• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Claudiams

Not responding

19 posts in this topic

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Database version: v2012.12.10.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Claudia :: STILL [administrator]

 

12/10/2012 8:47:03 AM

mbam-log-2012-12-10 (08-47-03).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 270152

Time elapsed: 9 minute(s), 29 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2

Run by Claudia at 12:22:21 on 2012-12-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.909 [GMT -5:00]

.

AV: Norton 360 Premier Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 Premier Edition *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com/

dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\20.2.0.19\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\20.2.0.19\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\20.2.0.19\coieplg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{C6B47D3E-13E4-4EE2-98E9-FF1A7FD6B5DD} : DHCPNameServer = 192.168.1.1

Notify: GoToAssist - <no file>

Notify: WgaLogon - <no file>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\claudia\application data\mozilla\firefox\profiles\8yi6q0be.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(2).dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npplg80n.dll

FF - plugin: c:\windows\system32\npptools.dll

.

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402000.013\symds.sys [2012-10-27 368288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402000.013\symefa.sys [2012-10-27 927904]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys [2012-10-27 134304]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402000.013\ironx86.sys [2012-10-27 175264]

R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\20.2.0.19\ccsvchst.exe [2012-10-27 143928]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-8 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\ipsdefs\20121130.001\IDSXpx86.sys [2012-12-1 373728]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-10 40776]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\virusdefs\20121209.006\NAVENG.SYS [2012-12-9 92704]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\virusdefs\20121209.006\NAVEX15.SYS [2012-12-9 1601184]

S0 evieqw;evieqw;c:\windows\system32\drivers\phhxsfc.sys --> c:\windows\system32\drivers\phhxsfc.sys [?]

S0 idujqe;idujqe;c:\windows\system32\drivers\tghdmxjc.sys --> c:\windows\system32\drivers\tghdmxjc.sys [?]

S0 suxde;suxde;c:\windows\system32\drivers\odjsrkc.sys --> c:\windows\system32\drivers\odjsrkc.sys [?]

S0 uilxo;uilxo;c:\windows\system32\drivers\wwnq.sys --> c:\windows\system32\drivers\wwnq.sys [?]

S2 NEC Usb3;NEC USB3 Service;c:\windows\system32\svchost.exe -k NECUsb3s [2004-8-4 14336]

S2 Wmipsd;Wmipsd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\dellsu~2\hwdiag\bin\pcd5srvc.pkms --> c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [?]

.

=============== Created Last 30 ================

.

2012-12-10 13:46:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-12-10 12:54:04 175 ----a-w- C:\jre-7u9-windows-i586-iftw.exe

.

==================== Find3M ====================

.

2012-11-07 13:18:28 4522 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-13 00:35:52 72104 ----a-w- c:\windows\CouponPrinter.ocx

2012-10-09 19:51:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 19:51:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 01:00:02 586400 ----a-w- c:\windows\system32\drivers\n360\1402000.013\srtsp.sys

2012-10-08 11:29:42 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-10-08 10:06:54 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-08 10:06:50 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-08 10:06:50 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-08 10:06:50 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-04 01:40:35 927904 ----a-w- c:\windows\system32\drivers\n360\1402000.013\symefa.sys

2012-10-04 01:40:20 368288 ----a-w- c:\windows\system32\drivers\n360\1402000.013\symds.sys

2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 12:23:52.43 ===============Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Norton 360

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

CCleaner

Java 7 Update 7

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 16.0.1 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 6%

````````````````````End of Log``````````````````````

 

Hello,

My computer is constantly freezing or saids not responding. Occasionally I am redirected to advertisements such as educational or housing websites. I usually use firefox and I can sometimes access IE.

Thanks for any help.

Share this post


Link to post
Share on other sites

Hi,

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

 

http://www.bleepingc...to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

 

Please go here to see a list of programs that need to be disabled.

 

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

 

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

 

Please include the C:\ComboFix.txt in your next reply for further review.

 

jedi

Share this post


Link to post
Share on other sites

ComboFix 12-12-10.01 - Claudia 12/12/2012 14:48:54.10.1 - x86

Running from: c:\documents and settings\Claudia\Desktop\ComboFix.exe

AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

C:\jre-7u9-windows-i586-iftw.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-12 to 2012-12-12 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 14:51 . 2012-05-02 22:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 14:51 . 2011-06-23 18:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-07 13:18 . 2011-10-13 20:12 4522 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-10-22 08:37 . 2004-08-04 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-13 00:35 . 2012-01-30 05:25 72104 ----a-w- c:\windows\CouponPrinter.ocx

2012-10-09 01:00 . 2012-10-27 16:31 586400 ----a-w- c:\windows\system32\drivers\N360\1402000.013\srtsp.sys

2012-10-08 11:29 . 2012-05-03 21:02 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-10-08 10:06 . 2012-10-08 10:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-08 10:06 . 2012-09-24 23:21 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-08 10:06 . 2012-09-24 23:21 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-08 10:06 . 2010-12-19 20:00 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-04 01:40 . 2012-10-27 16:31 927904 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symefa.sys

2012-10-04 01:40 . 2012-10-27 16:31 368288 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symds.sys

2012-10-04 01:19 . 2012-10-27 16:31 134304 ----a-w- c:\windows\system32\drivers\N360\1402000.013\ccsetx86.sys

2012-10-02 18:04 . 2004-08-04 11:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-30 00:54 . 2011-04-26 22:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 13:45 . 2012-12-12 13:45 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

.

[HKLM\~\startupfolder\C:^Documents and Settings^Claudia^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]

path=c:\documents and settings\Claudia\Start Menu\Programs\Startup\PandaUSBVaccine.lnk

backup=c:\windows\pss\PandaUSBVaccine.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

2005-11-07 09:20 122940 ----a-w- c:\windows\SYSTEM32\dla\DLACTRLW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2008-07-10 03:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2006-01-17 17:03 135168 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2011-08-23 21:17 211296 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]

2010-03-16 13:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2008-07-10 03:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2007-08-31 13:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MSK80Service"=2 (0x2)

"McSysmon"=3 (0x3)

"McShield"=2 (0x2)

"McProxy"=2 (0x2)

"McODS"=3 (0x3)

"McNASvc"=2 (0x2)

"mcmscsvc"=2 (0x2)

"McAfee SiteAdvisor Service"=2 (0x2)

"MBackMonitor"=3 (0x3)

"MPS9"=2 (0x2)

"McRedirector"=2 (0x2)

"mcpromgr"=2 (0x2)

"mcmispupdmgr"=2 (0x2)

"McAfee HackerWatch Service"=2 (0x2)

"Emproxy"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1105010324\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symds.sys [10/27/2012 11:31 AM 368288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symefa.sys [10/27/2012 11:31 AM 927904]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 6:34 PM 995488]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ccsetx86.sys [10/27/2012 11:31 AM 134304]

R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ironx86.sys [10/27/2012 11:31 AM 175264]

R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccsvchst.exe [10/27/2012 11:31 AM 143928]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/8/2012 6:30 AM 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121211.001\IDSXpx86.sys [12/12/2012 8:47 AM 373728]

S0 evieqw;evieqw;c:\windows\system32\drivers\phhxsfc.sys --> c:\windows\system32\drivers\phhxsfc.sys [?]

S0 idujqe;idujqe;c:\windows\system32\drivers\tghdmxjc.sys --> c:\windows\system32\drivers\tghdmxjc.sys [?]

S0 suxde;suxde;c:\windows\system32\drivers\odjsrkc.sys --> c:\windows\system32\drivers\odjsrkc.sys [?]

S0 uilxo;uilxo;c:\windows\system32\drivers\wwnq.sys --> c:\windows\system32\drivers\wwnq.sys [?]

S2 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe -k NECUsb3s [8/4/2004 6:00 AM 14336]

S2 Wmipsd;Wmipsd;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]

S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms --> c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NECUsb3s REG_MULTI_SZ NEC Usb3

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

mpfservice

sagefserver

AVCamUSB20

usbcm

tvicport

LPCFilter

iwebmsg

hibernation

trioservice

s117mdm

hsf_dpv

ZDPNDIS5

bwsvc

ssm_mdfl

acrsch2svc

AsIO

winvnc4

NAL

richvideo

M2500

acnusvc

IPSECSHM

w800mdm

Wmipsd

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 14:51]

.

2012-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-12-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\Claudia\Application Data\Mozilla\Firefox\Profiles\8yi6q0be.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-12 15:03

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]

"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]

@DACL=(02 0000)

"DLLName"="c:\\Program Files\\Citrix\\GoToAssist\\514\\G2AWinLogon.dll"

"Logoff"="G2ALogoff"

"Asynchronous"=dword:00000000

"Logon"="G2ALogon"

"Startup"="G2AStartup"

"Impersonate"=dword:00000000

"Shutdown"="G2AShutdown"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

@DACL=(02 0000)

"HelpAssistant"=dword:00000000

"TsInternetUser"=dword:00000000

"SQLAgentCmdExec"=dword:00000000

"NetShowServices"=dword:00000000

"IWAM_"=dword:00010000

"IUSR_"=dword:00010000

"VUSR_"=dword:00010000

"ASPNET"=dword:00000000

.

Completion time: 2012-12-12 15:07:31

ComboFix-quarantined-files.txt 2012-12-12 20:07

ComboFix2.txt 2012-05-30 10:44

ComboFix3.txt 2012-05-28 14:07

ComboFix4.txt 2012-05-28 10:50

.

Pre-Run: 12,544,831,488 bytes free

Post-Run: 12,589,690,880 bytes free

.

- - End Of File - - 4420D5758B583BAA40C11BA55C2AF6F6

Share this post


Link to post
Share on other sites

Hi again,

 

I notice that you may have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with fixes. So please check and disable TeaTimer if necessary by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

5) Restart your computer.

You can reenable TeaTimer once your system is clean.

 

Next:

 

Go here:

 

http://www.virustotal.com/

 

and follow the instructions to upload and scan these files:

 

c:\windows\system32\drivers\phhxsfc.sys

c:\windows\system32\drivers\tghdmxjc.sys

c:\windows\system32\drivers\odjsrkc.sys

c:\windows\system32\drivers\wwnq.sys

 

Please post the reports here.

 

jedi

Share this post


Link to post
Share on other sites

I did a search and looked in my control panel for Spybot, I didn't find anything similiar with that name. I tried to load the files but nothing also showed under those names after the last slash bar. I also tried under the url names and nothing also showed.

Files could not be found. Could it be malware?

Claudia

Share this post


Link to post
Share on other sites

Hi again,

 

Yes I believe those files are malware.

 

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

 

File::

c:\windows\system32\drivers\phhxsfc.sys

c:\windows\system32\drivers\tghdmxjc.sys

c:\windows\system32\drivers\odjsrkc.sys

c:\windows\system32\drivers\wwnq.sys

Driver::

phhxsfc

tghdmxjc

odjsrkc

wwnq

 

Save this as CFScript

 

CFScriptB-4.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

 

Next:

 

Please download TDSSKiller.exe to your Desktop

 

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Next:

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

You may need two posts to fit all the logs in, please check you have posted them completely.

 

jedi

Share this post


Link to post
Share on other sites

ComboFix 12-12-25.02 - Claudia 12/26/2012 9:05.11.1 - x86

Running from: c:\documents and settings\Claudia\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Claudia\Desktop\CFScript.txt

.

FILE ::

"c:\windows\system32\drivers\odjsrkc.sys"

"c:\windows\system32\drivers\phhxsfc.sys"

"c:\windows\system32\drivers\tghdmxjc.sys"

"c:\windows\system32\drivers\wwnq.sys"

.

.

((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 14:51 . 2012-05-02 22:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 14:51 . 2011-06-23 18:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-13 01:25 . 2004-08-04 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-07 13:18 . 2011-10-13 20:12 4522 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-11-06 00:41 . 2004-08-04 11:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-02 02:02 . 2004-08-04 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec

2012-10-13 00:35 . 2012-01-30 05:25 72104 ----a-w- c:\windows\CouponPrinter.ocx

2012-10-09 01:00 . 2012-10-27 16:31 586400 ----a-w- c:\windows\system32\drivers\N360\1402000.013\srtsp.sys

2012-10-08 11:29 . 2012-05-03 21:02 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-10-08 10:06 . 2012-10-08 10:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-08 10:06 . 2012-09-24 23:21 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-08 10:06 . 2012-09-24 23:21 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-08 10:06 . 2010-12-19 20:00 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-04 01:40 . 2012-10-27 16:31 927904 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symefa.sys

2012-10-04 01:40 . 2012-10-27 16:31 368288 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symds.sys

2012-10-04 01:19 . 2012-10-27 16:31 134304 ----a-w- c:\windows\system32\drivers\N360\1402000.013\ccsetx86.sys

2012-10-02 18:04 . 2004-08-04 11:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-30 00:54 . 2011-04-26 22:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 13:45 . 2012-12-12 13:45 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

.

[HKLM\~\startupfolder\C:^Documents and Settings^Claudia^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]

path=c:\documents and settings\Claudia\Start Menu\Programs\Startup\PandaUSBVaccine.lnk

backup=c:\windows\pss\PandaUSBVaccine.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

2005-11-07 09:20 122940 ----a-w- c:\windows\SYSTEM32\dla\DLACTRLW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2008-07-10 03:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2006-01-17 17:03 135168 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2011-08-23 21:17 211296 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]

2010-03-16 13:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2008-07-10 03:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2007-08-31 13:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MSK80Service"=2 (0x2)

"McSysmon"=3 (0x3)

"McShield"=2 (0x2)

"McProxy"=2 (0x2)

"McODS"=3 (0x3)

"McNASvc"=2 (0x2)

"mcmscsvc"=2 (0x2)

"McAfee SiteAdvisor Service"=2 (0x2)

"MBackMonitor"=3 (0x3)

"MPS9"=2 (0x2)

"McRedirector"=2 (0x2)

"mcpromgr"=2 (0x2)

"mcmispupdmgr"=2 (0x2)

"McAfee HackerWatch Service"=2 (0x2)

"Emproxy"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1105010324\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symds.sys [10/27/2012 11:31 AM 368288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symefa.sys [10/27/2012 11:31 AM 927904]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 6:34 PM 995488]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ccsetx86.sys [10/27/2012 11:31 AM 134304]

R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ironx86.sys [10/27/2012 11:31 AM 175264]

R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccsvchst.exe [10/27/2012 11:31 AM 143928]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/8/2012 6:30 AM 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121219.001\IDSXpx86.sys [12/20/2012 12:12 PM 373728]

S0 evieqw;evieqw;c:\windows\system32\drivers\phhxsfc.sys --> c:\windows\system32\drivers\phhxsfc.sys [?]

S0 idujqe;idujqe;c:\windows\system32\drivers\tghdmxjc.sys --> c:\windows\system32\drivers\tghdmxjc.sys [?]

S0 suxde;suxde;c:\windows\system32\drivers\odjsrkc.sys --> c:\windows\system32\drivers\odjsrkc.sys [?]

S0 uilxo;uilxo;c:\windows\system32\drivers\wwnq.sys --> c:\windows\system32\drivers\wwnq.sys [?]

S2 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe -k NECUsb3s [8/4/2004 6:00 AM 14336]

S2 Wmipsd;Wmipsd;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]

S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms --> c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NECUsb3s REG_MULTI_SZ NEC Usb3

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

mpfservice

sagefserver

AVCamUSB20

usbcm

tvicport

LPCFilter

iwebmsg

hibernation

trioservice

s117mdm

hsf_dpv

ZDPNDIS5

bwsvc

ssm_mdfl

acrsch2svc

AsIO

winvnc4

NAL

richvideo

M2500

acnusvc

IPSECSHM

w800mdm

Wmipsd

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 14:51]

.

2012-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-12-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\Claudia\Application Data\Mozilla\Firefox\Profiles\8yi6q0be.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-26 09:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]

"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]

@DACL=(02 0000)

"DLLName"="c:\\Program Files\\Citrix\\GoToAssist\\514\\G2AWinLogon.dll"

"Logoff"="G2ALogoff"

"Asynchronous"=dword:00000000

"Logon"="G2ALogon"

"Startup"="G2AStartup"

"Impersonate"=dword:00000000

"Shutdown"="G2AShutdown"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

@DACL=(02 0000)

"HelpAssistant"=dword:00000000

"TsInternetUser"=dword:00000000

"SQLAgentCmdExec"=dword:00000000

"NetShowServices"=dword:00000000

"IWAM_"=dword:00010000

"IUSR_"=dword:00010000

"VUSR_"=dword:00010000

"ASPNET"=dword:00000000

.

Completion time: 2012-12-26 09:23:47

ComboFix-quarantined-files.txt 2012-12-26 14:23

ComboFix2.txt 2012-12-12 20:07

ComboFix3.txt 2012-05-30 10:44

ComboFix4.txt 2012-05-28 14:07

ComboFix5.txt 2012-12-26 13:24

.

Pre-Run: 12,433,301,504 bytes free

Post-Run: 12,266,618,880 bytes free

.

- - End Of File - - 0184212A9500AE891863CA754FBD770F

 

 

13:09:05.0921 3236 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

13:09:06.0781 3236 ============================================================

13:09:06.0781 3236 Current date / time: 2012/12/26 13:09:06.0781

13:09:06.0781 3236 SystemInfo:

13:09:06.0781 3236

13:09:06.0781 3236 OS Version: 5.1.2600 ServicePack: 3.0

13:09:06.0781 3236 Product type: Workstation

13:09:06.0781 3236 ComputerName: STILL

13:09:06.0781 3236 UserName: Claudia

13:09:06.0781 3236 Windows directory: C:\WINDOWS

13:09:06.0781 3236 System windows directory: C:\WINDOWS

13:09:06.0781 3236 Processor architecture: Intel x86

13:09:06.0781 3236 Number of processors: 1

13:09:06.0781 3236 Page size: 0x1000

13:09:06.0781 3236 Boot type: Normal boot

13:09:06.0781 3236 ============================================================

13:09:08.0531 3236 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:09:08.0546 3236 ============================================================

13:09:08.0546 3236 \Device\Harddisk0\DR0:

13:09:08.0546 3236 MBR partitions:

13:09:08.0546 3236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8E351C2

13:09:08.0546 3236 ============================================================

13:09:08.0578 3236 C: <-> \Device\Harddisk0\DR0\Partition1

13:09:08.0578 3236 ============================================================

13:09:08.0578 3236 Initialize success

13:09:08.0578 3236 ============================================================

13:09:18.0390 3676 ============================================================

13:09:18.0390 3676 Scan started

13:09:18.0390 3676 Mode: Manual;

13:09:18.0390 3676 ============================================================

13:09:18.0859 3676 ================ Scan system memory ========================

13:09:18.0859 3676 System memory - ok

13:09:18.0859 3676 ================ Scan services =============================

13:09:19.0000 3676 Abiosdsk - ok

13:09:19.0046 3676 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

13:09:19.0046 3676 abp480n5 - ok

13:09:19.0093 3676 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:09:19.0093 3676 ACPI - ok

13:09:19.0109 3676 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

13:09:19.0109 3676 ACPIEC - ok

13:09:19.0203 3676 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:09:19.0203 3676 AdobeFlashPlayerUpdateSvc - ok

13:09:19.0250 3676 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys

13:09:19.0265 3676 adpu160m - ok

13:09:19.0328 3676 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

13:09:19.0328 3676 aec - ok

13:09:19.0390 3676 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

13:09:19.0390 3676 AFD - ok

13:09:19.0453 3676 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

13:09:19.0453 3676 agp440 - ok

13:09:19.0468 3676 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

13:09:19.0468 3676 agpCPQ - ok

13:09:19.0562 3676 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys

13:09:19.0562 3676 Aha154x - ok

13:09:19.0609 3676 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys

13:09:19.0609 3676 aic78u2 - ok

13:09:19.0671 3676 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys

13:09:19.0671 3676 aic78xx - ok

13:09:19.0765 3676 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

13:09:19.0765 3676 Alerter - ok

13:09:19.0781 3676 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

13:09:19.0796 3676 ALG - ok

13:09:19.0859 3676 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

13:09:19.0859 3676 AliIde - ok

13:09:19.0906 3676 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys

13:09:19.0906 3676 alim1541 - ok

13:09:19.0968 3676 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys

13:09:19.0968 3676 amdagp - ok

13:09:19.0984 3676 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys

13:09:19.0984 3676 amsint - ok

13:09:20.0296 3676 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

13:09:20.0296 3676 AOL ACS - ok

13:09:20.0484 3676 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:09:20.0484 3676 Apple Mobile Device - ok

13:09:20.0531 3676 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys

13:09:20.0546 3676 asc - ok

13:09:20.0562 3676 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys

13:09:20.0562 3676 asc3350p - ok

13:09:20.0578 3676 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys

13:09:20.0578 3676 asc3550 - ok

13:09:20.0734 3676 aspnet_state - ok

13:09:20.0796 3676 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:09:20.0796 3676 AsyncMac - ok

13:09:20.0859 3676 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

13:09:20.0875 3676 atapi - ok

13:09:20.0890 3676 Atdisk - ok

13:09:20.0921 3676 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:09:20.0921 3676 Atmarpc - ok

13:09:20.0968 3676 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

13:09:20.0968 3676 AudioSrv - ok

13:09:21.0015 3676 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

13:09:21.0015 3676 audstub - ok

13:09:21.0062 3676 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

13:09:21.0062 3676 Beep - ok

13:09:21.0296 3676 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys

13:09:21.0312 3676 BHDrvx86 - ok

13:09:21.0359 3676 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

13:09:21.0375 3676 BITS - ok

13:09:21.0468 3676 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

13:09:21.0468 3676 Bonjour Service - ok

13:09:21.0515 3676 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

13:09:21.0515 3676 Browser - ok

13:09:21.0578 3676 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

13:09:21.0578 3676 BrScnUsb - ok

13:09:21.0640 3676 [ 3A9D55D28F61749A4564AFD1D660C050 ] BrSerIf C:\WINDOWS\system32\DRIVERS\BrSerIf.sys

13:09:21.0640 3676 BrSerIf - ok

13:09:21.0656 3676 [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys

13:09:21.0656 3676 BrUsbSer - ok

13:09:21.0703 3676 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

13:09:21.0718 3676 BVRPMPR5 - ok

13:09:21.0734 3676 bvrp_pci - ok

13:09:21.0796 3676 catchme - ok

13:09:21.0828 3676 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

13:09:21.0828 3676 cbidf - ok

13:09:21.0843 3676 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

13:09:21.0843 3676 cbidf2k - ok

13:09:21.0921 3676 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe

13:09:21.0937 3676 CCALib8 - ok

13:09:22.0000 3676 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\1402000.013\ccSetx86.sys

13:09:22.0000 3676 ccSet_N360 - ok

13:09:22.0046 3676 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

13:09:22.0046 3676 cd20xrnt - ok

13:09:22.0062 3676 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

13:09:22.0062 3676 Cdaudio - ok

13:09:22.0093 3676 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

13:09:22.0093 3676 Cdfs - ok

13:09:22.0125 3676 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:09:22.0125 3676 Cdrom - ok

13:09:22.0140 3676 Changer - ok

13:09:22.0187 3676 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

13:09:22.0187 3676 CiSvc - ok

13:09:22.0203 3676 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

13:09:22.0203 3676 ClipSrv - ok

13:09:22.0234 3676 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys

13:09:22.0250 3676 CmdIde - ok

13:09:22.0265 3676 COMSysApp - ok

13:09:22.0281 3676 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys

13:09:22.0281 3676 Cpqarray - ok

13:09:22.0312 3676 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

13:09:22.0312 3676 CryptSvc - ok

13:09:22.0343 3676 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

13:09:22.0343 3676 dac2w2k - ok

13:09:22.0359 3676 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys

13:09:22.0359 3676 dac960nt - ok

13:09:22.0453 3676 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

13:09:22.0468 3676 DcomLaunch - ok

13:09:22.0515 3676 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

13:09:22.0515 3676 Dhcp - ok

13:09:22.0578 3676 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

13:09:22.0578 3676 Disk - ok

13:09:22.0640 3676 [ D8D58A84F3ECE3359DF95FD2E459B330 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS

13:09:22.0640 3676 DLABOIOM - ok

13:09:22.0656 3676 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

13:09:22.0656 3676 DLACDBHM - ok

13:09:22.0687 3676 [ 27C78078BD9C4F2DE2AD3EB04BFE101B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS

13:09:22.0687 3676 DLADResN - ok

13:09:22.0718 3676 [ 7F2D93E560B763EF5D11422D78DA8ED0 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

13:09:22.0718 3676 DLAIFS_M - ok

13:09:22.0750 3676 [ F643637DE6AAC57E38D197AA63D9EA74 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

13:09:22.0750 3676 DLAOPIOM - ok

13:09:22.0796 3676 [ 340705474807F57A46D59D18FC2959F1 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS

13:09:22.0796 3676 DLAPoolM - ok

13:09:22.0828 3676 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

13:09:22.0828 3676 DLARTL_N - ok

13:09:22.0875 3676 [ 6984EA763907C045CE813468882BC587 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

13:09:22.0875 3676 DLAUDFAM - ok

13:09:22.0906 3676 [ 12B30C449CFD36ADBED53EB6560933C6 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

13:09:22.0906 3676 DLAUDF_M - ok

13:09:22.0921 3676 dmadmin - ok

13:09:23.0171 3676 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

13:09:23.0171 3676 dmboot - ok

13:09:23.0203 3676 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

13:09:23.0203 3676 dmio - ok

13:09:23.0265 3676 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

13:09:23.0265 3676 dmload - ok

13:09:23.0312 3676 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

13:09:23.0312 3676 dmserver - ok

13:09:23.0375 3676 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

13:09:23.0375 3676 DMusic - ok

13:09:23.0453 3676 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

13:09:23.0453 3676 Dnscache - ok

13:09:23.0531 3676 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

13:09:23.0531 3676 Dot3svc - ok

13:09:23.0562 3676 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys

13:09:23.0562 3676 dpti2o - ok

13:09:23.0578 3676 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

13:09:23.0593 3676 drmkaud - ok

13:09:23.0640 3676 [ FD0F95981FEF9073659D8EC58E40AA3C ] drvmcdb C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

13:09:23.0640 3676 drvmcdb - ok

13:09:23.0656 3676 [ B4869D320428CDC5EC4D7F5E808E99B5 ] drvnddm C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

13:09:23.0671 3676 drvnddm - ok

13:09:23.0781 3676 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe

13:09:23.0781 3676 DSBrokerService - ok

13:09:23.0875 3676 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

13:09:23.0875 3676 DSproct - ok

13:09:23.0890 3676 dsunidrv - ok

13:09:23.0937 3676 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:09:23.0937 3676 E100B - ok

13:09:24.0000 3676 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

13:09:24.0000 3676 EapHost - ok

13:09:24.0078 3676 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

13:09:24.0093 3676 eeCtrl - ok

13:09:24.0140 3676 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

13:09:24.0140 3676 EraserUtilRebootDrv - ok

13:09:24.0203 3676 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

13:09:24.0203 3676 ERSvc - ok

13:09:24.0250 3676 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

13:09:24.0250 3676 Eventlog - ok

13:09:24.0312 3676 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

13:09:24.0312 3676 EventSystem - ok

13:09:24.0328 3676 evieqw - ok

13:09:24.0390 3676 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

13:09:24.0390 3676 Fastfat - ok

13:09:24.0468 3676 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

13:09:24.0468 3676 FastUserSwitchingCompatibility - ok

13:09:24.0546 3676 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe

13:09:24.0546 3676 Fax - ok

13:09:24.0593 3676 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

13:09:24.0593 3676 Fdc - ok

13:09:24.0640 3676 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

13:09:24.0640 3676 Fips - ok

13:09:24.0656 3676 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:09:24.0656 3676 Flpydisk - ok

13:09:24.0703 3676 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

13:09:24.0703 3676 FltMgr - ok

13:09:24.0734 3676 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:09:24.0734 3676 Fs_Rec - ok

13:09:24.0796 3676 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:09:24.0796 3676 Ftdisk - ok

13:09:24.0843 3676 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

13:09:24.0859 3676 GEARAspiWDM - ok

13:09:24.0906 3676 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:09:24.0906 3676 Gpc - ok

13:09:24.0984 3676 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:09:24.0984 3676 helpsvc - ok

13:09:25.0046 3676 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:09:25.0046 3676 HidUsb - ok

13:09:25.0093 3676 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

13:09:25.0109 3676 hkmsvc - ok

13:09:25.0125 3676 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys

13:09:25.0140 3676 hpn - ok

13:09:25.0171 3676 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

13:09:25.0187 3676 HTTP - ok

13:09:25.0234 3676 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

13:09:25.0234 3676 HTTPFilter - ok

13:09:25.0250 3676 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys

13:09:25.0250 3676 i2omgmt - ok

13:09:25.0296 3676 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys

13:09:25.0296 3676 i2omp - ok

13:09:25.0312 3676 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:09:25.0312 3676 i8042prt - ok

13:09:25.0390 3676 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

13:09:25.0453 3676 ialm - ok

13:09:25.0468 3676 idsvc - ok

13:09:25.0593 3676 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121225.001\IDSxpx86.sys

13:09:25.0593 3676 IDSxpx86 - ok

13:09:25.0609 3676 idujqe - ok

13:09:25.0656 3676 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

13:09:25.0656 3676 Imapi - ok

13:09:25.0703 3676 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

13:09:25.0703 3676 ImapiService - ok

13:09:25.0734 3676 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys

13:09:25.0750 3676 ini910u - ok

13:09:26.0015 3676 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys

13:09:26.0046 3676 IntelC51 - ok

13:09:26.0187 3676 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys

13:09:26.0203 3676 IntelC52 - ok

13:09:26.0250 3676 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys

13:09:26.0250 3676 IntelC53 - ok

13:09:26.0296 3676 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

13:09:26.0296 3676 IntelIde - ok

13:09:26.0343 3676 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:09:26.0343 3676 intelppm - ok

13:09:26.0406 3676 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

13:09:26.0406 3676 Ip6Fw - ok

13:09:26.0437 3676 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:09:26.0437 3676 IpFilterDriver - ok

13:09:26.0531 3676 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:09:26.0531 3676 IpInIp - ok

13:09:26.0578 3676 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:09:26.0578 3676 IpNat - ok

13:09:26.0671 3676 [ F62C69376A95795FE7CDB1C778EDACA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

13:09:26.0687 3676 iPod Service - ok

13:09:26.0734 3676 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:09:26.0734 3676 IPSec - ok

13:09:26.0796 3676 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

13:09:26.0796 3676 IRENUM - ok

13:09:26.0843 3676 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:09:26.0843 3676 isapnp - ok

13:09:26.0875 3676 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:09:26.0875 3676 Kbdclass - ok

13:09:26.0906 3676 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

13:09:26.0906 3676 kmixer - ok

13:09:26.0937 3676 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

13:09:26.0937 3676 KSecDD - ok

13:09:26.0968 3676 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

13:09:26.0984 3676 lanmanserver - ok

13:09:27.0015 3676 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

13:09:27.0031 3676 lanmanworkstation - ok

13:09:27.0046 3676 lbrtfdc - ok

13:09:27.0312 3676 [ B25C71018BDBA3E1E0E64917F7AF50A7 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

13:09:27.0484 3676 LeapFrog Connect Device Service - ok

13:09:27.0531 3676 [ E19C8550B4C6C67FABFFD998EACF440A ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE

13:09:27.0531 3676 LexBceS - ok

13:09:27.0578 3676 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

13:09:27.0578 3676 LmHosts - ok

13:09:27.0609 3676 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

13:09:27.0625 3676 Messenger - ok

13:09:27.0656 3676 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

13:09:27.0656 3676 mnmdd - ok

13:09:27.0718 3676 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

13:09:27.0734 3676 mnmsrvc - ok

13:09:27.0781 3676 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

13:09:27.0781 3676 Modem - ok

13:09:27.0828 3676 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

13:09:27.0843 3676 MODEMCSA - ok

13:09:27.0875 3676 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys

13:09:27.0875 3676 mohfilt - ok

13:09:27.0906 3676 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:09:27.0906 3676 Mouclass - ok

13:09:27.0937 3676 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

13:09:27.0937 3676 MountMgr - ok

13:09:28.0031 3676 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:09:28.0031 3676 MozillaMaintenance - ok

13:09:28.0078 3676 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys

13:09:28.0093 3676 mraid35x - ok

13:09:28.0109 3676 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:09:28.0125 3676 MRxDAV - ok

13:09:28.0156 3676 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:09:28.0171 3676 MRxSmb - ok

13:09:28.0203 3676 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

13:09:28.0218 3676 MSDTC - ok

13:09:28.0250 3676 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

13:09:28.0250 3676 Msfs - ok

13:09:28.0265 3676 MSIServer - ok

13:09:28.0296 3676 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:09:28.0296 3676 MSKSSRV - ok

13:09:28.0328 3676 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:09:28.0328 3676 MSPCLOCK - ok

13:09:28.0375 3676 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

13:09:28.0375 3676 MSPQM - ok

13:09:28.0406 3676 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:09:28.0406 3676 mssmbios - ok

13:09:28.0484 3676 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

13:09:28.0484 3676 Mup - ok

13:09:28.0593 3676 [ 4A9258B9597A31DB68EC9740F3A8A70B ] N360 C:\Program Files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe

13:09:28.0593 3676 N360 - ok

13:09:28.0671 3676 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

13:09:28.0671 3676 napagent - ok

13:09:28.0781 3676 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121225.022\NAVENG.SYS

13:09:28.0781 3676 NAVENG - ok

13:09:28.0875 3676 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121225.022\NAVEX15.SYS

13:09:28.0890 3676 NAVEX15 - ok

13:09:28.0921 3676 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

13:09:28.0921 3676 NDIS - ok

13:09:28.0968 3676 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:09:28.0968 3676 NdisTapi - ok

13:09:29.0015 3676 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:09:29.0015 3676 Ndisuio - ok

13:09:29.0062 3676 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:09:29.0062 3676 NdisWan - ok

13:09:29.0093 3676 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

13:09:29.0093 3676 NDProxy - ok

13:09:29.0109 3676 NEC Usb3 - ok

13:09:29.0140 3676 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

13:09:29.0140 3676 NetBIOS - ok

13:09:29.0156 3676 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

13:09:29.0156 3676 NetBT - ok

13:09:29.0203 3676 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

13:09:29.0203 3676 NetDDE - ok

13:09:29.0218 3676 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

13:09:29.0218 3676 NetDDEdsdm - ok

13:09:29.0265 3676 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

13:09:29.0265 3676 Netlogon - ok

13:09:29.0312 3676 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

13:09:29.0312 3676 Netman - ok

13:09:29.0421 3676 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

13:09:29.0421 3676 NetSvc - ok

13:09:29.0437 3676 NetTcpPortSharing - ok

13:09:29.0484 3676 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

13:09:29.0500 3676 Nla - ok

13:09:29.0546 3676 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

13:09:29.0546 3676 Npfs - ok

13:09:29.0609 3676 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

13:09:29.0609 3676 Ntfs - ok

13:09:29.0656 3676 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

13:09:29.0656 3676 NtLmSsp - ok

13:09:29.0750 3676 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

13:09:29.0750 3676 NtmsSvc - ok

13:09:29.0812 3676 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

13:09:29.0812 3676 Null - ok

13:09:29.0906 3676 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:09:29.0953 3676 nv - ok

13:09:30.0000 3676 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:09:30.0000 3676 NwlnkFlt - ok

13:09:30.0046 3676 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:09:30.0046 3676 NwlnkFwd - ok

13:09:30.0093 3676 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

13:09:30.0093 3676 Parport - ok

13:09:30.0125 3676 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

13:09:30.0125 3676 PartMgr - ok

13:09:30.0171 3676 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

13:09:30.0171 3676 ParVdm - ok

13:09:30.0296 3676 PCD5SRVC{FBEA8B78-1B22F121-05040000} - ok

13:09:30.0343 3676 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

13:09:30.0343 3676 PCI - ok

13:09:30.0359 3676 PCIDump - ok

13:09:30.0406 3676 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

13:09:30.0406 3676 PCIIde - ok

13:09:30.0468 3676 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

13:09:30.0468 3676 Pcmcia - ok

13:09:30.0484 3676 PDCOMP - ok

13:09:30.0500 3676 PDFRAME - ok

13:09:30.0515 3676 PDRELI - ok

13:09:30.0531 3676 PDRFRAME - ok

13:09:30.0562 3676 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys

13:09:30.0562 3676 perc2 - ok

13:09:30.0625 3676 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys

13:09:30.0625 3676 perc2hib - ok

13:09:30.0671 3676 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

13:09:30.0671 3676 PlugPlay - ok

13:09:30.0734 3676 [ 19E83B09AB8EE1D837665DA941E2AC44 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe

13:09:30.0734 3676 PnkBstrA - ok

13:09:30.0750 3676 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

13:09:30.0750 3676 PolicyAgent - ok

13:09:30.0812 3676 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:09:30.0828 3676 PptpMiniport - ok

13:09:30.0859 3676 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

13:09:30.0859 3676 ProtectedStorage - ok

13:09:30.0906 3676 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

13:09:30.0906 3676 PSched - ok

13:09:30.0984 3676 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:09:30.0984 3676 Ptilink - ok

13:09:31.0031 3676 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:09:31.0031 3676 PxHelp20 - ok

13:09:31.0109 3676 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys

13:09:31.0109 3676 ql1080 - ok

13:09:31.0125 3676 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

13:09:31.0125 3676 Ql10wnt - ok

13:09:31.0171 3676 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys

13:09:31.0171 3676 ql12160 - ok

13:09:31.0203 3676 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys

13:09:31.0203 3676 ql1240 - ok

13:09:31.0218 3676 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys

13:09:31.0218 3676 ql1280 - ok

13:09:31.0265 3676 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:09:31.0265 3676 RasAcd - ok

13:09:31.0312 3676 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

13:09:31.0328 3676 RasAuto - ok

13:09:31.0343 3676 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:09:31.0359 3676 Rasl2tp - ok

13:09:31.0437 3676 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

13:09:31.0437 3676 RasMan - ok

13:09:31.0500 3676 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:09:31.0500 3676 RasPppoe - ok

13:09:31.0546 3676 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

13:09:31.0546 3676 Raspti - ok

13:09:31.0593 3676 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:09:31.0593 3676 Rdbss - ok

13:09:31.0625 3676 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:09:31.0625 3676 RDPCDD - ok

13:09:31.0671 3676 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:09:31.0671 3676 rdpdr - ok

13:09:31.0765 3676 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

13:09:31.0828 3676 RDPWD - ok

13:09:31.0875 3676 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

13:09:31.0875 3676 RDSessMgr - ok

13:09:31.0937 3676 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

13:09:31.0937 3676 redbook - ok

13:09:32.0015 3676 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

13:09:32.0015 3676 RemoteAccess - ok

13:09:32.0046 3676 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

13:09:32.0046 3676 RpcLocator - ok

13:09:32.0109 3676 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

13:09:32.0109 3676 RpcSs - ok

13:09:32.0156 3676 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

13:09:32.0156 3676 RSVP - ok

13:09:32.0187 3676 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

13:09:32.0187 3676 SamSs - ok

13:09:32.0218 3676 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

13:09:32.0218 3676 SCardSvr - ok

13:09:32.0281 3676 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

13:09:32.0281 3676 Schedule - ok

13:09:32.0296 3676 SDDMI2 - ok

13:09:32.0343 3676 [ 72DFFA33F8ED1C847075EEE2C1E790EE ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:09:32.0343 3676 Secdrv - ok

13:09:32.0406 3676 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

13:09:32.0406 3676 seclogon - ok

13:09:32.0484 3676 [ 9A4C4A4B191200F12085D188BE70E4E3 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys

13:09:32.0484 3676 senfilt - ok

13:09:32.0531 3676 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

13:09:32.0531 3676 SENS - ok

13:09:32.0578 3676 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

13:09:32.0578 3676 serenum - ok

13:09:32.0625 3676 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

13:09:32.0625 3676 Serial - ok

13:09:32.0703 3676 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

13:09:32.0703 3676 Sfloppy - ok

13:09:32.0750 3676 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

13:09:32.0750 3676 SharedAccess - ok

13:09:32.0796 3676 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

13:09:32.0796 3676 ShellHWDetection - ok

13:09:32.0812 3676 Simbad - ok

13:09:32.0859 3676 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys

13:09:32.0859 3676 sisagp - ok

13:09:32.0906 3676 [ 479533BACC58B1EDF916855BCD139556 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys

13:09:32.0921 3676 smwdm - ok

13:09:32.0968 3676 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys

13:09:32.0968 3676 Sparrow - ok

13:09:33.0000 3676 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

13:09:33.0000 3676 splitter - ok

13:09:33.0046 3676 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

13:09:33.0046 3676 Spooler - ok

13:09:33.0062 3676 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

13:09:33.0062 3676 sr - ok

13:09:33.0109 3676 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

13:09:33.0125 3676 srservice - ok

13:09:33.0218 3676 [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP C:\WINDOWS\System32\Drivers\N360\1402000.013\SRTSP.SYS

13:09:33.0218 3676 SRTSP - ok

13:09:33.0250 3676 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\WINDOWS\system32\drivers\N360\1402000.013\SRTSPX.SYS

13:09:33.0265 3676 SRTSPX - ok

13:09:33.0312 3676 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

13:09:33.0312 3676 Srv - ok

13:09:33.0359 3676 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

13:09:33.0359 3676 SSDPSRV - ok

13:09:33.0437 3676 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

13:09:33.0437 3676 stisvc - ok

13:09:33.0453 3676 suxde - ok

13:09:33.0500 3676 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

13:09:33.0500 3676 swenum - ok

13:09:33.0531 3676 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

13:09:33.0531 3676 swmidi - ok

13:09:33.0546 3676 SwPrv - ok

13:09:33.0609 3676 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys

13:09:33.0609 3676 symc810 - ok

13:09:33.0625 3676 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys

13:09:33.0625 3676 symc8xx - ok

13:09:33.0671 3676 [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS C:\WINDOWS\system32\drivers\N360\1402000.013\SYMDS.SYS

13:09:33.0687 3676 SymDS - ok

13:09:33.0765 3676 [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA C:\WINDOWS\system32\drivers\N360\1402000.013\SYMEFA.SYS

13:09:33.0765 3676 SymEFA - ok

13:09:33.0812 3676 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

13:09:33.0812 3676 SymEvent - ok

13:09:33.0875 3676 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\WINDOWS\system32\drivers\N360\1402000.013\Ironx86.SYS

13:09:33.0890 3676 SymIRON - ok

13:09:33.0984 3676 [ EC979002EBA25C9D109B2FE0E03457DA ] SYMTDI C:\WINDOWS\System32\Drivers\N360\1402000.013\SYMTDI.SYS

13:09:33.0984 3676 SYMTDI - ok

13:09:34.0031 3676 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys

13:09:34.0031 3676 sym_hi - ok

13:09:34.0062 3676 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys

13:09:34.0062 3676 sym_u3 - ok

13:09:34.0093 3676 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

13:09:34.0093 3676 sysaudio - ok

13:09:34.0125 3676 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

13:09:34.0125 3676 SysmonLog - ok

13:09:34.0171 3676 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

13:09:34.0187 3676 TapiSrv - ok

13:09:34.0234 3676 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:09:34.0234 3676 Tcpip - ok

13:09:34.0281 3676 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

13:09:34.0296 3676 TDPIPE - ok

13:09:34.0312 3676 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

13:09:34.0312 3676 TDTCP - ok

13:09:34.0343 3676 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

13:09:34.0343 3676 TermDD - ok

13:09:34.0421 3676 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

13:09:34.0421 3676 TermService - ok

13:09:34.0468 3676 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

13:09:34.0484 3676 Themes - ok

13:09:34.0546 3676 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys

13:09:34.0546 3676 TosIde - ok

13:09:34.0593 3676 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

13:09:34.0593 3676 TrkWks - ok

13:09:34.0625 3676 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

13:09:34.0625 3676 Udfs - ok

13:09:34.0640 3676 uilxo - ok

13:09:34.0687 3676 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys

13:09:34.0687 3676 ultra - ok

13:09:34.0750 3676 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

13:09:34.0750 3676 Update - ok

13:09:34.0796 3676 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

13:09:34.0796 3676 upnphost - ok

13:09:34.0843 3676 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

13:09:34.0843 3676 UPS - ok

13:09:34.0890 3676 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

13:09:34.0890 3676 USBAAPL - ok

13:09:34.0937 3676 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:09:34.0937 3676 usbccgp - ok

13:09:34.0968 3676 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:09:34.0968 3676 usbehci - ok

13:09:35.0000 3676 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:09:35.0000 3676 usbhub - ok

13:09:35.0062 3676 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:09:35.0062 3676 usbprint - ok

13:09:35.0093 3676 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:09:35.0093 3676 usbscan - ok

13:09:35.0109 3676 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:09:35.0109 3676 USBSTOR - ok

13:09:35.0125 3676 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:09:35.0125 3676 usbuhci - ok

13:09:35.0171 3676 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

13:09:35.0171 3676 VgaSave - ok

13:09:35.0187 3676 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys

13:09:35.0187 3676 viaagp - ok

13:09:35.0203 3676 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

13:09:35.0203 3676 ViaIde - ok

13:09:35.0218 3676 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

13:09:35.0218 3676 VolSnap - ok

13:09:35.0250 3676 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

13:09:35.0265 3676 VSS - ok

13:09:35.0296 3676 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll

13:09:35.0296 3676 w32time - ok

13:09:35.0312 3676 w800mdm - ok

13:09:35.0359 3676 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:09:35.0359 3676 Wanarp - ok

13:09:35.0421 3676 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys

13:09:35.0421 3676 wanatw - ok

13:09:35.0468 3676 [ EB9A99AB5D17B1727034FF191E6448D7 ] WANMiniportService C:\WINDOWS\wanmpsvc.exe

13:09:35.0500 3676 WANMiniportService - ok

13:09:35.0515 3676 WDICA - ok

13:09:35.0562 3676 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

13:09:35.0562 3676 wdmaud - ok

13:09:35.0625 3676 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

13:09:35.0625 3676 WebClient - ok

13:09:35.0703 3676 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

13:09:35.0703 3676 winmgmt - ok

13:09:35.0812 3676 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

13:09:35.0812 3676 WmdmPmSN - ok

13:09:35.0875 3676 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

13:09:35.0875 3676 WmiApSrv - ok

13:09:35.0984 3676 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

13:09:36.0000 3676 WMPNetworkSvc - ok

13:09:36.0031 3676 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

13:09:36.0031 3676 WpdUsb - ok

13:09:36.0093 3676 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

13:09:36.0093 3676 WS2IFSL - ok

13:09:36.0140 3676 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

13:09:36.0140 3676 wscsvc - ok

13:09:36.0171 3676 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

13:09:36.0171 3676 wuauserv - ok

13:09:36.0234 36

Share this post


Link to post
Share on other sites

Continued from posting before

:09:36.0234 3676 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:09:36.0234 3676 WudfPf - ok

13:09:36.0265 3676 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

13:09:36.0265 3676 WudfSvc - ok

13:09:36.0359 3676 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

13:09:36.0359 3676 WZCSVC - ok

13:09:36.0484 3676 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

13:09:36.0500 3676 xmlprov - ok

13:09:36.0500 3676 ================ Scan global ===============================

13:09:36.0546 3676 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

13:09:36.0640 3676 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

13:09:36.0703 3676 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

13:09:36.0734 3676 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

13:09:36.0734 3676 [Global] - ok

13:09:36.0734 3676 ================ Scan MBR ==================================

13:09:36.0765 3676 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0

13:09:36.0953 3676 \Device\Harddisk0\DR0 - ok

13:09:36.0953 3676 ================ Scan VBR ==================================

13:09:36.0968 3676 [ 9B62D8BC823461800AB1935852DA88BD ] \Device\Harddisk0\DR0\Partition1

13:09:36.0968 3676 \Device\Harddisk0\DR0\Partition1 - ok

13:09:36.0968 3676 ============================================================

13:09:36.0968 3676 Scan finished

13:09:36.0968 3676 ============================================================

13:09:36.0984 3232 Detected object count: 0

13:09:36.0984 3232 Actual detected object count: 0

13:09:53.0671 3096 Deinitialize success

 

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 13:13:06

# Updated 25/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Claudia - STILL

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Claudia\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

Key Found : HKCU\Software\Headlight

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\49CF605F02C7954F4E139D18828DE298CD59217C

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D

Key Found : HKLM\Software\Viewpoint

Key Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKU\S-1-5-21-3903870554-2417901499-2833347041-1007\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

Share this post


Link to post
Share on other sites

Hi again,

 

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

 

Driver::

evieqw

idujqe

suxde

uilxo

 

Save this as CFScript

 

CFScriptB-4.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

 

jedi

Share this post


Link to post
Share on other sites

ComboFix 12-12-29.02 - Claudia 12/29/2012 16:12:11.12.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1435 [GMT -5:00]

Running from: c:\documents and settings\Claudia\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Claudia\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_evieqw

-------\Service_idujqe

-------\Service_suxde

-------\Service_uilxo

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-16 12:23 . 2004-08-04 11:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 14:51 . 2012-05-02 22:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 14:51 . 2011-06-23 18:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-13 01:25 . 2004-08-04 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-07 13:18 . 2011-10-13 20:12 4522 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-11-02 02:02 . 2004-08-04 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec

2012-10-13 00:35 . 2012-01-30 05:25 72104 ----a-w- c:\windows\CouponPrinter.ocx

2012-10-09 01:00 . 2012-10-27 16:31 586400 ----a-w- c:\windows\system32\drivers\N360\1402000.013\srtsp.sys

2012-10-08 11:29 . 2012-05-03 21:02 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-10-08 10:06 . 2012-10-08 10:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-08 10:06 . 2012-09-24 23:21 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-08 10:06 . 2012-09-24 23:21 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-08 10:06 . 2010-12-19 20:00 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-04 01:40 . 2012-10-27 16:31 927904 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symefa.sys

2012-10-04 01:40 . 2012-10-27 16:31 368288 ----a-w- c:\windows\system32\drivers\N360\1402000.013\symds.sys

2012-10-04 01:19 . 2012-10-27 16:31 134304 ----a-w- c:\windows\system32\drivers\N360\1402000.013\ccsetx86.sys

2012-10-02 18:04 . 2004-08-04 11:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-12-12 13:45 . 2012-12-12 13:45 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

.

[HKLM\~\startupfolder\C:^Documents and Settings^Claudia^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]

path=c:\documents and settings\Claudia\Start Menu\Programs\Startup\PandaUSBVaccine.lnk

backup=c:\windows\pss\PandaUSBVaccine.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

2005-11-07 09:20 122940 ----a-w- c:\windows\SYSTEM32\dla\DLACTRLW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2008-07-10 03:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2006-01-17 17:03 135168 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2011-08-23 21:17 211296 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]

2010-03-16 13:36 337256 ----a-w- c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2008-07-10 03:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2007-08-31 13:01 328992 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MSK80Service"=2 (0x2)

"McSysmon"=3 (0x3)

"McShield"=2 (0x2)

"McProxy"=2 (0x2)

"McODS"=3 (0x3)

"McNASvc"=2 (0x2)

"mcmscsvc"=2 (0x2)

"McAfee SiteAdvisor Service"=2 (0x2)

"MBackMonitor"=3 (0x3)

"MPS9"=2 (0x2)

"McRedirector"=2 (0x2)

"mcpromgr"=2 (0x2)

"mcmispupdmgr"=2 (0x2)

"McAfee HackerWatch Service"=2 (0x2)

"Emproxy"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1105010324\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symds.sys [10/27/2012 11:31 AM 368288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\symefa.sys [10/27/2012 11:31 AM 927904]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 6:34 PM 995488]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ccsetx86.sys [10/27/2012 11:31 AM 134304]

R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\1402000.013\ironx86.sys [10/27/2012 11:31 AM 175264]

R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccsvchst.exe [10/27/2012 11:31 AM 143928]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/8/2012 6:30 AM 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121228.001\IDSXpx86.sys [12/29/2012 3:25 PM 373728]

S2 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe -k NECUsb3s [8/4/2004 6:00 AM 14336]

S2 Wmipsd;Wmipsd;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]

S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms --> c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NECUsb3s REG_MULTI_SZ NEC Usb3

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

mpfservice

sagefserver

AVCamUSB20

usbcm

tvicport

LPCFilter

iwebmsg

hibernation

trioservice

s117mdm

hsf_dpv

ZDPNDIS5

bwsvc

ssm_mdfl

acrsch2svc

AsIO

winvnc4

NAL

richvideo

M2500

acnusvc

IPSECSHM

w800mdm

Wmipsd

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 14:51]

.

2012-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-12-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\Claudia\Application Data\Mozilla\Firefox\Profiles\8yi6q0be.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-29 17:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]

"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]

@DACL=(02 0000)

"DLLName"="c:\\Program Files\\Citrix\\GoToAssist\\514\\G2AWinLogon.dll"

"Logoff"="G2ALogoff"

"Asynchronous"=dword:00000000

"Logon"="G2ALogon"

"Startup"="G2AStartup"

"Impersonate"=dword:00000000

"Shutdown"="G2AShutdown"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

@DACL=(02 0000)

"HelpAssistant"=dword:00000000

"TsInternetUser"=dword:00000000

"SQLAgentCmdExec"=dword:00000000

"NetShowServices"=dword:00000000

"IWAM_"=dword:00010000

"IUSR_"=dword:00010000

"VUSR_"=dword:00010000

"ASPNET"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1076)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\wanmpsvc.exe

c:\program files\Canon\CAL\CALMAIN.exe

.

**************************************************************************

.

Completion time: 2012-12-29 17:31:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-29 22:31

ComboFix2.txt 2012-12-26 14:23

ComboFix3.txt 2012-12-12 20:07

ComboFix4.txt 2012-05-30 10:44

ComboFix5.txt 2012-12-29 18:58

.

Pre-Run: 12,940,673,024 bytes free

Post-Run: 12,954,619,904 bytes free

.

- - End Of File - - 8085529934CFAB093918F31821C318E7

 

It said detected rootkit activity again. What is rootkit activity?

Thanks,

Claudia

Share this post


Link to post
Share on other sites

Hi again,

 

A rootkit is a kind of hidden malware:

https://en.wikipedia.org/wiki/Rootkit

First:

Create a restore point:

 

http://support.microsoft.com/kb/948247

Next:

Go here:

http://www.bleepingc...es-anti-rootkit

 

and familiarise yourself with how to use Malwarebytes Anti-Rootkit, then download and run the tool, and remove anything it finds.

 

Let me know how it goes.

 

jedi

Share this post


Link to post
Share on other sites

Happy New Year!

 

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

 

Database version: v2012.12.31.07

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Claudia :: STILL [administrator]

 

12/31/2012 2:37:52 PM

mbar-log-2012-12-31 (14-37-52).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 27245

Time elapsed: 30 minute(s), 31 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 3

C:\WINDOWS\$NtUninstallKB25136$\2610362790\L (Backdoor.0Access) -> Delete on reboot.

C:\WINDOWS\$NtUninstallKB25136$\2610362790\U (Backdoor.0Access) -> Delete on reboot.

C:\WINDOWS\$NtUninstallKB25136$\2610362790 (Backdoor.0Access) -> Delete on reboot.

 

Files Detected: 1

C:\WINDOWS\$NtUninstallKB25136$\2610362790\L\odetmngk (Backdoor.0Access) -> Delete on reboot.

 

(end)

 

 

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.394000 GHz

Memory total: 2145370112, free: 1370021888

 

------------ Kernel report ------------

12/31/2012 14:06:02

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

aliide.sys

cmdide.sys

toside.sys

viaide.sys

intelide.sys

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

cpqarray.sys

\WINDOWS\system32\DRIVERS\SCSIPORT.SYS

atapi.sys

aha154x.sys

sparrow.sys

symc810.sys

aic78xx.sys

dac960nt.sys

ql10wnt.sys

amsint.sys

asc.sys

asc3550.sys

mraid35x.sys

i2omp.sys

ini910u.sys

ql1240.sys

aic78u2.sys

symc8xx.sys

sym_hi.sys

sym_u3.sys

ABP480N5.SYS

asc3350p.sys

cd20xrnt.sys

ultra.sys

adpu160m.sys

dpti2o.sys

ql1080.sys

ql1280.sys

ql12160.sys

perc2.sys

perc2hib.sys

hpn.sys

cbidf2k.sys

dac2w2k.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

SYMDS.SYS

sr.sys

SYMEFA.SYS

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

sisagp.sys

viaagp.sys

Mup.sys

agp440.sys

alim1541.sys

amdagp.sys

agpCPQ.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ialmnt5.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\IntelC53.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\IntelC51.sys

\SystemRoot\system32\DRIVERS\IntelC52.sys

\SystemRoot\system32\DRIVERS\mohfilt.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\DRIVERS\e100b325.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\drivers\smwdm.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\senfilt.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\wanatw4.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\MODEMCSA.sys

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\i2omgmt.SYS

\SystemRoot\system32\drivers\N360\1402000.013\ccSetx86.sys

\SystemRoot\System32\Drivers\N360\1402000.013\SRTSP.SYS

\SystemRoot\system32\drivers\N360\1402000.013\SRTSPX.SYS

\SystemRoot\system32\drivers\N360\1402000.013\Ironx86.SYS

\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121230.018\NAVEX15.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121230.018\NAVENG.SYS

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_N.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\System32\Drivers\N360\1402000.013\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121230.001\IDSxpx86.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ialmdnt5.dll

\SystemRoot\System32\ialmrnt5.dll

\SystemRoot\System32\ialmdev5.DLL

\SystemRoot\System32\ialmdd5.DLL

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResN.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\secdrv.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\SYSTEM32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a6d4ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff8a6ccd98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.12.31.07

Downloaded database version: v2012.12.27.02

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a6d4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a6d3020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a6d4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a6ccd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe7024da0, 0xffffffff8a6d4ab8, 0xffffffff88d97ab8

Lower DeviceData: 0xffffffffe173a8d8, 0xffffffff8a6ccd98, 0xffffffff88dd7250

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D0F4738C

 

Partition information:

 

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 96327

 

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 96390 Numsec = 149115330

Partition file system is NTFS

Partition is bootable

 

Partition 2 type is Other (0xdb)

Partition is NOT ACTIVE.

Partition starts at LBA: 149211720 Numsec = 7020405

 

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

 

Disk Size: 80000000000 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...

Done!

Performing system, memory and registry scan...

Infected: C:\WINDOWS\$NtUninstallKB25136$\2610362790\L\odetmngk --> [backdoor.0Access]

Infected: C:\WINDOWS\$NtUninstallKB25136$\2610362790\L --> [backdoor.0Access]

Infected: C:\WINDOWS\$NtUninstallKB25136$\2610362790\U --> [backdoor.0Access]

Infected: C:\WINDOWS\$NtUninstallKB25136$\2610362790 --> [backdoor.0Access]

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal successful. No system shutdown is required.

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.394000 GHz

Memory total: 2145370112, free: 1659609088

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.394000 GHz

Memory total: 2145370112, free: 1634988032

 

------------ Kernel report ------------

12/31/2012 15:32:46

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

aliide.sys

cmdide.sys

toside.sys

viaide.sys

intelide.sys

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

cpqarray.sys

\WINDOWS\system32\DRIVERS\SCSIPORT.SYS

atapi.sys

aha154x.sys

sparrow.sys

symc810.sys

aic78xx.sys

dac960nt.sys

ql10wnt.sys

amsint.sys

asc.sys

asc3550.sys

mraid35x.sys

i2omp.sys

ini910u.sys

ql1240.sys

aic78u2.sys

symc8xx.sys

sym_hi.sys

sym_u3.sys

ABP480N5.SYS

asc3350p.sys

cd20xrnt.sys

ultra.sys

adpu160m.sys

dpti2o.sys

ql1080.sys

ql1280.sys

ql12160.sys

perc2.sys

perc2hib.sys

hpn.sys

cbidf2k.sys

dac2w2k.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

SYMDS.SYS

sr.sys

SYMEFA.SYS

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

sisagp.sys

viaagp.sys

Mup.sys

agp440.sys

alim1541.sys

amdagp.sys

agpCPQ.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\ialmnt5.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\IntelC53.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\IntelC51.sys

\SystemRoot\system32\DRIVERS\IntelC52.sys

\SystemRoot\system32\DRIVERS\mohfilt.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\DRIVERS\e100b325.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\drivers\smwdm.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\senfilt.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\wanatw4.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\MODEMCSA.sys

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\i2omgmt.SYS

\SystemRoot\system32\drivers\N360\1402000.013\ccSetx86.sys

\SystemRoot\System32\Drivers\N360\1402000.013\SRTSP.SYS

\SystemRoot\system32\drivers\N360\1402000.013\SRTSPX.SYS

\SystemRoot\system32\drivers\N360\1402000.013\Ironx86.SYS

\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121231.004\NAVEX15.SYS

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121231.004\NAVENG.SYS

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_N.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\System32\Drivers\N360\1402000.013\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121230.001\IDSxpx86.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ialmdnt5.dll

\SystemRoot\System32\ialmrnt5.dll

\SystemRoot\System32\ialmdev5.DLL

\SystemRoot\System32\ialmdd5.DLL

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResN.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\secdrv.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\SYSTEM32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a6e6ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff8a6ded98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.12.31.08

Downloaded database version: v2012.12.31.09

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a6e6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a6e5020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a6e6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a6ded98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe71b4c08, 0xffffffff8a6e6ab8, 0xffffffff8927e040

Lower DeviceData: 0xffffffffe2078e88, 0xffffffff8a6ded98, 0xffffffff89042c90

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D0F4738C

 

Partition information:

 

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 96327

 

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 96390 Numsec = 149115330

Partition file system is NTFS

Partition is bootable

 

Partition 2 type is Other (0xdb)

Partition is NOT ACTIVE.

Partition starts at LBA: 149211720 Numsec = 7020405

 

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

 

Disk Size: 80000000000 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

 

 

What a big difference how my comuter is working. The rootkits can really cause problems. Thanks!

Claudia

Share this post


Link to post
Share on other sites

Hi again,

 

Good, that worked well, one more scan to pick up any remnants:

 

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next:

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

 

Happy new year to you too. :)

 

jedi

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=11774472507abf45984642b3336fcc07
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-09 03:06:14
# local_time=2013-01-08 10:06:14 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3073 16777214 0 5 20686907 20686907 0 0
# compatibility_mode=3592 16777213 100 94 0 108276870 0 0
# scanned=110955
# found=4
# cleaned=4
# scan_time=7507
C:\Documents and Settings\Claudia\Local Settings\Application Data\{345EA117-8745-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 28038EC86E4CD605FFC08CFD20C380C3AD27D44B C
C:\Documents and Settings\Claudia\My Documents\Downloaded Program Updates\tp\tools\unlocker1.8.7.exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 9C7EC8EB5D7CA43214E25369CBFE1A35E25245FA C
C:\TDSSKiller_Quarantine\27.04.2012_04.47.51\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 832F25E09A9E3342DBCA708341FE83809FEBCAB6 C
C:\TDSSKiller_Quarantine\27.04.2012_04.47.51\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 7A7C8F317675A358F04775E48FC36E045A4BE471 C

I was unable to run the adwclearner. The icon disappeared after clicking on it and I tried to download again but it didn't give me that option. Finally it ran but it was saved under [R2] and not the [s1] you listed.

Claudia

Share this post


Link to post
Share on other sites

Hi again,

 

It's all looking good. How is the PC running now?

 

jedi

Share this post


Link to post
Share on other sites

You're very welcome.

 

Just a little housekeeping, then we're done.

 

Do Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files and Security Check folder from your Desktop, and TDSSKiller and AdwCleaner.

 

Here are some security suggestions:

 

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.


As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.


Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.


Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

jedi :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.