Scamware popup - verify Comcast IP within 10 days

timberwolf · June 20, 2012

Merged post

I started a post on another MB forum and was told to open a new one here so someone could help me fix my problem. Here is a link to the other post I had, as well as the DDS & Attach files. Thanks in advance for your help!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by User at 23:31:00 on 2012-06-19

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1889 [GMT -4:00]

.

AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: Norton Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 108.166.95.58:8080

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe

mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [adblock pro] c:\program files\adblock pro\abpmain.exe -m

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} - hxxp://surfcam.castleinthesand.com/iqeye.ocx.gz

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309922957656

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{845F1E14-703E-43C9-8E95-FC74DABB12FA} : DhcpNameServer = 75.75.76.76 75.75.75.75

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\et9ohpua.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.ftp - 203.42.246.231

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.http - 203.42.246.231

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - 203.42.246.231

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl - 203.42.246.231

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-6-17 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-6-17 905336]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120531.001\BHDrvx86.sys [2012-5-31 821880]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-6-17 132744]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-6-17 149624]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-15 654408]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-6-17 138232]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-16 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120613.007\IDSXpx86.sys [2012-6-13 356792]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-15 22344]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120619.009\NAVENG.SYS [2012-6-19 87928]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120619.009\NAVEX15.SYS [2012-6-19 1589752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-20 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 257696]

S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2001-9-9 17976]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-20 136176]

.

=============== Created Last 30 ================

.

2012-06-20 02:04:25 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9ca2fbe-8354-4478-8ce9-773ed43f048f}\mpengine.dll

2012-06-18 18:53:05 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-06-18 06:36:37 -------- d-----w- c:\program files\Trend Micro

2012-06-18 02:16:08 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-06-18 02:16:08 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-06-18 01:36:25 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2012-06-17 17:37:25 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys

2012-06-17 17:37:25 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys

2012-06-17 17:37:25 388216 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdi.sys

2012-06-17 17:37:25 345208 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys

2012-06-17 17:37:25 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys

2012-06-17 17:37:25 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys

2012-06-17 17:37:25 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys

2012-06-17 17:37:25 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys

2012-06-17 17:37:25 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys

2012-06-17 17:37:07 4782 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symvtcer.dat

2012-06-17 17:37:06 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005

2012-06-17 03:34:13 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2012-06-17 03:34:13 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-06-17 03:34:13 -------- d-----w- c:\program files\Symantec

2012-06-17 03:34:13 -------- d-----w- c:\program files\common files\Symantec Shared

2012-06-17 03:33:49 -------- d-----w- c:\windows\system32\drivers\NIS

2012-06-17 03:33:47 -------- d-----w- c:\program files\Norton Internet Security

2012-06-17 03:33:27 -------- d-----w- c:\program files\NortonInstaller

2012-06-17 03:33:27 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2012-06-17 02:53:36 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage

2012-06-17 02:21:46 -------- d-----w- c:\program files\Advanced Fix 2012

2012-06-17 00:41:00 -------- d-----w- c:\documents and settings\user\local settings\application data\ID Vault

2012-06-17 00:40:13 -------- d-----w- c:\documents and settings\user\application data\ID Vault

2012-06-16 23:25:17 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun

2012-06-16 23:09:10 -------- d-----w- c:\program files\Oracle

2012-06-16 23:09:04 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-16 23:09:04 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-16 23:09:04 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-16 22:09:26 -------- d-----w- c:\documents and settings\user\local settings\application data\PCHealth

2012-06-16 18:20:37 -------- d-----w- c:\program files\Constant Guard Protection Suite

2012-06-16 18:20:16 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc

2012-06-16 18:08:15 -------- d-----w- c:\windows\system32\appmgmt

2012-06-16 07:25:36 -------- d-----w- c:\documents and settings\user\local settings\application data\NPE

2012-06-16 07:25:36 -------- d-----w- c:\documents and settings\all users\application data\Norton

2012-06-16 06:55:23 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-06-16 06:55:23 -------- d-----w- c:\windows\system32\wbem\Repository

2012-06-14 05:43:23 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

.

==================== Find3M ====================

.

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 09:05:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 09:05:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 23:31:31.60 ===============

I guess pasting the link before posting would help. http://forums.malwarebytes.org/index.php?showtopic=111347

attach.txt

dds.txt

MrCharlie · June 21, 2012

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

---------------------------------

Next.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

timberwolf · June 22, 2012

Thanks for your reply! MBAM said it was already up-to-date, and here is the log of the quick scan.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.22.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

User :: USER-2CCCC38035 [administrator]

Protection: Enabled

6/22/2012 12:32:00 AM

mbam-log-2012-06-22 (00-32-00).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 194495

Time elapsed: 20 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · June 22, 2012

Next........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

timberwolf · June 23, 2012

Here is the log from TDSSKiller. It found 3 things (that appear to be normal). I skipped them.

01:00:42.0921 0976 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

01:00:43.0390 0976 ============================================================

01:00:43.0390 0976 Current date / time: 2012/06/23 01:00:43.0390

01:00:43.0390 0976 SystemInfo:

01:00:43.0390 0976

01:00:43.0390 0976 OS Version: 5.1.2600 ServicePack: 3.0

01:00:43.0390 0976 Product type: Workstation

01:00:43.0390 0976 ComputerName: USER-2CCCC38035

01:00:43.0390 0976 UserName: User

01:00:43.0390 0976 Windows directory: C:\WINDOWS

01:00:43.0390 0976 System windows directory: C:\WINDOWS

01:00:43.0390 0976 Processor architecture: Intel x86

01:00:43.0390 0976 Number of processors: 2

01:00:43.0390 0976 Page size: 0x1000

01:00:43.0390 0976 Boot type: Normal boot

01:00:43.0390 0976 ============================================================

01:00:44.0250 0976 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

01:00:44.0250 0976 ============================================================

01:00:44.0250 0976 \Device\Harddisk0\DR0:

01:00:44.0250 0976 MBR partitions:

01:00:44.0250 0976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D

01:00:44.0250 0976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0x66B5E30

01:00:44.0250 0976 ============================================================

01:00:44.0281 0976 C: <-> \Device\Harddisk0\DR0\Partition0

01:00:44.0328 0976 E: <-> \Device\Harddisk0\DR0\Partition1

01:00:44.0328 0976 ============================================================

01:00:44.0328 0976 Initialize success

01:00:44.0328 0976 ============================================================

01:01:08.0750 3088 ============================================================

01:01:08.0750 3088 Scan started

01:01:08.0750 3088 Mode: Manual; SigCheck; TDLFS;

01:01:08.0750 3088 ============================================================

01:01:09.0093 3088 Abiosdsk - ok

01:01:09.0093 3088 abp480n5 - ok

01:01:09.0156 3088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

01:01:09.0812 3088 ACPI - ok

01:01:09.0843 3088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

01:01:09.0968 3088 ACPIEC - ok

01:01:10.0046 3088 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

01:01:10.0203 3088 AdobeFlashPlayerUpdateSvc - ok

01:01:10.0203 3088 adpu160m - ok

01:01:10.0234 3088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

01:01:10.0390 3088 aec - ok

01:01:10.0437 3088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

01:01:10.0515 3088 AFD - ok

01:01:10.0515 3088 Aha154x - ok

01:01:10.0531 3088 aic78u2 - ok

01:01:10.0531 3088 aic78xx - ok

01:01:10.0562 3088 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

01:01:10.0703 3088 Alerter - ok

01:01:10.0718 3088 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

01:01:10.0828 3088 ALG - ok

01:01:10.0828 3088 AliIde - ok

01:01:10.0843 3088 amsint - ok

01:01:10.0875 3088 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

01:01:10.0984 3088 AppMgmt - ok

01:01:10.0984 3088 asc - ok

01:01:10.0984 3088 asc3350p - ok

01:01:11.0000 3088 asc3550 - ok

01:01:11.0046 3088 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

01:01:11.0109 3088 aspnet_state - ok

01:01:11.0125 3088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

01:01:11.0281 3088 AsyncMac - ok

01:01:11.0312 3088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys

01:01:11.0484 3088 atapi - ok

01:01:11.0484 3088 Atdisk - ok

01:01:11.0515 3088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

01:01:11.0687 3088 Atmarpc - ok

01:01:11.0703 3088 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

01:01:11.0843 3088 AudioSrv - ok

01:01:11.0875 3088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

01:01:12.0015 3088 audstub - ok

01:01:12.0031 3088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

01:01:12.0187 3088 Beep - ok

01:01:12.0390 3088 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx86.sys

01:01:12.0625 3088 BHDrvx86 - ok

01:01:12.0687 3088 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

01:01:12.0875 3088 BITS - ok

01:01:12.0906 3088 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

01:01:13.0046 3088 Browser - ok

01:01:13.0062 3088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

01:01:13.0203 3088 cbidf2k - ok

01:01:13.0281 3088 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys

01:01:13.0312 3088 ccSet_NIS - ok

01:01:13.0312 3088 cd20xrnt - ok

01:01:13.0343 3088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

01:01:13.0484 3088 Cdaudio - ok

01:01:13.0531 3088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

01:01:13.0718 3088 Cdfs - ok

01:01:13.0750 3088 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

01:01:13.0812 3088 Cdrom - ok

01:01:13.0843 3088 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

01:01:13.0890 3088 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

01:01:13.0890 3088 cercsr6 - detected UnsignedFile.Multi.Generic (1)

01:01:13.0890 3088 Changer - ok

01:01:13.0921 3088 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

01:01:14.0062 3088 CiSvc - ok

01:01:14.0078 3088 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

01:01:14.0265 3088 ClipSrv - ok

01:01:14.0375 3088 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

01:01:14.0421 3088 clr_optimization_v2.0.50727_32 - ok

01:01:14.0421 3088 CmdIde - ok

01:01:14.0421 3088 COMSysApp - ok

01:01:14.0421 3088 Cpqarray - ok

01:01:14.0453 3088 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

01:01:14.0609 3088 CryptSvc - ok

01:01:14.0609 3088 dac2w2k - ok

01:01:14.0609 3088 dac960nt - ok

01:01:14.0687 3088 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

01:01:14.0796 3088 DcomLaunch - ok

01:01:14.0843 3088 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

01:01:14.0984 3088 Dhcp - ok

01:01:15.0015 3088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

01:01:15.0156 3088 Disk - ok

01:01:15.0156 3088 dmadmin - ok

01:01:15.0234 3088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

01:01:15.0390 3088 dmboot - ok

01:01:15.0406 3088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

01:01:15.0562 3088 dmio - ok

01:01:15.0578 3088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

01:01:15.0703 3088 dmload - ok

01:01:15.0718 3088 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

01:01:15.0843 3088 dmserver - ok

01:01:15.0875 3088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

01:01:16.0000 3088 DMusic - ok

01:01:16.0015 3088 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

01:01:16.0109 3088 Dnscache - ok

01:01:16.0140 3088 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

01:01:16.0312 3088 Dot3svc - ok

01:01:16.0312 3088 dpti2o - ok

01:01:16.0328 3088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

01:01:16.0484 3088 drmkaud - ok

01:01:16.0546 3088 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

01:01:16.0671 3088 e1express - ok

01:01:16.0687 3088 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

01:01:16.0828 3088 EapHost - ok

01:01:16.0937 3088 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

01:01:17.0000 3088 eeCtrl - ok

01:01:17.0093 3088 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe

01:01:17.0171 3088 ehRecvr - ok

01:01:17.0218 3088 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe

01:01:17.0328 3088 ehSched - ok

01:01:17.0343 3088 EPUSBSTOR (9ff9df112f551f34ce7894c7ce41bfee) C:\WINDOWS\system32\DRIVERS\epusbsto.sys

01:01:17.0390 3088 EPUSBSTOR - ok

01:01:17.0421 3088 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

01:01:17.0453 3088 EraserUtilRebootDrv - ok

01:01:17.0484 3088 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

01:01:17.0609 3088 ERSvc - ok

01:01:17.0640 3088 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

01:01:17.0718 3088 Eventlog - ok

01:01:17.0765 3088 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

01:01:17.0859 3088 EventSystem - ok

01:01:17.0890 3088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

01:01:18.0046 3088 Fastfat - ok

01:01:18.0078 3088 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

01:01:18.0187 3088 FastUserSwitchingCompatibility - ok

01:01:18.0203 3088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

01:01:18.0328 3088 Fdc - ok

01:01:18.0343 3088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

01:01:18.0484 3088 Fips - ok

01:01:18.0500 3088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

01:01:18.0609 3088 Flpydisk - ok

01:01:18.0640 3088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

01:01:18.0781 3088 FltMgr - ok

01:01:18.0875 3088 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

01:01:18.0906 3088 FontCache3.0.0.0 - ok

01:01:18.0921 3088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

01:01:19.0031 3088 Fs_Rec - ok

01:01:19.0046 3088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

01:01:19.0156 3088 Ftdisk - ok

01:01:19.0171 3088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

01:01:19.0296 3088 Gpc - ok

01:01:19.0375 3088 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

01:01:19.0453 3088 gupdate - ok

01:01:19.0453 3088 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

01:01:19.0515 3088 gupdatem - ok

01:01:19.0546 3088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

01:01:19.0687 3088 HDAudBus - ok

01:01:19.0734 3088 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

01:01:19.0875 3088 helpsvc - ok

01:01:19.0906 3088 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

01:01:20.0046 3088 HidServ - ok

01:01:20.0078 3088 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

01:01:20.0203 3088 hidusb - ok

01:01:20.0234 3088 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

01:01:20.0375 3088 hkmsvc - ok

01:01:20.0375 3088 hpn - ok

01:01:20.0406 3088 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

01:01:20.0484 3088 HSFHWBS2 - ok

01:01:20.0562 3088 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

01:01:20.0640 3088 HSF_DP - ok

01:01:20.0703 3088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

01:01:20.0796 3088 HTTP - ok

01:01:20.0812 3088 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

01:01:20.0953 3088 HTTPFilter - ok

01:01:20.0968 3088 i2omgmt - ok

01:01:20.0968 3088 i2omp - ok

01:01:21.0062 3088 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

01:01:21.0171 3088 ialm - ok

01:01:21.0250 3088 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys

01:01:21.0312 3088 iastor - ok

01:01:21.0500 3088 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

01:01:21.0656 3088 idsvc - ok

01:01:21.0843 3088 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSxpx86.sys

01:01:21.0921 3088 IDSxpx86 - ok

01:01:22.0000 3088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

01:01:22.0140 3088 Imapi - ok

01:01:22.0203 3088 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

01:01:22.0390 3088 ImapiService - ok

01:01:22.0390 3088 ini910u - ok

01:01:22.0406 3088 IntelIde - ok

01:01:22.0421 3088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

01:01:22.0546 3088 intelppm - ok

01:01:22.0562 3088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

01:01:22.0703 3088 Ip6Fw - ok

01:01:22.0718 3088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

01:01:22.0859 3088 IpFilterDriver - ok

01:01:22.0875 3088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

01:01:23.0015 3088 IpInIp - ok

01:01:23.0031 3088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

01:01:23.0171 3088 IpNat - ok

01:01:23.0203 3088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

01:01:23.0359 3088 IPSec - ok

01:01:23.0375 3088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

01:01:23.0453 3088 IRENUM - ok

01:01:23.0500 3088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

01:01:23.0640 3088 isapnp - ok

01:01:23.0703 3088 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

01:01:23.0812 3088 JavaQuickStarterService - ok

01:01:23.0843 3088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

01:01:23.0968 3088 Kbdclass - ok

01:01:23.0984 3088 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

01:01:24.0093 3088 kbdhid - ok

01:01:24.0125 3088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

01:01:24.0250 3088 kmixer - ok

01:01:24.0265 3088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

01:01:24.0343 3088 KSecDD - ok

01:01:24.0375 3088 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

01:01:24.0453 3088 lanmanserver - ok

01:01:24.0468 3088 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

01:01:24.0546 3088 lanmanworkstation - ok

01:01:24.0546 3088 lbrtfdc - ok

01:01:25.0031 3088 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

01:01:25.0343 3088 LeapFrog Connect Device Service - ok

01:01:25.0468 3088 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

01:01:25.0593 3088 LmHosts - ok

01:01:25.0640 3088 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

01:01:25.0671 3088 MBAMProtector - ok

01:01:25.0765 3088 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

01:01:25.0875 3088 MBAMService - ok

01:01:25.0968 3088 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe

01:01:26.0031 3088 McrdSvc - ok

01:01:26.0046 3088 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

01:01:26.0078 3088 mdmxsdk - ok

01:01:26.0109 3088 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

01:01:26.0250 3088 Messenger - ok

01:01:26.0296 3088 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll

01:01:26.0421 3088 MHN ( UnsignedFile.Multi.Generic ) - warning

01:01:26.0421 3088 MHN - detected UnsignedFile.Multi.Generic (1)

01:01:26.0437 3088 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

01:01:26.0468 3088 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

01:01:26.0468 3088 MHNDRV - detected UnsignedFile.Multi.Generic (1)

01:01:26.0500 3088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

01:01:26.0609 3088 mnmdd - ok

01:01:26.0640 3088 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

01:01:26.0812 3088 mnmsrvc - ok

01:01:26.0828 3088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

01:01:26.0953 3088 Modem - ok

01:01:27.0000 3088 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

01:01:27.0109 3088 MODEMCSA - ok

01:01:27.0125 3088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

01:01:27.0265 3088 Mouclass - ok

01:01:27.0281 3088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

01:01:27.0421 3088 mouhid - ok

01:01:27.0453 3088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

01:01:27.0578 3088 MountMgr - ok

01:01:27.0609 3088 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

01:01:27.0640 3088 MpFilter - ok

01:01:27.0718 3088 MpKsl6eb7b14e (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E3AE5AA-4B3C-4E17-8459-3180915B1D83}\MpKsl6eb7b14e.sys

01:01:27.0750 3088 MpKsl6eb7b14e - ok

01:01:27.0765 3088 mraid35x - ok

01:01:27.0765 3088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

01:01:27.0890 3088 MRxDAV - ok

01:01:27.0953 3088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

01:01:28.0046 3088 MRxSmb - ok

01:01:28.0078 3088 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

01:01:28.0203 3088 MSDTC - ok

01:01:28.0218 3088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

01:01:28.0406 3088 Msfs - ok

01:01:28.0406 3088 MSIServer - ok

01:01:28.0437 3088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

01:01:28.0546 3088 MSKSSRV - ok

01:01:28.0640 3088 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe

01:01:28.0671 3088 MsMpSvc - ok

01:01:28.0703 3088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

01:01:28.0812 3088 MSPCLOCK - ok

01:01:28.0828 3088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

01:01:28.0937 3088 MSPQM - ok

01:01:28.0937 3088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

01:01:29.0046 3088 mssmbios - ok

01:01:29.0078 3088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

01:01:29.0109 3088 Mup - ok

01:01:29.0156 3088 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

01:01:29.0328 3088 napagent - ok

01:01:29.0437 3088 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files\Nero\Update\NASvc.exe

01:01:29.0531 3088 NAUpdate - ok

01:01:29.0687 3088 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.019\NAVENG.SYS

01:01:29.0734 3088 NAVENG - ok

01:01:29.0843 3088 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.019\NAVEX15.SYS

01:01:29.0937 3088 NAVEX15 - ok

01:01:30.0078 3088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

01:01:30.0218 3088 NDIS - ok

01:01:30.0234 3088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

01:01:30.0312 3088 NdisTapi - ok

01:01:30.0312 3088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

01:01:30.0437 3088 Ndisuio - ok

01:01:30.0468 3088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

01:01:30.0640 3088 NdisWan - ok

01:01:30.0671 3088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

01:01:30.0718 3088 NDProxy - ok

01:01:30.0718 3088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

01:01:30.0859 3088 NetBIOS - ok

01:01:30.0875 3088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

01:01:31.0031 3088 NetBT - ok

01:01:31.0078 3088 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

01:01:31.0234 3088 NetDDE - ok

01:01:31.0234 3088 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

01:01:31.0390 3088 NetDDEdsdm - ok

01:01:31.0406 3088 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

01:01:31.0546 3088 Netlogon - ok

01:01:31.0578 3088 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

01:01:31.0734 3088 Netman - ok

01:01:31.0843 3088 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

01:01:31.0875 3088 NetTcpPortSharing - ok

01:01:32.0000 3088 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

01:01:32.0078 3088 NIS - ok

01:01:32.0125 3088 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

01:01:32.0187 3088 Nla - ok

01:01:32.0218 3088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

01:01:32.0343 3088 Npfs - ok

01:01:32.0406 3088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

01:01:32.0578 3088 Ntfs - ok

01:01:32.0593 3088 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

01:01:32.0703 3088 NtLmSsp - ok

01:01:32.0750 3088 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

01:01:32.0937 3088 NtmsSvc - ok

01:01:32.0968 3088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

01:01:33.0093 3088 Null - ok

01:01:33.0125 3088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

01:01:33.0234 3088 NwlnkFlt - ok

01:01:33.0250 3088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

01:01:33.0359 3088 NwlnkFwd - ok

01:01:33.0390 3088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

01:01:33.0531 3088 Parport - ok

01:01:33.0546 3088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

01:01:33.0671 3088 PartMgr - ok

01:01:33.0687 3088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

01:01:33.0796 3088 ParVdm - ok

01:01:33.0812 3088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

01:01:33.0937 3088 PCI - ok

01:01:33.0937 3088 PCIDump - ok

01:01:33.0953 3088 PCIIde - ok

01:01:33.0984 3088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

01:01:34.0093 3088 Pcmcia - ok

01:01:34.0093 3088 PDCOMP - ok

01:01:34.0109 3088 PDFRAME - ok

01:01:34.0109 3088 PDRELI - ok

01:01:34.0109 3088 PDRFRAME - ok

01:01:34.0109 3088 perc2 - ok

01:01:34.0125 3088 perc2hib - ok

01:01:34.0156 3088 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

01:01:34.0218 3088 PlugPlay - ok

01:01:34.0359 3088 PMBDeviceInfoProvider (e9605a180001a6b5551112d91de92ca1) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

01:01:34.0578 3088 PMBDeviceInfoProvider - ok

01:01:34.0609 3088 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

01:01:34.0718 3088 PolicyAgent - ok

01:01:34.0750 3088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

01:01:34.0890 3088 PptpMiniport - ok

01:01:34.0890 3088 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

01:01:35.0000 3088 ProtectedStorage - ok

01:01:35.0031 3088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

01:01:35.0156 3088 PSched - ok

01:01:35.0171 3088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

01:01:35.0296 3088 Ptilink - ok

01:01:35.0343 3088 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys

01:01:35.0390 3088 PxHelp20 - ok

01:01:35.0406 3088 ql1080 - ok

01:01:35.0406 3088 Ql10wnt - ok

01:01:35.0406 3088 ql12160 - ok

01:01:35.0406 3088 ql1240 - ok

01:01:35.0421 3088 ql1280 - ok

01:01:35.0437 3088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

01:01:35.0562 3088 RasAcd - ok

01:01:35.0609 3088 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

01:01:35.0750 3088 RasAuto - ok

01:01:35.0781 3088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

01:01:35.0890 3088 Rasl2tp - ok

01:01:35.0937 3088 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

01:01:36.0078 3088 RasMan - ok

01:01:36.0093 3088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

01:01:36.0218 3088 RasPppoe - ok

01:01:36.0234 3088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

01:01:36.0343 3088 Raspti - ok

01:01:36.0375 3088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

01:01:36.0500 3088 Rdbss - ok

01:01:36.0531 3088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

01:01:36.0656 3088 RDPCDD - ok

01:01:36.0687 3088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

01:01:36.0812 3088 rdpdr - ok

01:01:36.0843 3088 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

01:01:36.0921 3088 RDPWD - ok

01:01:36.0953 3088 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

01:01:37.0125 3088 RDSessMgr - ok

01:01:37.0140 3088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

01:01:37.0281 3088 redbook - ok

01:01:37.0312 3088 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

01:01:37.0453 3088 RemoteAccess - ok

01:01:37.0484 3088 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

01:01:37.0609 3088 RemoteRegistry - ok

01:01:37.0640 3088 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

01:01:37.0781 3088 RpcLocator - ok

01:01:37.0843 3088 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

01:01:37.0906 3088 RpcSs - ok

01:01:37.0937 3088 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

01:01:38.0062 3088 RSVP - ok

01:01:38.0093 3088 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

01:01:38.0203 3088 SamSs - ok

01:01:38.0234 3088 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

01:01:38.0375 3088 SCardSvr - ok

01:01:38.0421 3088 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

01:01:38.0562 3088 Schedule - ok

01:01:38.0609 3088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

01:01:38.0671 3088 Secdrv - ok

01:01:38.0703 3088 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

01:01:38.0828 3088 seclogon - ok

01:01:38.0859 3088 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

01:01:38.0984 3088 SENS - ok

01:01:39.0000 3088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

01:01:39.0171 3088 Serial - ok

01:01:39.0203 3088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

01:01:39.0312 3088 Sfloppy - ok

01:01:39.0375 3088 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

01:01:39.0562 3088 SharedAccess - ok

01:01:39.0609 3088 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

01:01:39.0640 3088 ShellHWDetection - ok

01:01:39.0656 3088 Simbad - ok

01:01:39.0656 3088 Sparrow - ok

01:01:39.0671 3088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

01:01:39.0796 3088 splitter - ok

01:01:39.0828 3088 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

01:01:39.0890 3088 Spooler - ok

01:01:39.0921 3088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

01:01:40.0031 3088 sr - ok

01:01:40.0062 3088 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

01:01:40.0140 3088 srservice - ok

01:01:40.0234 3088 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SRTSP.SYS

01:01:40.0296 3088 SRTSP - ok

01:01:40.0312 3088 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307010.005\SRTSPX.SYS

01:01:40.0343 3088 SRTSPX - ok

01:01:40.0375 3088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

01:01:40.0484 3088 Srv - ok

01:01:40.0515 3088 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

01:01:40.0609 3088 SSDPSRV - ok

01:01:40.0734 3088 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys

01:01:40.0828 3088 STHDA - ok

01:01:40.0875 3088 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

01:01:41.0093 3088 stisvc - ok

01:01:41.0140 3088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

01:01:41.0265 3088 swenum - ok

01:01:41.0296 3088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

01:01:41.0421 3088 swmidi - ok

01:01:41.0437 3088 SwPrv - ok

01:01:41.0437 3088 symc810 - ok

01:01:41.0437 3088 symc8xx - ok

01:01:41.0531 3088 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMDS.SYS

01:01:41.0718 3088 SymDS - ok

01:01:41.0812 3088 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMEFA.SYS

01:01:41.0875 3088 SymEFA - ok

01:01:41.0906 3088 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

01:01:42.0000 3088 SymEvent - ok

01:01:42.0031 3088 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.SYS

01:01:42.0078 3088 SymIRON - ok

01:01:42.0125 3088 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SYMTDI.SYS

01:01:42.0250 3088 SYMTDI - ok

01:01:42.0250 3088 sym_hi - ok

01:01:42.0250 3088 sym_u3 - ok

01:01:42.0296 3088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

01:01:42.0437 3088 sysaudio - ok

01:01:42.0453 3088 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

01:01:42.0625 3088 SysmonLog - ok

01:01:42.0671 3088 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

01:01:42.0812 3088 TapiSrv - ok

01:01:42.0859 3088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

01:01:42.0906 3088 Tcpip - ok

01:01:42.0937 3088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

01:01:43.0062 3088 TDPIPE - ok

01:01:43.0078 3088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

01:01:43.0203 3088 TDTCP - ok

01:01:43.0234 3088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

01:01:43.0359 3088 TermDD - ok

01:01:43.0421 3088 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

01:01:43.0546 3088 TermService - ok

01:01:43.0609 3088 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

01:01:43.0656 3088 Themes - ok

01:01:43.0687 3088 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

01:01:43.0796 3088 TlntSvr - ok

01:01:43.0796 3088 TosIde - ok

01:01:43.0828 3088 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

01:01:43.0953 3088 TrkWks - ok

01:01:43.0968 3088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

01:01:44.0109 3088 Udfs - ok

01:01:44.0125 3088 ultra - ok

01:01:44.0171 3088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

01:01:44.0296 3088 Update - ok

01:01:44.0328 3088 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

01:01:44.0421 3088 upnphost - ok

01:01:44.0453 3088 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

01:01:44.0593 3088 UPS - ok

01:01:44.0625 3088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

01:01:44.0750 3088 usbccgp - ok

01:01:44.0781 3088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

01:01:44.0906 3088 usbehci - ok

01:01:44.0937 3088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

01:01:45.0078 3088 usbhub - ok

01:01:45.0109 3088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

01:01:45.0234 3088 usbprint - ok

01:01:45.0265 3088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

01:01:45.0375 3088 usbscan - ok

01:01:45.0406 3088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

01:01:45.0531 3088 USBSTOR - ok

01:01:45.0546 3088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

01:01:45.0671 3088 usbuhci - ok

01:01:45.0687 3088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

01:01:45.0812 3088 VgaSave - ok

01:01:45.0828 3088 ViaIde - ok

01:01:45.0843 3088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

01:01:45.0968 3088 VolSnap - ok

01:01:46.0015 3088 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

01:01:46.0125 3088 VSS - ok

01:01:46.0156 3088 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

01:01:46.0296 3088 W32Time - ok

01:01:46.0328 3088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

01:01:46.0468 3088 Wanarp - ok

01:01:46.0468 3088 WDICA - ok

01:01:46.0484 3088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

01:01:46.0640 3088 wdmaud - ok

01:01:46.0671 3088 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

01:01:46.0796 3088 WebClient - ok

01:01:46.0875 3088 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

01:01:46.0921 3088 winachsf - ok

01:01:47.0000 3088 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

01:01:47.0140 3088 winmgmt - ok

01:01:47.0156 3088 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

01:01:47.0218 3088 WmdmPmSN - ok

01:01:47.0281 3088 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

01:01:47.0484 3088 Wmi - ok

01:01:47.0531 3088 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

01:01:47.0703 3088 WmiApSrv - ok

01:01:47.0734 3088 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

01:01:47.0796 3088 WpdUsb - ok

01:01:47.0843 3088 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

01:01:48.0031 3088 wscsvc - ok

01:01:48.0062 3088 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

01:01:48.0171 3088 wuauserv - ok

01:01:48.0218 3088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

01:01:48.0296 3088 WudfPf - ok

01:01:48.0312 3088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

01:01:48.0390 3088 WudfRd - ok

01:01:48.0421 3088 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

01:01:48.0468 3088 WudfSvc - ok

01:01:48.0531 3088 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

01:01:48.0734 3088 WZCSVC - ok

01:01:48.0781 3088 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

01:01:48.0906 3088 xmlprov - ok

01:01:48.0937 3088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

01:01:49.0421 3088 \Device\Harddisk0\DR0 - ok

01:01:49.0421 3088 Boot (0x1200) (beceaddcfe5c4c87fa552c40c6f2cec6) \Device\Harddisk0\DR0\Partition0

01:01:49.0421 3088 \Device\Harddisk0\DR0\Partition0 - ok

01:01:49.0453 3088 Boot (0x1200) (c0cfe80092fbc95221607b104c4f2f04) \Device\Harddisk0\DR0\Partition1

01:01:49.0453 3088 \Device\Harddisk0\DR0\Partition1 - ok

01:01:49.0453 3088 ============================================================

01:01:49.0453 3088 Scan finished

01:01:49.0453 3088 ============================================================

01:01:49.0562 1888 Detected object count: 3

01:01:49.0562 1888 Actual detected object count: 3

01:05:26.0328 1888 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

01:05:26.0328 1888 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:05:26.0328 1888 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

01:05:26.0328 1888 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

01:05:26.0343 1888 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

01:05:26.0343 1888 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

MrCharlie · June 23, 2012

That scan was clean, please do this........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

timberwolf · June 23, 2012

Here is the ComboFix log. This is worth mentioning, but not sure if it's related to an infection. For the last few days, Windows wants me to keep installing the same updates, even though they install successfully. Each day when I boot the PC, it tells me there are updates, but they are always the same ones.

ComboFix 12-06-23.05 - User 06/23/2012 17:55:18.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2113 [GMT -4:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\User\Application Data\vso_ts_preview.xml

c:\documents and settings\User\Favorites\Games.url

.

c:\windows\system32\drivers\i8042prt.sys was missing

Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys

.

((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))

.

2012-06-23 21:58 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys

2012-06-23 21:58 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2012-06-23 04:56 . 2012-06-23 04:56 -------- d-----w- c:\program files\ERUNT

2012-06-22 17:47 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E3AE5AA-4B3C-4E17-8459-3180915B1D83}\mpengine.dll

2012-06-21 05:49 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-18 06:36 . 2012-06-18 06:36 -------- d-----w- c:\program files\Trend Micro

2012-06-18 02:16 . 2012-06-20 01:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-06-18 02:16 . 2012-06-19 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-06-18 01:36 . 2010-01-10 22:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2012-06-17 03:34 . 2012-06-17 17:37 -------- d-----w- c:\program files\Symantec

2012-06-17 03:34 . 2012-06-17 17:37 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2012-06-17 03:34 . 2012-06-17 17:37 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-06-17 03:34 . 2012-06-17 04:34 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-06-17 03:33 . 2012-06-18 05:37 -------- d-----w- c:\windows\system32\drivers\NIS

2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\Norton Internet Security

2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\Windows Sidebar

2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\NortonInstaller

2012-06-17 02:53 . 2012-06-17 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage

2012-06-17 02:21 . 2012-06-17 08:02 -------- d-----w- c:\program files\Advanced Fix 2012

2012-06-17 00:41 . 2012-06-17 02:53 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ID Vault

2012-06-17 00:40 . 2012-06-17 02:53 -------- d-----w- c:\documents and settings\User\Application Data\ID Vault

2012-06-16 23:25 . 2012-06-16 23:25 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun

2012-06-16 23:09 . 2012-06-16 23:09 -------- d-----w- c:\program files\Common Files\Java

2012-06-16 23:09 . 2012-06-16 23:09 -------- d-----w- c:\program files\Oracle

2012-06-16 23:09 . 2012-06-16 23:09 -------- d-----w- c:\documents and settings\User\Application Data\Oracle

2012-06-16 23:09 . 2012-05-04 23:29 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-16 23:09 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-16 23:09 . 2012-05-04 23:29 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-16 23:08 . 2012-06-16 23:08 -------- d-----w- c:\program files\Java

2012-06-16 22:09 . 2012-06-16 22:09 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth

2012-06-16 18:20 . 2012-06-17 03:37 -------- d-----w- c:\program files\Constant Guard Protection Suite

2012-06-16 18:20 . 2012-06-16 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc

2012-06-16 07:25 . 2012-06-17 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2012-06-16 07:25 . 2012-06-16 08:07 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\NPE

2012-06-16 06:55 . 2012-06-16 06:55 -------- d-----w- c:\windows\system32\wbem\Repository

2012-06-14 05:43 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 17:05 . 2012-04-17 17:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 17:05 . 2011-07-06 02:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 19:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2011-07-05 23:14 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2011-07-05 23:14 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 19:19 . 2011-07-05 23:14 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2011-07-05 23:14 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2011-07-05 23:14 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2011-07-05 23:14 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2011-07-05 23:14 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2011-07-16 00:24 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2011-07-16 00:24 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 19:18 . 2009-08-06 23:23 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2011-07-05 23:12 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 19:56 . 2011-07-16 01:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-13 04:39 . 2012-04-21 20:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 20:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]

"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk]

path=c:\documents and settings\User\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk

backup=c:\windows\pss\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnkStartup

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\symds.sys [6/17/2012 1:37 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\symefa.sys [6/17/2012 1:37 PM 905336]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 8:01 PM 821920]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccsetx86.sys [6/17/2012 1:37 PM 132744]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys [6/17/2012 1:37 PM 149624]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/15/2011 9:25 PM 654408]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/25/2010 2:39 PM 490280]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [6/17/2012 1:37 PM 138232]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [3/15/2011 2:44 PM 428384]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/16/2012 11:35 PM 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSXpx86.sys [6/23/2012 12:34 AM 369632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/15/2011 9:25 PM 22344]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 11:36 PM 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/17/2012 1:04 PM 250056]

S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [9/9/2001 8:00 PM 17976]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 11:36 PM 136176]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 17:05]

.

2012-06-15 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]

.

2012-06-19 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]

.

2012-06-23 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]

.

2012-06-23 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-21 03:36]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-21 03:36]

.

2012-06-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 20:50]

.

2011-07-18 c:\windows\Tasks\switchShakeIcon.job

- c:\program files\NCH Swift Sound\Switch\switch.exe [2011-07-18 21:50]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 180.95.19.8:80

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\et9ohpua.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.ftp - 203.42.246.231

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.http - 203.42.246.231

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - 203.42.246.231

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl - 203.42.246.231

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-adblock pro - c:\program files\Adblock Pro\abpmain.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-23 18:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(308)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\stsystra.exe

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\dllhost.exe

c:\windows\eHome\ehmsas.exe

.

**************************************************************************

.

Completion time: 2012-06-23 18:05:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-23 22:05

.

Pre-Run: 42,003,402,752 bytes free

Post-Run: 45,922,791,424 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 1003D062C9CD2089E7C1AB05CB5B1355

MrCharlie · June 24, 2012

Here is the ComboFix log. This is worth mentioning, but not sure if it's related to an infection. For the last few days, Windows wants me to keep installing the same updates, even though they install successfully. Each day when I boot the PC, it tells me there are updates, but they are always the same ones.

Hold off on any updates for now.

-----------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

timberwolf · June 24, 2012

MBAM updated. Nothing found. Here is the log from the quick scan.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.24.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

User :: USER-2CCCC38035 [administrator]

Protection: Enabled

6/24/2012 12:54:23 PM

mbam-log-2012-06-24 (12-54-23).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 194286

Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · June 24, 2012

How is the computer now, any problems?? MrC

timberwolf · June 25, 2012

No, it seems to be fine.

MrCharlie · June 25, 2012

Great

A little clean up to do......

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Maurice Naggar · June 25, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Scamware popup - verify Comcast IP within 10 days

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information