:01:28.0546 3088 MSKSSRV - ok
01:01:28.0640 3088 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
01:01:28.0671 3088 MsMpSvc - ok
01:01:28.0703 3088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:01:28.0812 3088 MSPCLOCK - ok
01:01:28.0828 3088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:01:28.0937 3088 MSPQM - ok
01:01:28.0937 3088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:01:29.0046 3088 mssmbios - ok
01:01:29.0078 3088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:01:29.0109 3088 Mup - ok
01:01:29.0156 3088 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:01:29.0328 3088 napagent - ok
01:01:29.0437 3088 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files\Nero\Update\NASvc.exe
01:01:29.0531 3088 NAUpdate - ok
01:01:29.0687 3088 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.019\NAVENG.SYS
01:01:29.0734 3088 NAVENG - ok
01:01:29.0843 3088 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.019\NAVEX15.SYS
01:01:29.0937 3088 NAVEX15 - ok
01:01:30.0078 3088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:01:30.0218 3088 NDIS - ok
01:01:30.0234 3088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:01:30.0312 3088 NdisTapi - ok
01:01:30.0312 3088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:01:30.0437 3088 Ndisuio - ok
01:01:30.0468 3088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:01:30.0640 3088 NdisWan - ok
01:01:30.0671 3088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:01:30.0718 3088 NDProxy - ok
01:01:30.0718 3088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:01:30.0859 3088 NetBIOS - ok
01:01:30.0875 3088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:01:31.0031 3088 NetBT - ok
01:01:31.0078 3088 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:01:31.0234 3088 NetDDE - ok
01:01:31.0234 3088 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:01:31.0390 3088 NetDDEdsdm - ok
01:01:31.0406 3088 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:01:31.0546 3088 Netlogon - ok
01:01:31.0578 3088 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:01:31.0734 3088 Netman - ok
01:01:31.0843 3088 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:01:31.0875 3088 NetTcpPortSharing - ok
01:01:32.0000 3088 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
01:01:32.0078 3088 NIS - ok
01:01:32.0125 3088 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
01:01:32.0187 3088 Nla - ok
01:01:32.0218 3088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:01:32.0343 3088 Npfs - ok
01:01:32.0406 3088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:01:32.0578 3088 Ntfs - ok
01:01:32.0593 3088 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:01:32.0703 3088 NtLmSsp - ok
01:01:32.0750 3088 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:01:32.0937 3088 NtmsSvc - ok
01:01:32.0968 3088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:01:33.0093 3088 Null - ok
01:01:33.0125 3088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:01:33.0234 3088 NwlnkFlt - ok
01:01:33.0250 3088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:01:33.0359 3088 NwlnkFwd - ok
01:01:33.0390 3088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
01:01:33.0531 3088 Parport - ok
01:01:33.0546 3088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:01:33.0671 3088 PartMgr - ok
01:01:33.0687 3088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:01:33.0796 3088 ParVdm - ok
01:01:33.0812 3088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:01:33.0937 3088 PCI - ok
01:01:33.0937 3088 PCIDump - ok
01:01:33.0953 3088 PCIIde - ok
01:01:33.0984 3088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:01:34.0093 3088 Pcmcia - ok
01:01:34.0093 3088 PDCOMP - ok
01:01:34.0109 3088 PDFRAME - ok
01:01:34.0109 3088 PDRELI - ok
01:01:34.0109 3088 PDRFRAME - ok
01:01:34.0109 3088 perc2 - ok
01:01:34.0125 3088 perc2hib - ok
01:01:34.0156 3088 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:01:34.0218 3088 PlugPlay - ok
01:01:34.0359 3088 PMBDeviceInfoProvider (e9605a180001a6b5551112d91de92ca1) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
01:01:34.0578 3088 PMBDeviceInfoProvider - ok
01:01:34.0609 3088 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:01:34.0718 3088 PolicyAgent - ok
01:01:34.0750 3088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:01:34.0890 3088 PptpMiniport - ok
01:01:34.0890 3088 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:01:35.0000 3088 ProtectedStorage - ok
01:01:35.0031 3088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:01:35.0156 3088 PSched - ok
01:01:35.0171 3088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:01:35.0296 3088 Ptilink - ok
01:01:35.0343 3088 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:01:35.0390 3088 PxHelp20 - ok
01:01:35.0406 3088 ql1080 - ok
01:01:35.0406 3088 Ql10wnt - ok
01:01:35.0406 3088 ql12160 - ok
01:01:35.0406 3088 ql1240 - ok
01:01:35.0421 3088 ql1280 - ok
01:01:35.0437 3088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:01:35.0562 3088 RasAcd - ok
01:01:35.0609 3088 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:01:35.0750 3088 RasAuto - ok
01:01:35.0781 3088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:01:35.0890 3088 Rasl2tp - ok
01:01:35.0937 3088 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:01:36.0078 3088 RasMan - ok
01:01:36.0093 3088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:01:36.0218 3088 RasPppoe - ok
01:01:36.0234 3088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:01:36.0343 3088 Raspti - ok
01:01:36.0375 3088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:01:36.0500 3088 Rdbss - ok
01:01:36.0531 3088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:01:36.0656 3088 RDPCDD - ok
01:01:36.0687 3088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:01:36.0812 3088 rdpdr - ok
01:01:36.0843 3088 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
01:01:36.0921 3088 RDPWD - ok
01:01:36.0953 3088 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:01:37.0125 3088 RDSessMgr - ok
01:01:37.0140 3088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:01:37.0281 3088 redbook - ok
01:01:37.0312 3088 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:01:37.0453 3088 RemoteAccess - ok
01:01:37.0484 3088 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
01:01:37.0609 3088 RemoteRegistry - ok
01:01:37.0640 3088 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
01:01:37.0781 3088 RpcLocator - ok
01:01:37.0843 3088 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:01:37.0906 3088 RpcSs - ok
01:01:37.0937 3088 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
01:01:38.0062 3088 RSVP - ok
01:01:38.0093 3088 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:01:38.0203 3088 SamSs - ok
01:01:38.0234 3088 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:01:38.0375 3088 SCardSvr - ok
01:01:38.0421 3088 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:01:38.0562 3088 Schedule - ok
01:01:38.0609 3088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:01:38.0671 3088 Secdrv - ok
01:01:38.0703 3088 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:01:38.0828 3088 seclogon - ok
01:01:38.0859 3088 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
01:01:38.0984 3088 SENS - ok
01:01:39.0000 3088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
01:01:39.0171 3088 Serial - ok
01:01:39.0203 3088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:01:39.0312 3088 Sfloppy - ok
01:01:39.0375 3088 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
01:01:39.0562 3088 SharedAccess - ok
01:01:39.0609 3088 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:01:39.0640 3088 ShellHWDetection - ok
01:01:39.0656 3088 Simbad - ok
01:01:39.0656 3088 Sparrow - ok
01:01:39.0671 3088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:01:39.0796 3088 splitter - ok
01:01:39.0828 3088 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
01:01:39.0890 3088 Spooler - ok
01:01:39.0921 3088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:01:40.0031 3088 sr - ok
01:01:40.0062 3088 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
01:01:40.0140 3088 srservice - ok
01:01:40.0234 3088 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SRTSP.SYS
01:01:40.0296 3088 SRTSP - ok
01:01:40.0312 3088 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307010.005\SRTSPX.SYS
01:01:40.0343 3088 SRTSPX - ok
01:01:40.0375 3088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:01:40.0484 3088 Srv - ok
01:01:40.0515 3088 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
01:01:40.0609 3088 SSDPSRV - ok
01:01:40.0734 3088 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
01:01:40.0828 3088 STHDA - ok
01:01:40.0875 3088 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
01:01:41.0093 3088 stisvc - ok
01:01:41.0140 3088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:01:41.0265 3088 swenum - ok
01:01:41.0296 3088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:01:41.0421 3088 swmidi - ok
01:01:41.0437 3088 SwPrv - ok
01:01:41.0437 3088 symc810 - ok
01:01:41.0437 3088 symc8xx - ok
01:01:41.0531 3088 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMDS.SYS
01:01:41.0718 3088 SymDS - ok
01:01:41.0812 3088 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMEFA.SYS
01:01:41.0875 3088 SymEFA - ok
01:01:41.0906 3088 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
01:01:42.0000 3088 SymEvent - ok
01:01:42.0031 3088 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.SYS
01:01:42.0078 3088 SymIRON - ok
01:01:42.0125 3088 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SYMTDI.SYS
01:01:42.0250 3088 SYMTDI - ok
01:01:42.0250 3088 sym_hi - ok
01:01:42.0250 3088 sym_u3 - ok
01:01:42.0296 3088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:01:42.0437 3088 sysaudio - ok
01:01:42.0453 3088 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
01:01:42.0625 3088 SysmonLog - ok
01:01:42.0671 3088 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
01:01:42.0812 3088 TapiSrv - ok
01:01:42.0859 3088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:01:42.0906 3088 Tcpip - ok
01:01:42.0937 3088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:01:43.0062 3088 TDPIPE - ok
01:01:43.0078 3088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:01:43.0203 3088 TDTCP - ok
01:01:43.0234 3088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:01:43.0359 3088 TermDD - ok
01:01:43.0421 3088 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
01:01:43.0546 3088 TermService - ok
01:01:43.0609 3088 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:01:43.0656 3088 Themes - ok
01:01:43.0687 3088 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
01:01:43.0796 3088 TlntSvr - ok
01:01:43.0796 3088 TosIde - ok
01:01:43.0828 3088 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
01:01:43.0953 3088 TrkWks - ok
01:01:43.0968 3088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:01:44.0109 3088 Udfs - ok
01:01:44.0125 3088 ultra - ok
01:01:44.0171 3088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:01:44.0296 3088 Update - ok
01:01:44.0328 3088 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
01:01:44.0421 3088 upnphost - ok
01:01:44.0453 3088 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
01:01:44.0593 3088 UPS - ok
01:01:44.0625 3088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:01:44.0750 3088 usbccgp - ok
01:01:44.0781 3088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:01:44.0906 3088 usbehci - ok
01:01:44.0937 3088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:01:45.0078 3088 usbhub - ok
01:01:45.0109 3088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:01:45.0234 3088 usbprint - ok
01:01:45.0265 3088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:01:45.0375 3088 usbscan - ok
01:01:45.0406 3088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:01:45.0531 3088 USBSTOR - ok
01:01:45.0546 3088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:01:45.0671 3088 usbuhci - ok
01:01:45.0687 3088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:01:45.0812 3088 VgaSave - ok
01:01:45.0828 3088 ViaIde - ok
01:01:45.0843 3088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:01:45.0968 3088 VolSnap - ok
01:01:46.0015 3088 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
01:01:46.0125 3088 VSS - ok
01:01:46.0156 3088 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
01:01:46.0296 3088 W32Time - ok
01:01:46.0328 3088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:01:46.0468 3088 Wanarp - ok
01:01:46.0468 3088 WDICA - ok
01:01:46.0484 3088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:01:46.0640 3088 wdmaud - ok
01:01:46.0671 3088 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
01:01:46.0796 3088 WebClient - ok
01:01:46.0875 3088 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
01:01:46.0921 3088 winachsf - ok
01:01:47.0000 3088 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:01:47.0140 3088 winmgmt - ok
01:01:47.0156 3088 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
01:01:47.0218 3088 WmdmPmSN - ok
01:01:47.0281 3088 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
01:01:47.0484 3088 Wmi - ok
01:01:47.0531 3088 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:01:47.0703 3088 WmiApSrv - ok
01:01:47.0734 3088 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
01:01:47.0796 3088 WpdUsb - ok
01:01:47.0843 3088 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
01:01:48.0031 3088 wscsvc - ok
01:01:48.0062 3088 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
01:01:48.0171 3088 wuauserv - ok
01:01:48.0218 3088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:01:48.0296 3088 WudfPf - ok
01:01:48.0312 3088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:01:48.0390 3088 WudfRd - ok
01:01:48.0421 3088 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
01:01:48.0468 3088 WudfSvc - ok
01:01:48.0531 3088 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
01:01:48.0734 3088 WZCSVC - ok
01:01:48.0781 3088 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
01:01:48.0906 3088 xmlprov - ok
01:01:48.0937 3088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:01:49.0421 3088 \Device\Harddisk0\DR0 - ok
01:01:49.0421 3088 Boot (0x1200) (beceaddcfe5c4c87fa552c40c6f2cec6) \Device\Harddisk0\DR0\Partition0
01:01:49.0421 3088 \Device\Harddisk0\DR0\Partition0 - ok
01:01:49.0453 3088 Boot (0x1200) (c0cfe80092fbc95221607b104c4f2f04) \Device\Harddisk0\DR0\Partition1
01:01:49.0453 3088 \Device\Harddisk0\DR0\Partition1 - ok
01:01:49.0453 3088 ============================================================
01:01:49.0453 3088 Scan finished
01:01:49.0453 3088 ============================================================
01:01:49.0562 1888 Detected object count: 3
01:01:49.0562 1888 Actual detected object count: 3
01:05:26.0328 1888 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:26.0328 1888 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:05:26.0328 1888 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:26.0328 1888 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:05:26.0343 1888 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:26.0343 1888 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
-
Thanks for your reply! MBAM said it was already up-to-date, and here is the log of the quick scan.
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
Database version: v2012.06.22.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-2CCCC38035 [administrator]
Protection: Enabled
6/22/2012 12:32:00 AM
mbam-log-2012-06-22 (00-32-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194495
Time elapsed: 20 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
There are a lot of indicators. You're helper will help you to get it cleaned up. Thanks
I hope so! Thanks again.
-
Merged post
I started a post on another MB forum and was told to open a new one here so someone could help me fix my problem. Here is a link to the other post I had, as well as the DDS & Attach files. Thanks in advance for your help!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by User at 23:31:00 on 2012-06-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1889 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 108.166.95.58:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [adblock pro] c:\program files\adblock pro\abpmain.exe -m
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} - hxxp://surfcam.castleinthesand.com/iqeye.ocx.gz
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309922957656
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{845F1E14-703E-43C9-8E95-FC74DABB12FA} : DhcpNameServer = 75.75.76.76 75.75.75.75
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\et9ohpua.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 203.42.246.231
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 203.42.246.231
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 203.42.246.231
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 203.42.246.231
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-6-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-6-17 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120531.001\BHDrvx86.sys [2012-5-31 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-6-17 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-6-17 149624]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-15 654408]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-6-17 138232]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-16 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120613.007\IDSXpx86.sys [2012-6-13 356792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-15 22344]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120619.009\NAVENG.SYS [2012-6-19 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120619.009\NAVEX15.SYS [2012-6-19 1589752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-20 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 257696]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2001-9-9 17976]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-20 136176]
.
=============== Created Last 30 ================
.
2012-06-20 02:04:25 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9ca2fbe-8354-4478-8ce9-773ed43f048f}\mpengine.dll
2012-06-18 18:53:05 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-18 06:36:37 -------- d-----w- c:\program files\Trend Micro
2012-06-18 02:16:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-18 02:16:08 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-06-18 01:36:25 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-06-17 17:37:25 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys
2012-06-17 17:37:25 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys
2012-06-17 17:37:25 388216 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdi.sys
2012-06-17 17:37:25 345208 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys
2012-06-17 17:37:25 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys
2012-06-17 17:37:25 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys
2012-06-17 17:37:25 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys
2012-06-17 17:37:25 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys
2012-06-17 17:37:25 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys
2012-06-17 17:37:07 4782 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symvtcer.dat
2012-06-17 17:37:06 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005
2012-06-17 03:34:13 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-06-17 03:34:13 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-17 03:34:13 -------- d-----w- c:\program files\Symantec
2012-06-17 03:34:13 -------- d-----w- c:\program files\common files\Symantec Shared
2012-06-17 03:33:49 -------- d-----w- c:\windows\system32\drivers\NIS
2012-06-17 03:33:47 -------- d-----w- c:\program files\Norton Internet Security
2012-06-17 03:33:27 -------- d-----w- c:\program files\NortonInstaller
2012-06-17 03:33:27 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2012-06-17 02:53:36 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2012-06-17 02:21:46 -------- d-----w- c:\program files\Advanced Fix 2012
2012-06-17 00:41:00 -------- d-----w- c:\documents and settings\user\local settings\application data\ID Vault
2012-06-17 00:40:13 -------- d-----w- c:\documents and settings\user\application data\ID Vault
2012-06-16 23:25:17 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun
2012-06-16 23:09:10 -------- d-----w- c:\program files\Oracle
2012-06-16 23:09:04 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-16 23:09:04 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 23:09:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 22:09:26 -------- d-----w- c:\documents and settings\user\local settings\application data\PCHealth
2012-06-16 18:20:37 -------- d-----w- c:\program files\Constant Guard Protection Suite
2012-06-16 18:20:16 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2012-06-16 18:08:15 -------- d-----w- c:\windows\system32\appmgmt
2012-06-16 07:25:36 -------- d-----w- c:\documents and settings\user\local settings\application data\NPE
2012-06-16 07:25:36 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-06-16 06:55:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-16 06:55:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-14 05:43:23 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 09:05:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 09:05:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 23:31:31.60 ===============
I guess pasting the link before posting would help. http://forums.malwarebytes.org/index.php?showtopic=111347
-
Thanks for all of the information! I knew it was still infected. What in that code proves it, or is it more than one thing? I guess I'll start a new post in the other forum you suggested.
-
I called Comcast and had them assign me a new IP#. The 'popup' doesn't show up anymore, but I'm sure it's still on the system, even though there are no signs of it. Here is the info. you requested. Thanks for your reply!
-
A couple days ago, I started getting this annoying "popup" in my IE browser. It looks more like an image than a popup and there is no way to close it. It will go away on its own sometimes, but will return. It shows up in Firefox and Chrome too. Firefox would block it like it was a popup at first, but doesn't anymore. It doesn't appear until I open a browser. I have a good knowledge of computers, but this one is putting me to the test. I have Norton Internet Security and MalwareBytes Anti-Malware. I talked to Comcast and it's not from them. The number goes to "MarketLink" and I got a recording to call back M-F from 8-5. I've tried Norton (and Power Eraser), Eset, BitDefender, Malwarebytes, MS Security Essentials, HiJackThis, SpyBot Search & Destroy, Kaspersky, and SuperAntiSpyware in regular & safe modes. Nothing catches it. If I run Safe Mode w/ Networking and open a browser, it will still show up. One interesting detail is that if I switch to a proxy server in my browser, the "popup" goes away immediately and doesn't return. Obviously, I can't run through a proxy all the time, so I need my normal IP to work normally again. I'll try to post a screenshot of the "popup". The image was taken at Comcast.net, but it stays with me no matter what site I go to. I'm running XP, service pack 3.
Scamware popup - verify Comcast IP within 10 days
in Resolved Malware Removal Logs
Posted
No, it seems to be fine.