Jump to content


Photo

Not responding


  • This topic is locked This topic is locked
18 replies to this topic

#1 Claudiams

Claudiams

    Member

  • Full Member
  • Pip
  • 82 posts

Posted 10 December 2012 - 12:34 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.10.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Claudia :: STILL [administrator]

12/10/2012 8:47:03 AM
mbam-log-2012-12-10 (08-47-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270152
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Claudia at 12:22:21 on 2012-12-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.909 [GMT -5:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\20.2.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\20.2.0.19\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\20.2.0.19\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C6B47D3E-13E4-4EE2-98E9-FF1A7FD6B5DD} : DHCPNameServer = 192.168.1.1
Notify: GoToAssist - <no file>
Notify: WgaLogon - <no file>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\claudia\application data\mozilla\firefox\profiles\8yi6q0be.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npplg80n.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402000.013\symds.sys [2012-10-27 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402000.013\symefa.sys [2012-10-27 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys [2012-10-27 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402000.013\ironx86.sys [2012-10-27 175264]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\20.2.0.19\ccsvchst.exe [2012-10-27 143928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-8 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\ipsdefs\20121130.001\IDSXpx86.sys [2012-12-1 373728]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-10 40776]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\virusdefs\20121209.006\NAVENG.SYS [2012-12-9 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\virusdefs\20121209.006\NAVEX15.SYS [2012-12-9 1601184]
S0 evieqw;evieqw;c:\windows\system32\drivers\phhxsfc.sys --> c:\windows\system32\drivers\phhxsfc.sys [?]
S0 idujqe;idujqe;c:\windows\system32\drivers\tghdmxjc.sys --> c:\windows\system32\drivers\tghdmxjc.sys [?]
S0 suxde;suxde;c:\windows\system32\drivers\odjsrkc.sys --> c:\windows\system32\drivers\odjsrkc.sys [?]
S0 uilxo;uilxo;c:\windows\system32\drivers\wwnq.sys --> c:\windows\system32\drivers\wwnq.sys [?]
S2 NEC Usb3;NEC USB3 Service;c:\windows\system32\svchost.exe -k NECUsb3s [2004-8-4 14336]
S2 Wmipsd;Wmipsd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\dellsu~2\hwdiag\bin\pcd5srvc.pkms --> c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [?]
.
=============== Created Last 30 ================
.
2012-12-10 13:46:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-10 12:54:04 175 ----a-w- C:\jre-7u9-windows-i586-iftw.exe
.
==================== Find3M ====================
.
2012-11-07 13:18:28 4522 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-13 00:35:52 72104 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-09 19:51:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 19:51:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 01:00:02 586400 ----a-w- c:\windows\system32\drivers\n360\1402000.013\srtsp.sys
2012-10-08 11:29:42 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-08 10:06:54 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 10:06:50 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-08 10:06:50 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 10:06:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-04 01:40:35 927904 ----a-w- c:\windows\system32\drivers\n360\1402000.013\symefa.sys
2012-10-04 01:40:20 368288 ----a-w- c:\windows\system32\drivers\n360\1402000.013\symds.sys
2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:23:52.43 ===============Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 16.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

Hello,
My computer is constantly freezing or saids not responding. Occasionally I am redirected to advertisements such as educational or housing websites. I usually use firefox and I can sometimes access IE.
Thanks for any help.

#2 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 11 December 2012 - 01:58 PM

Hi,

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#3 Claudiams

Claudiams

    Member

  • Full Member
  • Pip
  • 82 posts

Posted 12 December 2012 - 04:16 PM

ComboFix 12-12-10.01 - Claudia 12/12/2012 14:48:54.10.1 - x86
Running from: c:\documents and settings\Claudia\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\jre-7u9-windows-i586-iftw.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-12 to 2012-12-12 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 14:51 . 2012-05-02 22:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 14:51 . 2011-06-23 18:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 13:18 . 2011-10-13 20:12 4522 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-10-22 08:37 . 2004-08-04 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-13 00:35 . 2012-01-30 05:25 72104 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-09 01:00 . 2012-10-27 16:31 586400 ----a-w- c:\windows\system32\drivers\N360\1402000.013\srtsp.sys
2012-10-08 11:29 . 2012-05-03 21:02 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-08 10:06 . 2012-10-08 10:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 10:06 . 2012-09-24 23:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-08 10:06 . 2012-09-24 23:21 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-08 10:06 . 2010-12-19 20:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-04 01:40 . 2012-10-27 16:31 927904 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symefa.sys
2012-10-04 01:40 . 2012-10-27 16:31 368288 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symds.sys
2012-10-04 01:19 . 2012-10-27 16:31 134304 ----a-w- c:\windows\system32\drivers\N360\1402000.013\ccsetx86.sys
2012-10-02 18:04 . 2004-08-04 11:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54 . 2011-04-26 22:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 13:45 . 2012-12-12 13:45 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Claudia^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]
path=c:\documents and settings\Claudia\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
backup=c:\windows\pss\PandaUSBVaccine.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 09:20 122940 ----a-w- c:\windows\SYSTEM32\dla\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 03:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-17 17:03 135168 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-08-23 21:17 211296 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
2010-03-16 13:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-10 03:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 13:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"MBackMonitor"=3 (0x3)
"MPS9"=2 (0x2)
"McRedirector"=2 (0x2)
"mcpromgr"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1105010324\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symds.sys [10/27/2012 11:31 AM 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symefa.sys [10/27/2012 11:31 AM 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 6:34 PM 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ccsetx86.sys [10/27/2012 11:31 AM 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ironx86.sys [10/27/2012 11:31 AM 175264]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccsvchst.exe [10/27/2012 11:31 AM 143928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/8/2012 6:30 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121211.001\IDSXpx86.sys [12/12/2012 8:47 AM 373728]
S0 evieqw;evieqw;c:\windows\system32\drivers\phhxsfc.sys --> c:\windows\system32\drivers\phhxsfc.sys [?]
S0 idujqe;idujqe;c:\windows\system32\drivers\tghdmxjc.sys --> c:\windows\system32\drivers\tghdmxjc.sys [?]
S0 suxde;suxde;c:\windows\system32\drivers\odjsrkc.sys --> c:\windows\system32\drivers\odjsrkc.sys [?]
S0 uilxo;uilxo;c:\windows\system32\drivers\wwnq.sys --> c:\windows\system32\drivers\wwnq.sys [?]
S2 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe -k NECUsb3s [8/4/2004 6:00 AM 14336]
S2 Wmipsd;Wmipsd;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms --> c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mpfservice
sagefserver
AVCamUSB20
usbcm
tvicport
LPCFilter
iwebmsg
hibernation
trioservice
s117mdm
hsf_dpv
ZDPNDIS5
bwsvc
ssm_mdfl
acrsch2svc
AsIO
winvnc4
NAL
richvideo
M2500
acnusvc
IPSECSHM
w800mdm
Wmipsd
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 14:51]
.
2012-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-12-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Claudia\Application Data\Mozilla\Firefox\Profiles\8yi6q0be.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-12 15:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
@DACL=(02 0000)
"DLLName"="c:\\Program Files\\Citrix\\GoToAssist\\514\\G2AWinLogon.dll"
"Logoff"="G2ALogoff"
"Asynchronous"=dword:00000000
"Logon"="G2ALogon"
"Startup"="G2AStartup"
"Impersonate"=dword:00000000
"Shutdown"="G2AShutdown"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
Completion time: 2012-12-12 15:07:31
ComboFix-quarantined-files.txt 2012-12-12 20:07
ComboFix2.txt 2012-05-30 10:44
ComboFix3.txt 2012-05-28 14:07
ComboFix4.txt 2012-05-28 10:50
.
Pre-Run: 12,544,831,488 bytes free
Post-Run: 12,589,690,880 bytes free
.
- - End Of File - - 4420D5758B583BAA40C11BA55C2AF6F6

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 14 December 2012 - 09:16 AM

Hi again,

I notice that you may have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with fixes. So please check and disable TeaTimer if necessary by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.

Next:

Go here:

http://www.virustotal.com/

and follow the instructions to upload and scan these files:

c:\windows\system32\drivers\phhxsfc.sys
c:\windows\system32\drivers\tghdmxjc.sys
c:\windows\system32\drivers\odjsrkc.sys
c:\windows\system32\drivers\wwnq.sys


Please post the reports here.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 Claudiams

Claudiams

    Member

  • Full Member
  • Pip
  • 82 posts

Posted 20 December 2012 - 12:50 PM

I did a search and looked in my control panel for Spybot, I didn't find anything similiar with that name. I tried to load the files but nothing also showed under those names after the last slash bar. I also tried under the url names and nothing also showed.
Files could not be found. Could it be malware?
Claudia

#6 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 22 December 2012 - 08:24 AM

Hi again,

Yes I believe those files are malware.

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

File::
c:\windows\system32\drivers\phhxsfc.sys
c:\windows\system32\drivers\tghdmxjc.sys
c:\windows\system32\drivers\odjsrkc.sys
c:\windows\system32\drivers\wwnq.sys

Driver::
phhxsfc
tghdmxjc
odjsrkc
wwnq


Save this as CFScript

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Next:

Please download TDSSKiller.exe to your Desktop

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
Next:

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
You may need two posts to fit all the logs in, please check you have posted them completely.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#7 Claudiams

Claudiams

    Member

  • Full Member
  • Pip
  • 82 posts

Posted 26 December 2012 - 01:28 PM

ComboFix 12-12-25.02 - Claudia 12/26/2012 9:05.11.1 - x86
Running from: c:\documents and settings\Claudia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Claudia\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\odjsrkc.sys"
"c:\windows\system32\drivers\phhxsfc.sys"
"c:\windows\system32\drivers\tghdmxjc.sys"
"c:\windows\system32\drivers\wwnq.sys"
.
.
((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 14:51 . 2012-05-02 22:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 14:51 . 2011-06-23 18:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2004-08-04 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 13:18 . 2011-10-13 20:12 4522 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-11-06 00:41 . 2004-08-04 11:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-04 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-13 00:35 . 2012-01-30 05:25 72104 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-09 01:00 . 2012-10-27 16:31 586400 ----a-w- c:\windows\system32\drivers\N360\1402000.013\srtsp.sys
2012-10-08 11:29 . 2012-05-03 21:02 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-08 10:06 . 2012-10-08 10:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 10:06 . 2012-09-24 23:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-08 10:06 . 2012-09-24 23:21 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-08 10:06 . 2010-12-19 20:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-04 01:40 . 2012-10-27 16:31 927904 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symefa.sys
2012-10-04 01:40 . 2012-10-27 16:31 368288 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symds.sys
2012-10-04 01:19 . 2012-10-27 16:31 134304 ----a-w- c:\windows\system32\drivers\N360\1402000.013\ccsetx86.sys
2012-10-02 18:04 . 2004-08-04 11:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54 . 2011-04-26 22:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 13:45 . 2012-12-12 13:45 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Claudia^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]
path=c:\documents and settings\Claudia\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
backup=c:\windows\pss\PandaUSBVaccine.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 09:20 122940 ----a-w- c:\windows\SYSTEM32\dla\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 03:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-17 17:03 135168 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-08-23 21:17 211296 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
2010-03-16 13:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-10 03:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 13:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"MBackMonitor"=3 (0x3)
"MPS9"=2 (0x2)
"McRedirector"=2 (0x2)
"mcpromgr"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1105010324\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symds.sys [10/27/2012 11:31 AM 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symefa.sys [10/27/2012 11:31 AM 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 6:34 PM 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ccsetx86.sys [10/27/2012 11:31 AM 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ironx86.sys [10/27/2012 11:31 AM 175264]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccsvchst.exe [10/27/2012 11:31 AM 143928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/8/2012 6:30 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121219.001\IDSXpx86.sys [12/20/2012 12:12 PM 373728]
S0 evieqw;evieqw;c:\windows\system32\drivers\phhxsfc.sys --> c:\windows\system32\drivers\phhxsfc.sys [?]
S0 idujqe;idujqe;c:\windows\system32\drivers\tghdmxjc.sys --> c:\windows\system32\drivers\tghdmxjc.sys [?]
S0 suxde;suxde;c:\windows\system32\drivers\odjsrkc.sys --> c:\windows\system32\drivers\odjsrkc.sys [?]
S0 uilxo;uilxo;c:\windows\system32\drivers\wwnq.sys --> c:\windows\system32\drivers\wwnq.sys [?]
S2 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe -k NECUsb3s [8/4/2004 6:00 AM 14336]
S2 Wmipsd;Wmipsd;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms --> c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mpfservice
sagefserver
AVCamUSB20
usbcm
tvicport
LPCFilter
iwebmsg
hibernation
trioservice
s117mdm
hsf_dpv
ZDPNDIS5
bwsvc
ssm_mdfl
acrsch2svc
AsIO
winvnc4
NAL
richvideo
M2500
acnusvc
IPSECSHM
w800mdm
Wmipsd
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 14:51]
.
2012-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-12-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Claudia\Application Data\Mozilla\Firefox\Profiles\8yi6q0be.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-26 09:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
@DACL=(02 0000)
"DLLName"="c:\\Program Files\\Citrix\\GoToAssist\\514\\G2AWinLogon.dll"
"Logoff"="G2ALogoff"
"Asynchronous"=dword:00000000
"Logon"="G2ALogon"
"Startup"="G2AStartup"
"Impersonate"=dword:00000000
"Shutdown"="G2AShutdown"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
Completion time: 2012-12-26 09:23:47
ComboFix-quarantined-files.txt 2012-12-26 14:23
ComboFix2.txt 2012-12-12 20:07
ComboFix3.txt 2012-05-30 10:44
ComboFix4.txt 2012-05-28 14:07
ComboFix5.txt 2012-12-26 13:24
.
Pre-Run: 12,433,301,504 bytes free
Post-Run: 12,266,618,880 bytes free
.
- - End Of File - - 0184212A9500AE891863CA754FBD770F


13:09:05.0921 3236 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:09:06.0781 3236 ============================================================
13:09:06.0781 3236 Current date / time: 2012/12/26 13:09:06.0781
13:09:06.0781 3236 SystemInfo:
13:09:06.0781 3236
13:09:06.0781 3236 OS Version: 5.1.2600 ServicePack: 3.0
13:09:06.0781 3236 Product type: Workstation
13:09:06.0781 3236 ComputerName: STILL
13:09:06.0781 3236 UserName: Claudia
13:09:06.0781 3236 Windows directory: C:\WINDOWS
13:09:06.0781 3236 System windows directory: C:\WINDOWS
13:09:06.0781 3236 Processor architecture: Intel x86
13:09:06.0781 3236 Number of processors: 1
13:09:06.0781 3236 Page size: 0x1000
13:09:06.0781 3236 Boot type: Normal boot
13:09:06.0781 3236 ============================================================
13:09:08.0531 3236 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:09:08.0546 3236 ============================================================
13:09:08.0546 3236 \Device\Harddisk0\DR0:
13:09:08.0546 3236 MBR partitions:
13:09:08.0546 3236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8E351C2
13:09:08.0546 3236 ============================================================
13:09:08.0578 3236 C: <-> \Device\Harddisk0\DR0\Partition1
13:09:08.0578 3236 ============================================================
13:09:08.0578 3236 Initialize success
13:09:08.0578 3236 ============================================================
13:09:18.0390 3676 ============================================================
13:09:18.0390 3676 Scan started
13:09:18.0390 3676 Mode: Manual;
13:09:18.0390 3676 ============================================================
13:09:18.0859 3676 ================ Scan system memory ========================
13:09:18.0859 3676 System memory - ok
13:09:18.0859 3676 ================ Scan services =============================
13:09:19.0000 3676 Abiosdsk - ok
13:09:19.0046 3676 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:09:19.0046 3676 abp480n5 - ok
13:09:19.0093 3676 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:09:19.0093 3676 ACPI - ok
13:09:19.0109 3676 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:09:19.0109 3676 ACPIEC - ok
13:09:19.0203 3676 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:09:19.0203 3676 AdobeFlashPlayerUpdateSvc - ok
13:09:19.0250 3676 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:09:19.0265 3676 adpu160m - ok
13:09:19.0328 3676 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:09:19.0328 3676 aec - ok
13:09:19.0390 3676 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:09:19.0390 3676 AFD - ok
13:09:19.0453 3676 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
13:09:19.0453 3676 agp440 - ok
13:09:19.0468 3676 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:09:19.0468 3676 agpCPQ - ok
13:09:19.0562 3676 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:09:19.0562 3676 Aha154x - ok
13:09:19.0609 3676 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:09:19.0609 3676 aic78u2 - ok
13:09:19.0671 3676 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:09:19.0671 3676 aic78xx - ok
13:09:19.0765 3676 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:09:19.0765 3676 Alerter - ok
13:09:19.0781 3676 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:09:19.0796 3676 ALG - ok
13:09:19.0859 3676 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
13:09:19.0859 3676 AliIde - ok
13:09:19.0906 3676 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:09:19.0906 3676 alim1541 - ok
13:09:19.0968 3676 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:09:19.0968 3676 amdagp - ok
13:09:19.0984 3676 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
13:09:19.0984 3676 amsint - ok
13:09:20.0296 3676 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
13:09:20.0296 3676 AOL ACS - ok
13:09:20.0484 3676 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:09:20.0484 3676 Apple Mobile Device - ok
13:09:20.0531 3676 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
13:09:20.0546 3676 asc - ok
13:09:20.0562 3676 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:09:20.0562 3676 asc3350p - ok
13:09:20.0578 3676 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:09:20.0578 3676 asc3550 - ok
13:09:20.0734 3676 aspnet_state - ok
13:09:20.0796 3676 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:09:20.0796 3676 AsyncMac - ok
13:09:20.0859 3676 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:09:20.0875 3676 atapi - ok
13:09:20.0890 3676 Atdisk - ok
13:09:20.0921 3676 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:09:20.0921 3676 Atmarpc - ok
13:09:20.0968 3676 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:09:20.0968 3676 AudioSrv - ok
13:09:21.0015 3676 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:09:21.0015 3676 audstub - ok
13:09:21.0062 3676 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:09:21.0062 3676 Beep - ok
13:09:21.0296 3676 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
13:09:21.0312 3676 BHDrvx86 - ok
13:09:21.0359 3676 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:09:21.0375 3676 BITS - ok
13:09:21.0468 3676 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:09:21.0468 3676 Bonjour Service - ok
13:09:21.0515 3676 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:09:21.0515 3676 Browser - ok
13:09:21.0578 3676 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
13:09:21.0578 3676 BrScnUsb - ok
13:09:21.0640 3676 [ 3A9D55D28F61749A4564AFD1D660C050 ] BrSerIf C:\WINDOWS\system32\DRIVERS\BrSerIf.sys
13:09:21.0640 3676 BrSerIf - ok
13:09:21.0656 3676 [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys
13:09:21.0656 3676 BrUsbSer - ok
13:09:21.0703 3676 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
13:09:21.0718 3676 BVRPMPR5 - ok
13:09:21.0734 3676 bvrp_pci - ok
13:09:21.0796 3676 catchme - ok
13:09:21.0828 3676 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:09:21.0828 3676 cbidf - ok
13:09:21.0843 3676 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:09:21.0843 3676 cbidf2k - ok
13:09:21.0921 3676 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
13:09:21.0937 3676 CCALib8 - ok
13:09:22.0000 3676 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\1402000.013\ccSetx86.sys
13:09:22.0000 3676 ccSet_N360 - ok
13:09:22.0046 3676 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:09:22.0046 3676 cd20xrnt - ok
13:09:22.0062 3676 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:09:22.0062 3676 Cdaudio - ok
13:09:22.0093 3676 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:09:22.0093 3676 Cdfs - ok
13:09:22.0125 3676 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:09:22.0125 3676 Cdrom - ok
13:09:22.0140 3676 Changer - ok
13:09:22.0187 3676 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:09:22.0187 3676 CiSvc - ok
13:09:22.0203 3676 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:09:22.0203 3676 ClipSrv - ok
13:09:22.0234 3676 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:09:22.0250 3676 CmdIde - ok
13:09:22.0265 3676 COMSysApp - ok
13:09:22.0281 3676 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:09:22.0281 3676 Cpqarray - ok
13:09:22.0312 3676 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:09:22.0312 3676 CryptSvc - ok
13:09:22.0343 3676 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:09:22.0343 3676 dac2w2k - ok
13:09:22.0359 3676 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:09:22.0359 3676 dac960nt - ok
13:09:22.0453 3676 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:09:22.0468 3676 DcomLaunch - ok
13:09:22.0515 3676 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:09:22.0515 3676 Dhcp - ok
13:09:22.0578 3676 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:09:22.0578 3676 Disk - ok
13:09:22.0640 3676 [ D8D58A84F3ECE3359DF95FD2E459B330 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:09:22.0640 3676 DLABOIOM - ok
13:09:22.0656 3676 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:09:22.0656 3676 DLACDBHM - ok
13:09:22.0687 3676 [ 27C78078BD9C4F2DE2AD3EB04BFE101B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
13:09:22.0687 3676 DLADResN - ok
13:09:22.0718 3676 [ 7F2D93E560B763EF5D11422D78DA8ED0 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:09:22.0718 3676 DLAIFS_M - ok
13:09:22.0750 3676 [ F643637DE6AAC57E38D197AA63D9EA74 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:09:22.0750 3676 DLAOPIOM - ok
13:09:22.0796 3676 [ 340705474807F57A46D59D18FC2959F1 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:09:22.0796 3676 DLAPoolM - ok
13:09:22.0828 3676 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
13:09:22.0828 3676 DLARTL_N - ok
13:09:22.0875 3676 [ 6984EA763907C045CE813468882BC587 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:09:22.0875 3676 DLAUDFAM - ok
13:09:22.0906 3676 [ 12B30C449CFD36ADBED53EB6560933C6 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:09:22.0906 3676 DLAUDF_M - ok
13:09:22.0921 3676 dmadmin - ok
13:09:23.0171 3676 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:09:23.0171 3676 dmboot - ok
13:09:23.0203 3676 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:09:23.0203 3676 dmio - ok
13:09:23.0265 3676 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:09:23.0265 3676 dmload - ok
13:09:23.0312 3676 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:09:23.0312 3676 dmserver - ok
13:09:23.0375 3676 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:09:23.0375 3676 DMusic - ok
13:09:23.0453 3676 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:09:23.0453 3676 Dnscache - ok
13:09:23.0531 3676 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:09:23.0531 3676 Dot3svc - ok
13:09:23.0562 3676 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:09:23.0562 3676 dpti2o - ok
13:09:23.0578 3676 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:09:23.0593 3676 drmkaud - ok
13:09:23.0640 3676 [ FD0F95981FEF9073659D8EC58E40AA3C ] drvmcdb C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:09:23.0640 3676 drvmcdb - ok
13:09:23.0656 3676 [ B4869D320428CDC5EC4D7F5E808E99B5 ] drvnddm C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:09:23.0671 3676 drvnddm - ok
13:09:23.0781 3676 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
13:09:23.0781 3676 DSBrokerService - ok
13:09:23.0875 3676 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
13:09:23.0875 3676 DSproct - ok
13:09:23.0890 3676 dsunidrv - ok
13:09:23.0937 3676 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:09:23.0937 3676 E100B - ok
13:09:24.0000 3676 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:09:24.0000 3676 EapHost - ok
13:09:24.0078 3676 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:09:24.0093 3676 eeCtrl - ok
13:09:24.0140 3676 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:09:24.0140 3676 EraserUtilRebootDrv - ok
13:09:24.0203 3676 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:09:24.0203 3676 ERSvc - ok
13:09:24.0250 3676 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:09:24.0250 3676 Eventlog - ok
13:09:24.0312 3676 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:09:24.0312 3676 EventSystem - ok
13:09:24.0328 3676 evieqw - ok
13:09:24.0390 3676 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:09:24.0390 3676 Fastfat - ok
13:09:24.0468 3676 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:09:24.0468 3676 FastUserSwitchingCompatibility - ok
13:09:24.0546 3676 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
13:09:24.0546 3676 Fax - ok
13:09:24.0593 3676 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:09:24.0593 3676 Fdc - ok
13:09:24.0640 3676 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:09:24.0640 3676 Fips - ok
13:09:24.0656 3676 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:09:24.0656 3676 Flpydisk - ok
13:09:24.0703 3676 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:09:24.0703 3676 FltMgr - ok
13:09:24.0734 3676 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:09:24.0734 3676 Fs_Rec - ok
13:09:24.0796 3676 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:09:24.0796 3676 Ftdisk - ok
13:09:24.0843 3676 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:09:24.0859 3676 GEARAspiWDM - ok
13:09:24.0906 3676 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:09:24.0906 3676 Gpc - ok
13:09:24.0984 3676 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:09:24.0984 3676 helpsvc - ok
13:09:25.0046 3676 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:09:25.0046 3676 HidUsb - ok
13:09:25.0093 3676 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:09:25.0109 3676 hkmsvc - ok
13:09:25.0125 3676 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
13:09:25.0140 3676 hpn - ok
13:09:25.0171 3676 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:09:25.0187 3676 HTTP - ok
13:09:25.0234 3676 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:09:25.0234 3676 HTTPFilter - ok
13:09:25.0250 3676 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
13:09:25.0250 3676 i2omgmt - ok
13:09:25.0296 3676 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:09:25.0296 3676 i2omp - ok
13:09:25.0312 3676 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:09:25.0312 3676 i8042prt - ok
13:09:25.0390 3676 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:09:25.0453 3676 ialm - ok
13:09:25.0468 3676 idsvc - ok
13:09:25.0593 3676 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121225.001\IDSxpx86.sys
13:09:25.0593 3676 IDSxpx86 - ok
13:09:25.0609 3676 idujqe - ok
13:09:25.0656 3676 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:09:25.0656 3676 Imapi - ok
13:09:25.0703 3676 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:09:25.0703 3676 ImapiService - ok
13:09:25.0734 3676 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:09:25.0750 3676 ini910u - ok
13:09:26.0015 3676 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
13:09:26.0046 3676 IntelC51 - ok
13:09:26.0187 3676 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
13:09:26.0203 3676 IntelC52 - ok
13:09:26.0250 3676 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
13:09:26.0250 3676 IntelC53 - ok
13:09:26.0296 3676 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:09:26.0296 3676 IntelIde - ok
13:09:26.0343 3676 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:09:26.0343 3676 intelppm - ok
13:09:26.0406 3676 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:09:26.0406 3676 Ip6Fw - ok
13:09:26.0437 3676 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:09:26.0437 3676 IpFilterDriver - ok
13:09:26.0531 3676 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:09:26.0531 3676 IpInIp - ok
13:09:26.0578 3676 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:09:26.0578 3676 IpNat - ok
13:09:26.0671 3676 [ F62C69376A95795FE7CDB1C778EDACA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:09:26.0687 3676 iPod Service - ok
13:09:26.0734 3676 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:09:26.0734 3676 IPSec - ok
13:09:26.0796 3676 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:09:26.0796 3676 IRENUM - ok
13:09:26.0843 3676 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:09:26.0843 3676 isapnp - ok
13:09:26.0875 3676 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:09:26.0875 3676 Kbdclass - ok
13:09:26.0906 3676 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:09:26.0906 3676 kmixer - ok
13:09:26.0937 3676 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:09:26.0937 3676 KSecDD - ok
13:09:26.0968 3676 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:09:26.0984 3676 lanmanserver - ok
13:09:27.0015 3676 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:09:27.0031 3676 lanmanworkstation - ok
13:09:27.0046 3676 lbrtfdc - ok
13:09:27.0312 3676 [ B25C71018BDBA3E1E0E64917F7AF50A7 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
13:09:27.0484 3676 LeapFrog Connect Device Service - ok
13:09:27.0531 3676 [ E19C8550B4C6C67FABFFD998EACF440A ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
13:09:27.0531 3676 LexBceS - ok
13:09:27.0578 3676 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:09:27.0578 3676 LmHosts - ok
13:09:27.0609 3676 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:09:27.0625 3676 Messenger - ok
13:09:27.0656 3676 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:09:27.0656 3676 mnmdd - ok
13:09:27.0718 3676 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:09:27.0734 3676 mnmsrvc - ok
13:09:27.0781 3676 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:09:27.0781 3676 Modem - ok
13:09:27.0828 3676 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:09:27.0843 3676 MODEMCSA - ok
13:09:27.0875 3676 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
13:09:27.0875 3676 mohfilt - ok
13:09:27.0906 3676 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:09:27.0906 3676 Mouclass - ok
13:09:27.0937 3676 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:09:27.0937 3676 MountMgr - ok
13:09:28.0031 3676 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:09:28.0031 3676 MozillaMaintenance - ok
13:09:28.0078 3676 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:09:28.0093 3676 mraid35x - ok
13:09:28.0109 3676 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:09:28.0125 3676 MRxDAV - ok
13:09:28.0156 3676 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:09:28.0171 3676 MRxSmb - ok
13:09:28.0203 3676 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:09:28.0218 3676 MSDTC - ok
13:09:28.0250 3676 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:09:28.0250 3676 Msfs - ok
13:09:28.0265 3676 MSIServer - ok
13:09:28.0296 3676 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:09:28.0296 3676 MSKSSRV - ok
13:09:28.0328 3676 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:09:28.0328 3676 MSPCLOCK - ok
13:09:28.0375 3676 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:09:28.0375 3676 MSPQM - ok
13:09:28.0406 3676 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:09:28.0406 3676 mssmbios - ok
13:09:28.0484 3676 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:09:28.0484 3676 Mup - ok
13:09:28.0593 3676 [ 4A9258B9597A31DB68EC9740F3A8A70B ] N360 C:\Program Files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe
13:09:28.0593 3676 N360 - ok
13:09:28.0671 3676 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:09:28.0671 3676 napagent - ok
13:09:28.0781 3676 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121225.022\NAVENG.SYS
13:09:28.0781 3676 NAVENG - ok
13:09:28.0875 3676 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121225.022\NAVEX15.SYS
13:09:28.0890 3676 NAVEX15 - ok
13:09:28.0921 3676 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:09:28.0921 3676 NDIS - ok
13:09:28.0968 3676 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:09:28.0968 3676 NdisTapi - ok
13:09:29.0015 3676 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:09:29.0015 3676 Ndisuio - ok
13:09:29.0062 3676 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:09:29.0062 3676 NdisWan - ok
13:09:29.0093 3676 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:09:29.0093 3676 NDProxy - ok
13:09:29.0109 3676 NEC Usb3 - ok
13:09:29.0140 3676 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:09:29.0140 3676 NetBIOS - ok
13:09:29.0156 3676 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:09:29.0156 3676 NetBT - ok
13:09:29.0203 3676 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:09:29.0203 3676 NetDDE - ok
13:09:29.0218 3676 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:09:29.0218 3676 NetDDEdsdm - ok
13:09:29.0265 3676 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:09:29.0265 3676 Netlogon - ok
13:09:29.0312 3676 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:09:29.0312 3676 Netman - ok
13:09:29.0421 3676 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
13:09:29.0421 3676 NetSvc - ok
13:09:29.0437 3676 NetTcpPortSharing - ok
13:09:29.0484 3676 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:09:29.0500 3676 Nla - ok
13:09:29.0546 3676 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:09:29.0546 3676 Npfs - ok
13:09:29.0609 3676 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:09:29.0609 3676 Ntfs - ok
13:09:29.0656 3676 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:09:29.0656 3676 NtLmSsp - ok
13:09:29.0750 3676 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:09:29.0750 3676 NtmsSvc - ok
13:09:29.0812 3676 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:09:29.0812 3676 Null - ok
13:09:29.0906 3676 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:09:29.0953 3676 nv - ok
13:09:30.0000 3676 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:09:30.0000 3676 NwlnkFlt - ok
13:09:30.0046 3676 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:09:30.0046 3676 NwlnkFwd - ok
13:09:30.0093 3676 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:09:30.0093 3676 Parport - ok
13:09:30.0125 3676 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:09:30.0125 3676 PartMgr - ok
13:09:30.0171 3676 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:09:30.0171 3676 ParVdm - ok
13:09:30.0296 3676 PCD5SRVC{FBEA8B78-1B22F121-05040000} - ok
13:09:30.0343 3676 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:09:30.0343 3676 PCI - ok
13:09:30.0359 3676 PCIDump - ok
13:09:30.0406 3676 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:09:30.0406 3676 PCIIde - ok
13:09:30.0468 3676 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:09:30.0468 3676 Pcmcia - ok
13:09:30.0484 3676 PDCOMP - ok
13:09:30.0500 3676 PDFRAME - ok
13:09:30.0515 3676 PDRELI - ok
13:09:30.0531 3676 PDRFRAME - ok
13:09:30.0562 3676 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
13:09:30.0562 3676 perc2 - ok
13:09:30.0625 3676 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:09:30.0625 3676 perc2hib - ok
13:09:30.0671 3676 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:09:30.0671 3676 PlugPlay - ok
13:09:30.0734 3676 [ 19E83B09AB8EE1D837665DA941E2AC44 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
13:09:30.0734 3676 PnkBstrA - ok
13:09:30.0750 3676 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:09:30.0750 3676 PolicyAgent - ok
13:09:30.0812 3676 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:09:30.0828 3676 PptpMiniport - ok
13:09:30.0859 3676 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:09:30.0859 3676 ProtectedStorage - ok
13:09:30.0906 3676 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:09:30.0906 3676 PSched - ok
13:09:30.0984 3676 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:09:30.0984 3676 Ptilink - ok
13:09:31.0031 3676 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:09:31.0031 3676 PxHelp20 - ok
13:09:31.0109 3676 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:09:31.0109 3676 ql1080 - ok
13:09:31.0125 3676 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:09:31.0125 3676 Ql10wnt - ok
13:09:31.0171 3676 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:09:31.0171 3676 ql12160 - ok
13:09:31.0203 3676 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:09:31.0203 3676 ql1240 - ok
13:09:31.0218 3676 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:09:31.0218 3676 ql1280 - ok
13:09:31.0265 3676 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:09:31.0265 3676 RasAcd - ok
13:09:31.0312 3676 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:09:31.0328 3676 RasAuto - ok
13:09:31.0343 3676 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:09:31.0359 3676 Rasl2tp - ok
13:09:31.0437 3676 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:09:31.0437 3676 RasMan - ok
13:09:31.0500 3676 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:09:31.0500 3676 RasPppoe - ok
13:09:31.0546 3676 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:09:31.0546 3676 Raspti - ok
13:09:31.0593 3676 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:09:31.0593 3676 Rdbss - ok
13:09:31.0625 3676 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:09:31.0625 3676 RDPCDD - ok
13:09:31.0671 3676 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:09:31.0671 3676 rdpdr - ok
13:09:31.0765 3676 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:09:31.0828 3676 RDPWD - ok
13:09:31.0875 3676 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:09:31.0875 3676 RDSessMgr - ok
13:09:31.0937 3676 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:09:31.0937 3676 redbook - ok
13:09:32.0015 3676 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:09:32.0015 3676 RemoteAccess - ok
13:09:32.0046 3676 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:09:32.0046 3676 RpcLocator - ok
13:09:32.0109 3676 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:09:32.0109 3676 RpcSs - ok
13:09:32.0156 3676 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:09:32.0156 3676 RSVP - ok
13:09:32.0187 3676 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:09:32.0187 3676 SamSs - ok
13:09:32.0218 3676 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:09:32.0218 3676 SCardSvr - ok
13:09:32.0281 3676 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:09:32.0281 3676 Schedule - ok
13:09:32.0296 3676 SDDMI2 - ok
13:09:32.0343 3676 [ 72DFFA33F8ED1C847075EEE2C1E790EE ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:09:32.0343 3676 Secdrv - ok
13:09:32.0406 3676 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:09:32.0406 3676 seclogon - ok
13:09:32.0484 3676 [ 9A4C4A4B191200F12085D188BE70E4E3 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
13:09:32.0484 3676 senfilt - ok
13:09:32.0531 3676 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:09:32.0531 3676 SENS - ok
13:09:32.0578 3676 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:09:32.0578 3676 serenum - ok
13:09:32.0625 3676 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:09:32.0625 3676 Serial - ok
13:09:32.0703 3676 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:09:32.0703 3676 Sfloppy - ok
13:09:32.0750 3676 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:09:32.0750 3676 SharedAccess - ok
13:09:32.0796 3676 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:09:32.0796 3676 ShellHWDetection - ok
13:09:32.0812 3676 Simbad - ok
13:09:32.0859 3676 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:09:32.0859 3676 sisagp - ok
13:09:32.0906 3676 [ 479533BACC58B1EDF916855BCD139556 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
13:09:32.0921 3676 smwdm - ok
13:09:32.0968 3676 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:09:32.0968 3676 Sparrow - ok
13:09:33.0000 3676 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:09:33.0000 3676 splitter - ok
13:09:33.0046 3676 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:09:33.0046 3676 Spooler - ok
13:09:33.0062 3676 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:09:33.0062 3676 sr - ok
13:09:33.0109 3676 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:09:33.0125 3676 srservice - ok
13:09:33.0218 3676 [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP C:\WINDOWS\System32\Drivers\N360\1402000.013\SRTSP.SYS
13:09:33.0218 3676 SRTSP - ok
13:09:33.0250 3676 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\WINDOWS\system32\drivers\N360\1402000.013\SRTSPX.SYS
13:09:33.0265 3676 SRTSPX - ok
13:09:33.0312 3676 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:09:33.0312 3676 Srv - ok
13:09:33.0359 3676 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:09:33.0359 3676 SSDPSRV - ok
13:09:33.0437 3676 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:09:33.0437 3676 stisvc - ok
13:09:33.0453 3676 suxde - ok
13:09:33.0500 3676 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:09:33.0500 3676 swenum - ok
13:09:33.0531 3676 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:09:33.0531 3676 swmidi - ok
13:09:33.0546 3676 SwPrv - ok
13:09:33.0609 3676 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
13:09:33.0609 3676 symc810 - ok
13:09:33.0625 3676 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:09:33.0625 3676 symc8xx - ok
13:09:33.0671 3676 [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS C:\WINDOWS\system32\drivers\N360\1402000.013\SYMDS.SYS
13:09:33.0687 3676 SymDS - ok
13:09:33.0765 3676 [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA C:\WINDOWS\system32\drivers\N360\1402000.013\SYMEFA.SYS
13:09:33.0765 3676 SymEFA - ok
13:09:33.0812 3676 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:09:33.0812 3676 SymEvent - ok
13:09:33.0875 3676 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\WINDOWS\system32\drivers\N360\1402000.013\Ironx86.SYS
13:09:33.0890 3676 SymIRON - ok
13:09:33.0984 3676 [ EC979002EBA25C9D109B2FE0E03457DA ] SYMTDI C:\WINDOWS\System32\Drivers\N360\1402000.013\SYMTDI.SYS
13:09:33.0984 3676 SYMTDI - ok
13:09:34.0031 3676 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:09:34.0031 3676 sym_hi - ok
13:09:34.0062 3676 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:09:34.0062 3676 sym_u3 - ok
13:09:34.0093 3676 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:09:34.0093 3676 sysaudio - ok
13:09:34.0125 3676 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:09:34.0125 3676 SysmonLog - ok
13:09:34.0171 3676 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:09:34.0187 3676 TapiSrv - ok
13:09:34.0234 3676 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:09:34.0234 3676 Tcpip - ok
13:09:34.0281 3676 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:09:34.0296 3676 TDPIPE - ok
13:09:34.0312 3676 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:09:34.0312 3676 TDTCP - ok
13:09:34.0343 3676 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:09:34.0343 3676 TermDD - ok
13:09:34.0421 3676 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:09:34.0421 3676 TermService - ok
13:09:34.0468 3676 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:09:34.0484 3676 Themes - ok
13:09:34.0546 3676 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
13:09:34.0546 3676 TosIde - ok
13:09:34.0593 3676 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:09:34.0593 3676 TrkWks - ok
13:09:34.0625 3676 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:09:34.0625 3676 Udfs - ok
13:09:34.0640 3676 uilxo - ok
13:09:34.0687 3676 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
13:09:34.0687 3676 ultra - ok
13:09:34.0750 3676 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:09:34.0750 3676 Update - ok
13:09:34.0796 3676 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:09:34.0796 3676 upnphost - ok
13:09:34.0843 3676 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:09:34.0843 3676 UPS - ok
13:09:34.0890 3676 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:09:34.0890 3676 USBAAPL - ok
13:09:34.0937 3676 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:09:34.0937 3676 usbccgp - ok
13:09:34.0968 3676 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:09:34.0968 3676 usbehci - ok
13:09:35.0000 3676 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:09:35.0000 3676 usbhub - ok
13:09:35.0062 3676 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:09:35.0062 3676 usbprint - ok
13:09:35.0093 3676 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:09:35.0093 3676 usbscan - ok
13:09:35.0109 3676 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:09:35.0109 3676 USBSTOR - ok
13:09:35.0125 3676 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:09:35.0125 3676 usbuhci - ok
13:09:35.0171 3676 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:09:35.0171 3676 VgaSave - ok
13:09:35.0187 3676 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:09:35.0187 3676 viaagp - ok
13:09:35.0203 3676 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
13:09:35.0203 3676 ViaIde - ok
13:09:35.0218 3676 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:09:35.0218 3676 VolSnap - ok
13:09:35.0250 3676 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:09:35.0265 3676 VSS - ok
13:09:35.0296 3676 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
13:09:35.0296 3676 w32time - ok
13:09:35.0312 3676 w800mdm - ok
13:09:35.0359 3676 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:09:35.0359 3676 Wanarp - ok
13:09:35.0421 3676 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
13:09:35.0421 3676 wanatw - ok
13:09:35.0468 3676 [ EB9A99AB5D17B1727034FF191E6448D7 ] WANMiniportService C:\WINDOWS\wanmpsvc.exe
13:09:35.0500 3676 WANMiniportService - ok
13:09:35.0515 3676 WDICA - ok
13:09:35.0562 3676 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:09:35.0562 3676 wdmaud - ok
13:09:35.0625 3676 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:09:35.0625 3676 WebClient - ok
13:09:35.0703 3676 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:09:35.0703 3676 winmgmt - ok
13:09:35.0812 3676 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:09:35.0812 3676 WmdmPmSN - ok
13:09:35.0875 3676 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:09:35.0875 3676 WmiApSrv - ok
13:09:35.0984 3676 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:09:36.0000 3676 WMPNetworkSvc - ok
13:09:36.0031 3676 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:09:36.0031 3676 WpdUsb - ok
13:09:36.0093 3676 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:09:36.0093 3676 WS2IFSL - ok
13:09:36.0140 3676 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:09:36.0140 3676 wscsvc - ok
13:09:36.0171 3676 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:09:36.0171 3676 wuauserv - ok
13:09:36.0234 36

#8 Claudiams

Claudiams

    Member

  • Full Member
  • Pip
  • 82 posts

Posted 27 December 2012 - 04:17 PM

Continued from posting before
:09:36.0234 3676 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:09:36.0234 3676 WudfPf - ok
13:09:36.0265 3676 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:09:36.0265 3676 WudfSvc - ok
13:09:36.0359 3676 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:09:36.0359 3676 WZCSVC - ok
13:09:36.0484 3676 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:09:36.0500 3676 xmlprov - ok
13:09:36.0500 3676 ================ Scan global ===============================
13:09:36.0546 3676 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:09:36.0640 3676 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:09:36.0703 3676 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:09:36.0734 3676 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:09:36.0734 3676 [Global] - ok
13:09:36.0734 3676 ================ Scan MBR ==================================
13:09:36.0765 3676 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
13:09:36.0953 3676 \Device\Harddisk0\DR0 - ok
13:09:36.0953 3676 ================ Scan VBR ==================================
13:09:36.0968 3676 [ 9B62D8BC823461800AB1935852DA88BD ] \Device\Harddisk0\DR0\Partition1
13:09:36.0968 3676 \Device\Harddisk0\DR0\Partition1 - ok
13:09:36.0968 3676 ============================================================
13:09:36.0968 3676 Scan finished
13:09:36.0968 3676 ============================================================
13:09:36.0984 3232 Detected object count: 0
13:09:36.0984 3232 Actual detected object count: 0
13:09:53.0671 3096 Deinitialize success

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 13:13:06
# Updated 25/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Claudia - STILL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Claudia\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\49CF605F02C7954F4E139D18828DE298CD59217C
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-3903870554-2417901499-2833347041-1007\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

#9 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 28 December 2012 - 07:29 AM

Hi again,

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

Driver::
evieqw
idujqe
suxde
uilxo


Save this as CFScript

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#10 Claudiams

Claudiams

    Member

  • Full Member
  • Pip
  • 82 posts

Posted 29 December 2012 - 05:56 PM

ComboFix 12-12-29.02 - Claudia 12/29/2012 16:12:11.12.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1435 [GMT -5:00]
Running from: c:\documents and settings\Claudia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Claudia\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_evieqw
-------\Service_idujqe
-------\Service_suxde
-------\Service_uilxo
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-04 11:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 14:51 . 2012-05-02 22:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 14:51 . 2011-06-23 18:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2004-08-04 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 13:18 . 2011-10-13 20:12 4522 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-11-02 02:02 . 2004-08-04 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-13 00:35 . 2012-01-30 05:25 72104 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-09 01:00 . 2012-10-27 16:31 586400 ----a-w- c:\windows\system32\drivers\N360\1402000.013\srtsp.sys
2012-10-08 11:29 . 2012-05-03 21:02 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-08 10:06 . 2012-10-08 10:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 10:06 . 2012-09-24 23:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-08 10:06 . 2012-09-24 23:21 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-08 10:06 . 2010-12-19 20:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-04 01:40 . 2012-10-27 16:31 927904 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symefa.sys
2012-10-04 01:40 . 2012-10-27 16:31 368288 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symds.sys
2012-10-04 01:19 . 2012-10-27 16:31 134304 ----a-w- c:\windows\system32\drivers\N360\1402000.013\ccsetx86.sys
2012-10-02 18:04 . 2004-08-04 11:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-12 13:45 . 2012-12-12 13:45 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Claudia^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]
path=c:\documents and settings\Claudia\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
backup=c:\windows\pss\PandaUSBVaccine.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 09:20 122940 ----a-w- c:\windows\SYSTEM32\dla\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 03:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-17 17:03 135168 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-08-23 21:17 211296 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
2010-03-16 13:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-10 03:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 13:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"MBackMonitor"=3 (0x3)
"MPS9"=2 (0x2)
"McRedirector"=2 (0x2)
"mcpromgr"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1105010324\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symds.sys [10/27/2012 11:31 AM 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symefa.sys [10/27/2012 11:31 AM 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 6:34 PM 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ccsetx86.sys [10/27/2012 11:31 AM 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ironx86.sys [10/27/2012 11:31 AM 175264]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccsvchst.exe [10/27/2012 11:31 AM 143928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/8/2012 6:30 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121228.001\IDSXpx86.sys [12/29/2012 3:25 PM 373728]
S2 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe -k NECUsb3s [8/4/2004 6:00 AM 14336]
S2 Wmipsd;Wmipsd;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms --> c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mpfservice
sagefserver
AVCamUSB20
usbcm
tvicport
LPCFilter
iwebmsg
hibernation
trioservice
s117mdm
hsf_dpv
ZDPNDIS5
bwsvc
ssm_mdfl
acrsch2svc
AsIO
winvnc4
NAL
richvideo
M2500
acnusvc
IPSECSHM
w800mdm
Wmipsd
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 14:51]
.
2012-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-12-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Claudia\Application Data\Mozilla\Firefox\Profiles\8yi6q0be.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-29 17:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
@DACL=(02 0000)
"DLLName"="c:\\Program Files\\Citrix\\GoToAssist\\514\\G2AWinLogon.dll"
"Logoff"="G2ALogoff"
"Asynchronous"=dword:00000000
"Logon"="G2ALogon"
"Startup"="G2AStartup"
"Impersonate"=dword:00000000
"Shutdown"="G2AShutdown"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\wanmpsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2012-12-29 17:31:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-29 22:31
ComboFix2.txt 2012-12-26 14:23
ComboFix3.txt 2012-12-12 20:07
ComboFix4.txt 2012-05-30 10:44
ComboFix5.txt 2012-12-29 18:58
.
Pre-Run: 12,940,673,024 bytes free
Post-Run: 12,954,619,904 bytes free
.
- - End Of File - - 8085529934CFAB093918F31821C318E7

It said detected rootkit activity again. What is rootkit activity?
Thanks,
Claudia

#11 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 30 December 2012 - 10:51 AM

Hi again,

A rootkit is a kind of hidden malware:
https://en.wikipedia.org/wiki/Rootkit
First:
Create a restore point:

http://support.microsoft.com/kb/948247
Next:
Go here:
http://www.bleepingc...es-anti-rootkit

and familiarise yourself with how to use Malwarebytes Anti-Rootkit, then download and run the tool, and remove anything it finds.

Let me know how it goes.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#12 Claudiams

Claudiams

    Member

  • Full Member
  • Pip
  • 82 posts

Posted 31 December 2012 - 06:54 PM

Happy New Year!

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.31.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Claudia :: STILL [administrator]

12/31/2012 2:37:52 PM
mbar-log-2012-12-31 (14-37-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27245
Time elapsed: 30 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\WINDOWS\$NtUninstallKB25136$\2610362790\L (Backdoor.0Access) -> Delete on reboot.
C:\WINDOWS\$NtUninstallKB25136$\2610362790\U (Backdoor.0Access) -> Delete on reboot.
C:\WINDOWS\$NtUninstallKB25136$\2610362790 (Backdoor.0Access) -> Delete on reboot.

Files Detected: 1
C:\WINDOWS\$NtUninstallKB25136$\2610362790\L\odetmngk (Backdoor.0Access) -> Delete on reboot.

(end)


Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2145370112, free: 1370021888

------------ Kernel report ------------
12/31/2012 14:06:02
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
cmdide.sys
toside.sys
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
SYMDS.SYS
sr.sys
SYMEFA.SYS
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisagp.sys
viaagp.sys
Mup.sys
agp440.sys
alim1541.sys
amdagp.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\IntelC53.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\IntelC51.sys
\SystemRoot\system32\DRIVERS\IntelC52.sys
\SystemRoot\system32\DRIVERS\mohfilt.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\drivers\N360\1402000.013\ccSetx86.sys
\SystemRoot\System32\Drivers\N360\1402000.013\SRTSP.SYS
\SystemRoot\system32\drivers\N360\1402000.013\SRTSPX.SYS
\SystemRoot\system32\drivers\N360\1402000.013\Ironx86.SYS
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121230.018\NAVEX15.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121230.018\NAVENG.SYS
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\N360\1402000.013\SYMTDI.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121230.001\IDSxpx86.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\SYSTEM32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a6d4ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a6ccd98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.31.07
Downloaded database version: v2012.12.27.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a6d4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6d3020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6d4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6ccd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe7024da0, 0xffffffff8a6d4ab8, 0xffffffff88d97ab8
Lower DeviceData: 0xffffffffe173a8d8, 0xffffffff8a6ccd98, 0xffffffff88dd7250
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0F4738C

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 149115330
Partition file system is NTFS
Partition is bootable

Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 149211720 Numsec = 7020405

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
Done!
Performing system, memory and registry scan...
Infected: C:\WINDOWS\$NtUninstallKB25136$\2610362790\L\odetmngk --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB25136$\2610362790\L --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB25136$\2610362790\U --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB25136$\2610362790 --> [Backdoor.0Access]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2145370112, free: 1659609088

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2145370112, free: 1634988032

------------ Kernel report ------------
12/31/2012 15:32:46
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
cmdide.sys
toside.sys
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
SYMDS.SYS
sr.sys
SYMEFA.SYS
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisagp.sys
viaagp.sys
Mup.sys
agp440.sys
alim1541.sys
amdagp.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\IntelC53.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\IntelC51.sys
\SystemRoot\system32\DRIVERS\IntelC52.sys
\SystemRoot\system32\DRIVERS\mohfilt.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\drivers\N360\1402000.013\ccSetx86.sys
\SystemRoot\System32\Drivers\N360\1402000.013\SRTSP.SYS
\SystemRoot\system32\drivers\N360\1402000.013\SRTSPX.SYS
\SystemRoot\system32\drivers\N360\1402000.013\Ironx86.SYS
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121231.004\NAVEX15.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121231.004\NAVENG.SYS
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\N360\1402000.013\SYMTDI.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121230.001\IDSxpx86.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\SYSTEM32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a6e6ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a6ded98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.31.08
Downloaded database version: v2012.12.31.09
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a6e6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6e5020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6e6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6ded98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe71b4c08, 0xffffffff8a6e6ab8, 0xffffffff8927e040
Lower DeviceData: 0xffffffffe2078e88, 0xffffffff8a6ded98, 0xffffffff89042c90
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0F4738C

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 149115330
Partition file system is NTFS
Partition is bootable

Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 149211720 Numsec = 7020405

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


What a big difference how my comuter is working. The rootkits can really cause problems. Thanks!
Claudia

#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 01 January 2013 - 05:26 AM

Hi again,

Good, that worked well, one more scan to pick up any remnants:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Next:
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Happy new year to you too. :)

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#14 Claudiams

Claudiams

    Member

  • Full Member
  • Pip
  • 82 posts

Posted 09 January 2013 - 06:28 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=11774472507abf45984642b3336fcc07
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-09 03:06:14
# local_time=2013-01-08 10:06:14 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3073 16777214 0 5 20686907 20686907 0 0
# compatibility_mode=3592 16777213 100 94 0 108276870 0 0
# scanned=110955
# found=4
# cleaned=4
# scan_time=7507
C:\Documents and Settings\Claudia\Local Settings\Application Data\{345EA117-8745-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 28038EC86E4CD605FFC08CFD20C380C3AD27D44B C
C:\Documents and Settings\Claudia\My Documents\Downloaded Program Updates\tp\tools\unlocker1.8.7.exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 9C7EC8EB5D7CA43214E25369CBFE1A35E25245FA C
C:\TDSSKiller_Quarantine\27.04.2012_04.47.51\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 832F25E09A9E3342DBCA708341FE83809FEBCAB6 C
C:\TDSSKiller_Quarantine\27.04.2012_04.47.51\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 7A7C8F317675A358F04775E48FC36E045A4BE471 C
 

I was unable to run the adwclearner. The icon disappeared after clicking on it and I tried to download again but it didn't give me that option. Finally it ran but it was saved under [R2] and not the [S1] you listed.

Claudia



#15 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 10 January 2013 - 02:47 PM

Hi again,

 

It's all looking good. How is the PC running now?

 

jedi


jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#16 Claudiams

Claudiams

    Member

  • Full Member
  • Pip
  • 82 posts

Posted 16 January 2013 - 06:02 PM

What a big difference! IE now opens and no more freezing and not responding. 

Thank you so much,

Claudia



#17 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 19 January 2013 - 03:49 AM

You're very welcome.

 

Just a little housekeeping, then we're done.

 

Do Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files and Security Check folder from your Desktop, and TDSSKiller and AdwCleaner.

 

Here are some security suggestions:

 

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.


As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.


Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.


Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

jedi :)


jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#18 Claudiams

Claudiams

    Member

  • Full Member
  • Pip
  • 82 posts

Posted 22 January 2013 - 05:00 PM

Thanks again for all your help.

 

Claudia


Edited by Claudiams, 22 January 2013 - 05:01 PM.


#19 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 24 January 2013 - 07:30 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button