timberwolf

Members
  • Content count

    11
  • Joined

  • Last visited

About timberwolf

  • Rank
    New Member
  1. MBAM updated. Nothing found. Here is the log from the quick scan. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.24.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: USER-2CCCC38035 [administrator] Protection: Enabled 6/24/2012 12:54:23 PM mbam-log-2012-06-24 (12-54-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 194286 Time elapsed: 6 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  2. OK, I guess it's a legit alert from MarketLink, who is in fact a vendor of Comcast. I called Comcast's security department after reading a more recent post on Comcast's forum by someone else with a similar problem. Turns out they are doing account audits and mine had the wrong modem MAC number listed. He said this is a new program they are using and not all techs are familiar with it yet, which is why I was originally told by 2 different techs that it wasn't from them. I asked how it got past my AV programs/Firewall and he said it's something that's pushed through from Comcast and sent directly to the modem. So, if anyone else is having similar issues, you'll have to call the number listed for MarketLink to resolve the issue. If in doubt, call Comcast's security department and have them verify it first. Don't just call 1-800-COMCAST, though, call the security dept. directly. 1-888-565-4329.
  3. Here is the ComboFix log. This is worth mentioning, but not sure if it's related to an infection. For the last few days, Windows wants me to keep installing the same updates, even though they install successfully. Each day when I boot the PC, it tells me there are updates, but they are always the same ones. ComboFix 12-06-23.05 - User 06/23/2012 17:55:18.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2113 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\User\Application Data\vso_ts_preview.xml c:\documents and settings\User\Favorites\Games.url . c:\windows\system32\drivers\i8042prt.sys was missing Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys . . ((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))) . . 2012-06-23 21:58 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys 2012-06-23 21:58 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2012-06-23 04:56 . 2012-06-23 04:56 -------- d-----w- c:\program files\ERUNT 2012-06-22 17:47 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E3AE5AA-4B3C-4E17-8459-3180915B1D83}\mpengine.dll 2012-06-21 05:49 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-18 06:36 . 2012-06-18 06:36 -------- d-----w- c:\program files\Trend Micro 2012-06-18 02:16 . 2012-06-20 01:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-18 02:16 . 2012-06-19 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-06-18 01:36 . 2010-01-10 22:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2012-06-17 03:34 . 2012-06-17 17:37 -------- d-----w- c:\program files\Symantec 2012-06-17 03:34 . 2012-06-17 17:37 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-06-17 03:34 . 2012-06-17 17:37 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-06-17 03:34 . 2012-06-17 04:34 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-06-17 03:33 . 2012-06-18 05:37 -------- d-----w- c:\windows\system32\drivers\NIS 2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\Norton Internet Security 2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\Windows Sidebar 2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\NortonInstaller 2012-06-17 02:53 . 2012-06-17 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage 2012-06-17 02:21 . 2012-06-17 08:02 -------- d-----w- c:\program files\Advanced Fix 2012 2012-06-17 00:41 . 2012-06-17 02:53 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ID Vault 2012-06-17 00:40 . 2012-06-17 02:53 -------- d-----w- c:\documents and settings\User\Application Data\ID Vault 2012-06-16 23:25 . 2012-06-16 23:25 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun 2012-06-16 23:09 . 2012-06-16 23:09 -------- d-----w- c:\program files\Common Files\Java 2012-06-16 23:09 . 2012-06-16 23:09 -------- d-----w- c:\program files\Oracle 2012-06-16 23:09 . 2012-06-16 23:09 -------- d-----w- c:\documents and settings\User\Application Data\Oracle 2012-06-16 23:09 . 2012-05-04 23:29 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-16 23:09 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-16 23:09 . 2012-05-04 23:29 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-16 23:08 . 2012-06-16 23:08 -------- d-----w- c:\program files\Java 2012-06-16 22:09 . 2012-06-16 22:09 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth 2012-06-16 18:20 . 2012-06-17 03:37 -------- d-----w- c:\program files\Constant Guard Protection Suite 2012-06-16 18:20 . 2012-06-16 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc 2012-06-16 07:25 . 2012-06-17 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2012-06-16 07:25 . 2012-06-16 08:07 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\NPE 2012-06-16 06:55 . 2012-06-16 06:55 -------- d-----w- c:\windows\system32\wbem\Repository 2012-06-14 05:43 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 17:05 . 2012-04-17 17:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 17:05 . 2011-07-06 02:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 19:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19 . 2011-07-05 23:14 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 19:19 . 2011-07-05 23:14 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 19:19 . 2011-07-05 23:14 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19 . 2011-07-05 23:14 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 19:19 . 2011-07-05 23:14 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 19:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 19:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:19 . 2011-07-05 23:14 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 19:19 . 2011-07-05 23:14 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 19:18 . 2011-07-16 00:24 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18 . 2011-07-16 00:24 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 19:18 . 2009-08-06 23:23 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2011-07-05 23:12 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 19:56 . 2011-07-16 01:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-13 04:39 . 2012-04-21 20:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 20:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000] "AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk] path=c:\documents and settings\User\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk backup=c:\windows\pss\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnkStartup . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\symds.sys [6/17/2012 1:37 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\symefa.sys [6/17/2012 1:37 PM 905336] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 8:01 PM 821920] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccsetx86.sys [6/17/2012 1:37 PM 132744] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys [6/17/2012 1:37 PM 149624] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/15/2011 9:25 PM 654408] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/25/2010 2:39 PM 490280] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [6/17/2012 1:37 PM 138232] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [3/15/2011 2:44 PM 428384] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/16/2012 11:35 PM 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSXpx86.sys [6/23/2012 12:34 AM 369632] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/15/2011 9:25 PM 22344] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 11:36 PM 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/17/2012 1:04 PM 250056] S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [9/9/2001 8:00 PM 17976] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 11:36 PM 136176] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 17:05] . 2012-06-15 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48] . 2012-06-19 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48] . 2012-06-23 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48] . 2012-06-23 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30 22:48] . 2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-21 03:36] . 2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-21 03:36] . 2012-06-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 20:50] . 2011-07-18 c:\windows\Tasks\switchShakeIcon.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2011-07-18 21:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = 180.95.19.8:80 TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\et9ohpua.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.ftp - 203.42.246.231 FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.http - 203.42.246.231 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - 203.42.246.231 FF - prefs.js: network.proxy.socks_port - 80 FF - prefs.js: network.proxy.ssl - 203.42.246.231 FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-adblock pro - c:\program files\Adblock Pro\abpmain.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-23 18:02 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(308) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\stsystra.exe c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\wscntfy.exe c:\windows\system32\dllhost.exe c:\windows\eHome\ehmsas.exe . ************************************************************************** . Completion time: 2012-06-23 18:05:34 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-23 22:05 . Pre-Run: 42,003,402,752 bytes free Post-Run: 45,922,791,424 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 1003D062C9CD2089E7C1AB05CB5B1355
  4. Here is the log from TDSSKiller. It found 3 things (that appear to be normal). I skipped them. 01:00:42.0921 0976 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 01:00:43.0390 0976 ============================================================ 01:00:43.0390 0976 Current date / time: 2012/06/23 01:00:43.0390 01:00:43.0390 0976 SystemInfo: 01:00:43.0390 0976 01:00:43.0390 0976 OS Version: 5.1.2600 ServicePack: 3.0 01:00:43.0390 0976 Product type: Workstation 01:00:43.0390 0976 ComputerName: USER-2CCCC38035 01:00:43.0390 0976 UserName: User 01:00:43.0390 0976 Windows directory: C:\WINDOWS 01:00:43.0390 0976 System windows directory: C:\WINDOWS 01:00:43.0390 0976 Processor architecture: Intel x86 01:00:43.0390 0976 Number of processors: 2 01:00:43.0390 0976 Page size: 0x1000 01:00:43.0390 0976 Boot type: Normal boot 01:00:43.0390 0976 ============================================================ 01:00:44.0250 0976 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 01:00:44.0250 0976 ============================================================ 01:00:44.0250 0976 \Device\Harddisk0\DR0: 01:00:44.0250 0976 MBR partitions: 01:00:44.0250 0976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D 01:00:44.0250 0976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0x66B5E30 01:00:44.0250 0976 ============================================================ 01:00:44.0281 0976 C: <-> \Device\Harddisk0\DR0\Partition0 01:00:44.0328 0976 E: <-> \Device\Harddisk0\DR0\Partition1 01:00:44.0328 0976 ============================================================ 01:00:44.0328 0976 Initialize success 01:00:44.0328 0976 ============================================================ 01:01:08.0750 3088 ============================================================ 01:01:08.0750 3088 Scan started 01:01:08.0750 3088 Mode: Manual; SigCheck; TDLFS; 01:01:08.0750 3088 ============================================================ 01:01:09.0093 3088 Abiosdsk - ok 01:01:09.0093 3088 abp480n5 - ok 01:01:09.0156 3088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 01:01:09.0812 3088 ACPI - ok 01:01:09.0843 3088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 01:01:09.0968 3088 ACPIEC - ok 01:01:10.0046 3088 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 01:01:10.0203 3088 AdobeFlashPlayerUpdateSvc - ok 01:01:10.0203 3088 adpu160m - ok 01:01:10.0234 3088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 01:01:10.0390 3088 aec - ok 01:01:10.0437 3088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 01:01:10.0515 3088 AFD - ok 01:01:10.0515 3088 Aha154x - ok 01:01:10.0531 3088 aic78u2 - ok 01:01:10.0531 3088 aic78xx - ok 01:01:10.0562 3088 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 01:01:10.0703 3088 Alerter - ok 01:01:10.0718 3088 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 01:01:10.0828 3088 ALG - ok 01:01:10.0828 3088 AliIde - ok 01:01:10.0843 3088 amsint - ok 01:01:10.0875 3088 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 01:01:10.0984 3088 AppMgmt - ok 01:01:10.0984 3088 asc - ok 01:01:10.0984 3088 asc3350p - ok 01:01:11.0000 3088 asc3550 - ok 01:01:11.0046 3088 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 01:01:11.0109 3088 aspnet_state - ok 01:01:11.0125 3088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 01:01:11.0281 3088 AsyncMac - ok 01:01:11.0312 3088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys 01:01:11.0484 3088 atapi - ok 01:01:11.0484 3088 Atdisk - ok 01:01:11.0515 3088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 01:01:11.0687 3088 Atmarpc - ok 01:01:11.0703 3088 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 01:01:11.0843 3088 AudioSrv - ok 01:01:11.0875 3088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 01:01:12.0015 3088 audstub - ok 01:01:12.0031 3088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 01:01:12.0187 3088 Beep - ok 01:01:12.0390 3088 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx86.sys 01:01:12.0625 3088 BHDrvx86 - ok 01:01:12.0687 3088 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 01:01:12.0875 3088 BITS - ok 01:01:12.0906 3088 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 01:01:13.0046 3088 Browser - ok 01:01:13.0062 3088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 01:01:13.0203 3088 cbidf2k - ok 01:01:13.0281 3088 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys 01:01:13.0312 3088 ccSet_NIS - ok 01:01:13.0312 3088 cd20xrnt - ok 01:01:13.0343 3088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 01:01:13.0484 3088 Cdaudio - ok 01:01:13.0531 3088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 01:01:13.0718 3088 Cdfs - ok 01:01:13.0750 3088 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 01:01:13.0812 3088 Cdrom - ok 01:01:13.0843 3088 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 01:01:13.0890 3088 cercsr6 ( UnsignedFile.Multi.Generic ) - warning 01:01:13.0890 3088 cercsr6 - detected UnsignedFile.Multi.Generic (1) 01:01:13.0890 3088 Changer - ok 01:01:13.0921 3088 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 01:01:14.0062 3088 CiSvc - ok 01:01:14.0078 3088 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 01:01:14.0265 3088 ClipSrv - ok 01:01:14.0375 3088 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 01:01:14.0421 3088 clr_optimization_v2.0.50727_32 - ok 01:01:14.0421 3088 CmdIde - ok 01:01:14.0421 3088 COMSysApp - ok 01:01:14.0421 3088 Cpqarray - ok 01:01:14.0453 3088 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 01:01:14.0609 3088 CryptSvc - ok 01:01:14.0609 3088 dac2w2k - ok 01:01:14.0609 3088 dac960nt - ok 01:01:14.0687 3088 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 01:01:14.0796 3088 DcomLaunch - ok 01:01:14.0843 3088 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 01:01:14.0984 3088 Dhcp - ok 01:01:15.0015 3088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 01:01:15.0156 3088 Disk - ok 01:01:15.0156 3088 dmadmin - ok 01:01:15.0234 3088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 01:01:15.0390 3088 dmboot - ok 01:01:15.0406 3088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 01:01:15.0562 3088 dmio - ok 01:01:15.0578 3088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 01:01:15.0703 3088 dmload - ok 01:01:15.0718 3088 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 01:01:15.0843 3088 dmserver - ok 01:01:15.0875 3088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 01:01:16.0000 3088 DMusic - ok 01:01:16.0015 3088 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 01:01:16.0109 3088 Dnscache - ok 01:01:16.0140 3088 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 01:01:16.0312 3088 Dot3svc - ok 01:01:16.0312 3088 dpti2o - ok 01:01:16.0328 3088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 01:01:16.0484 3088 drmkaud - ok 01:01:16.0546 3088 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 01:01:16.0671 3088 e1express - ok 01:01:16.0687 3088 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 01:01:16.0828 3088 EapHost - ok 01:01:16.0937 3088 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 01:01:17.0000 3088 eeCtrl - ok 01:01:17.0093 3088 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe 01:01:17.0171 3088 ehRecvr - ok 01:01:17.0218 3088 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe 01:01:17.0328 3088 ehSched - ok 01:01:17.0343 3088 EPUSBSTOR (9ff9df112f551f34ce7894c7ce41bfee) C:\WINDOWS\system32\DRIVERS\epusbsto.sys 01:01:17.0390 3088 EPUSBSTOR - ok 01:01:17.0421 3088 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 01:01:17.0453 3088 EraserUtilRebootDrv - ok 01:01:17.0484 3088 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 01:01:17.0609 3088 ERSvc - ok 01:01:17.0640 3088 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 01:01:17.0718 3088 Eventlog - ok 01:01:17.0765 3088 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 01:01:17.0859 3088 EventSystem - ok 01:01:17.0890 3088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 01:01:18.0046 3088 Fastfat - ok 01:01:18.0078 3088 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 01:01:18.0187 3088 FastUserSwitchingCompatibility - ok 01:01:18.0203 3088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 01:01:18.0328 3088 Fdc - ok 01:01:18.0343 3088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 01:01:18.0484 3088 Fips - ok 01:01:18.0500 3088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 01:01:18.0609 3088 Flpydisk - ok 01:01:18.0640 3088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 01:01:18.0781 3088 FltMgr - ok 01:01:18.0875 3088 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 01:01:18.0906 3088 FontCache3.0.0.0 - ok 01:01:18.0921 3088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 01:01:19.0031 3088 Fs_Rec - ok 01:01:19.0046 3088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 01:01:19.0156 3088 Ftdisk - ok 01:01:19.0171 3088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 01:01:19.0296 3088 Gpc - ok 01:01:19.0375 3088 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 01:01:19.0453 3088 gupdate - ok 01:01:19.0453 3088 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 01:01:19.0515 3088 gupdatem - ok 01:01:19.0546 3088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 01:01:19.0687 3088 HDAudBus - ok 01:01:19.0734 3088 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 01:01:19.0875 3088 helpsvc - ok 01:01:19.0906 3088 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 01:01:20.0046 3088 HidServ - ok 01:01:20.0078 3088 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 01:01:20.0203 3088 hidusb - ok 01:01:20.0234 3088 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 01:01:20.0375 3088 hkmsvc - ok 01:01:20.0375 3088 hpn - ok 01:01:20.0406 3088 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 01:01:20.0484 3088 HSFHWBS2 - ok 01:01:20.0562 3088 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 01:01:20.0640 3088 HSF_DP - ok 01:01:20.0703 3088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 01:01:20.0796 3088 HTTP - ok 01:01:20.0812 3088 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 01:01:20.0953 3088 HTTPFilter - ok 01:01:20.0968 3088 i2omgmt - ok 01:01:20.0968 3088 i2omp - ok 01:01:21.0062 3088 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 01:01:21.0171 3088 ialm - ok 01:01:21.0250 3088 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys 01:01:21.0312 3088 iastor - ok 01:01:21.0500 3088 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 01:01:21.0656 3088 idsvc - ok 01:01:21.0843 3088 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSxpx86.sys 01:01:21.0921 3088 IDSxpx86 - ok 01:01:22.0000 3088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 01:01:22.0140 3088 Imapi - ok 01:01:22.0203 3088 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 01:01:22.0390 3088 ImapiService - ok 01:01:22.0390 3088 ini910u - ok 01:01:22.0406 3088 IntelIde - ok 01:01:22.0421 3088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 01:01:22.0546 3088 intelppm - ok 01:01:22.0562 3088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 01:01:22.0703 3088 Ip6Fw - ok 01:01:22.0718 3088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 01:01:22.0859 3088 IpFilterDriver - ok 01:01:22.0875 3088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 01:01:23.0015 3088 IpInIp - ok 01:01:23.0031 3088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 01:01:23.0171 3088 IpNat - ok 01:01:23.0203 3088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 01:01:23.0359 3088 IPSec - ok 01:01:23.0375 3088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 01:01:23.0453 3088 IRENUM - ok 01:01:23.0500 3088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 01:01:23.0640 3088 isapnp - ok 01:01:23.0703 3088 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 01:01:23.0812 3088 JavaQuickStarterService - ok 01:01:23.0843 3088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 01:01:23.0968 3088 Kbdclass - ok 01:01:23.0984 3088 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 01:01:24.0093 3088 kbdhid - ok 01:01:24.0125 3088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 01:01:24.0250 3088 kmixer - ok 01:01:24.0265 3088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 01:01:24.0343 3088 KSecDD - ok 01:01:24.0375 3088 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 01:01:24.0453 3088 lanmanserver - ok 01:01:24.0468 3088 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 01:01:24.0546 3088 lanmanworkstation - ok 01:01:24.0546 3088 lbrtfdc - ok 01:01:25.0031 3088 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe 01:01:25.0343 3088 LeapFrog Connect Device Service - ok 01:01:25.0468 3088 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 01:01:25.0593 3088 LmHosts - ok 01:01:25.0640 3088 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 01:01:25.0671 3088 MBAMProtector - ok 01:01:25.0765 3088 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 01:01:25.0875 3088 MBAMService - ok 01:01:25.0968 3088 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe 01:01:26.0031 3088 McrdSvc - ok 01:01:26.0046 3088 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 01:01:26.0078 3088 mdmxsdk - ok 01:01:26.0109 3088 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 01:01:26.0250 3088 Messenger - ok 01:01:26.0296 3088 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll 01:01:26.0421 3088 MHN ( UnsignedFile.Multi.Generic ) - warning 01:01:26.0421 3088 MHN - detected UnsignedFile.Multi.Generic (1) 01:01:26.0437 3088 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 01:01:26.0468 3088 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 01:01:26.0468 3088 MHNDRV - detected UnsignedFile.Multi.Generic (1) 01:01:26.0500 3088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 01:01:26.0609 3088 mnmdd - ok 01:01:26.0640 3088 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 01:01:26.0812 3088 mnmsrvc - ok 01:01:26.0828 3088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 01:01:26.0953 3088 Modem - ok 01:01:27.0000 3088 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 01:01:27.0109 3088 MODEMCSA - ok 01:01:27.0125 3088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 01:01:27.0265 3088 Mouclass - ok 01:01:27.0281 3088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 01:01:27.0421 3088 mouhid - ok 01:01:27.0453 3088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 01:01:27.0578 3088 MountMgr - ok 01:01:27.0609 3088 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 01:01:27.0640 3088 MpFilter - ok 01:01:27.0718 3088 MpKsl6eb7b14e (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E3AE5AA-4B3C-4E17-8459-3180915B1D83}\MpKsl6eb7b14e.sys 01:01:27.0750 3088 MpKsl6eb7b14e - ok 01:01:27.0765 3088 mraid35x - ok 01:01:27.0765 3088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 01:01:27.0890 3088 MRxDAV - ok 01:01:27.0953 3088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 01:01:28.0046 3088 MRxSmb - ok 01:01:28.0078 3088 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 01:01:28.0203 3088 MSDTC - ok 01:01:28.0218 3088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 01:01:28.0406 3088 Msfs - ok 01:01:28.0406 3088 MSIServer - ok 01:01:28.0437 3088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 01:01:28.0546 3088 MSKSSRV - ok 01:01:28.0640 3088 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe 01:01:28.0671 3088 MsMpSvc - ok 01:01:28.0703 3088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 01:01:28.0812 3088 MSPCLOCK - ok 01:01:28.0828 3088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 01:01:28.0937 3088 MSPQM - ok 01:01:28.0937 3088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 01:01:29.0046 3088 mssmbios - ok 01:01:29.0078 3088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 01:01:29.0109 3088 Mup - ok 01:01:29.0156 3088 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 01:01:29.0328 3088 napagent - ok 01:01:29.0437 3088 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files\Nero\Update\NASvc.exe 01:01:29.0531 3088 NAUpdate - ok 01:01:29.0687 3088 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.019\NAVENG.SYS 01:01:29.0734 3088 NAVENG - ok 01:01:29.0843 3088 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.019\NAVEX15.SYS 01:01:29.0937 3088 NAVEX15 - ok 01:01:30.0078 3088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 01:01:30.0218 3088 NDIS - ok 01:01:30.0234 3088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 01:01:30.0312 3088 NdisTapi - ok 01:01:30.0312 3088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 01:01:30.0437 3088 Ndisuio - ok 01:01:30.0468 3088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 01:01:30.0640 3088 NdisWan - ok 01:01:30.0671 3088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 01:01:30.0718 3088 NDProxy - ok 01:01:30.0718 3088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 01:01:30.0859 3088 NetBIOS - ok 01:01:30.0875 3088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 01:01:31.0031 3088 NetBT - ok 01:01:31.0078 3088 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 01:01:31.0234 3088 NetDDE - ok 01:01:31.0234 3088 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 01:01:31.0390 3088 NetDDEdsdm - ok 01:01:31.0406 3088 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 01:01:31.0546 3088 Netlogon - ok 01:01:31.0578 3088 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 01:01:31.0734 3088 Netman - ok 01:01:31.0843 3088 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 01:01:31.0875 3088 NetTcpPortSharing - ok 01:01:32.0000 3088 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe 01:01:32.0078 3088 NIS - ok 01:01:32.0125 3088 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 01:01:32.0187 3088 Nla - ok 01:01:32.0218 3088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 01:01:32.0343 3088 Npfs - ok 01:01:32.0406 3088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 01:01:32.0578 3088 Ntfs - ok 01:01:32.0593 3088 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 01:01:32.0703 3088 NtLmSsp - ok 01:01:32.0750 3088 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 01:01:32.0937 3088 NtmsSvc - ok 01:01:32.0968 3088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 01:01:33.0093 3088 Null - ok 01:01:33.0125 3088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 01:01:33.0234 3088 NwlnkFlt - ok 01:01:33.0250 3088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 01:01:33.0359 3088 NwlnkFwd - ok 01:01:33.0390 3088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 01:01:33.0531 3088 Parport - ok 01:01:33.0546 3088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 01:01:33.0671 3088 PartMgr - ok 01:01:33.0687 3088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 01:01:33.0796 3088 ParVdm - ok 01:01:33.0812 3088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 01:01:33.0937 3088 PCI - ok 01:01:33.0937 3088 PCIDump - ok 01:01:33.0953 3088 PCIIde - ok 01:01:33.0984 3088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 01:01:34.0093 3088 Pcmcia - ok 01:01:34.0093 3088 PDCOMP - ok 01:01:34.0109 3088 PDFRAME - ok 01:01:34.0109 3088 PDRELI - ok 01:01:34.0109 3088 PDRFRAME - ok 01:01:34.0109 3088 perc2 - ok 01:01:34.0125 3088 perc2hib - ok 01:01:34.0156 3088 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 01:01:34.0218 3088 PlugPlay - ok 01:01:34.0359 3088 PMBDeviceInfoProvider (e9605a180001a6b5551112d91de92ca1) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe 01:01:34.0578 3088 PMBDeviceInfoProvider - ok 01:01:34.0609 3088 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 01:01:34.0718 3088 PolicyAgent - ok 01:01:34.0750 3088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 01:01:34.0890 3088 PptpMiniport - ok 01:01:34.0890 3088 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 01:01:35.0000 3088 ProtectedStorage - ok 01:01:35.0031 3088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 01:01:35.0156 3088 PSched - ok 01:01:35.0171 3088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 01:01:35.0296 3088 Ptilink - ok 01:01:35.0343 3088 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys 01:01:35.0390 3088 PxHelp20 - ok 01:01:35.0406 3088 ql1080 - ok 01:01:35.0406 3088 Ql10wnt - ok 01:01:35.0406 3088 ql12160 - ok 01:01:35.0406 3088 ql1240 - ok 01:01:35.0421 3088 ql1280 - ok 01:01:35.0437 3088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 01:01:35.0562 3088 RasAcd - ok 01:01:35.0609 3088 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 01:01:35.0750 3088 RasAuto - ok 01:01:35.0781 3088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 01:01:35.0890 3088 Rasl2tp - ok 01:01:35.0937 3088 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 01:01:36.0078 3088 RasMan - ok 01:01:36.0093 3088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 01:01:36.0218 3088 RasPppoe - ok 01:01:36.0234 3088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 01:01:36.0343 3088 Raspti - ok 01:01:36.0375 3088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 01:01:36.0500 3088 Rdbss - ok 01:01:36.0531 3088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 01:01:36.0656 3088 RDPCDD - ok 01:01:36.0687 3088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 01:01:36.0812 3088 rdpdr - ok 01:01:36.0843 3088 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 01:01:36.0921 3088 RDPWD - ok 01:01:36.0953 3088 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 01:01:37.0125 3088 RDSessMgr - ok 01:01:37.0140 3088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 01:01:37.0281 3088 redbook - ok 01:01:37.0312 3088 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 01:01:37.0453 3088 RemoteAccess - ok 01:01:37.0484 3088 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 01:01:37.0609 3088 RemoteRegistry - ok 01:01:37.0640 3088 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 01:01:37.0781 3088 RpcLocator - ok 01:01:37.0843 3088 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 01:01:37.0906 3088 RpcSs - ok 01:01:37.0937 3088 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 01:01:38.0062 3088 RSVP - ok 01:01:38.0093 3088 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 01:01:38.0203 3088 SamSs - ok 01:01:38.0234 3088 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 01:01:38.0375 3088 SCardSvr - ok 01:01:38.0421 3088 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 01:01:38.0562 3088 Schedule - ok 01:01:38.0609 3088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 01:01:38.0671 3088 Secdrv - ok 01:01:38.0703 3088 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 01:01:38.0828 3088 seclogon - ok 01:01:38.0859 3088 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 01:01:38.0984 3088 SENS - ok 01:01:39.0000 3088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 01:01:39.0171 3088 Serial - ok 01:01:39.0203 3088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 01:01:39.0312 3088 Sfloppy - ok 01:01:39.0375 3088 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 01:01:39.0562 3088 SharedAccess - ok 01:01:39.0609 3088 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 01:01:39.0640 3088 ShellHWDetection - ok 01:01:39.0656 3088 Simbad - ok 01:01:39.0656 3088 Sparrow - ok 01:01:39.0671 3088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 01:01:39.0796 3088 splitter - ok 01:01:39.0828 3088 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 01:01:39.0890 3088 Spooler - ok 01:01:39.0921 3088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 01:01:40.0031 3088 sr - ok 01:01:40.0062 3088 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 01:01:40.0140 3088 srservice - ok 01:01:40.0234 3088 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SRTSP.SYS 01:01:40.0296 3088 SRTSP - ok 01:01:40.0312 3088 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307010.005\SRTSPX.SYS 01:01:40.0343 3088 SRTSPX - ok 01:01:40.0375 3088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 01:01:40.0484 3088 Srv - ok 01:01:40.0515 3088 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 01:01:40.0609 3088 SSDPSRV - ok 01:01:40.0734 3088 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys 01:01:40.0828 3088 STHDA - ok 01:01:40.0875 3088 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 01:01:41.0093 3088 stisvc - ok 01:01:41.0140 3088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 01:01:41.0265 3088 swenum - ok 01:01:41.0296 3088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 01:01:41.0421 3088 swmidi - ok 01:01:41.0437 3088 SwPrv - ok 01:01:41.0437 3088 symc810 - ok 01:01:41.0437 3088 symc8xx - ok 01:01:41.0531 3088 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMDS.SYS 01:01:41.0718 3088 SymDS - ok 01:01:41.0812 3088 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMEFA.SYS 01:01:41.0875 3088 SymEFA - ok 01:01:41.0906 3088 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 01:01:42.0000 3088 SymEvent - ok 01:01:42.0031 3088 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.SYS 01:01:42.0078 3088 SymIRON - ok 01:01:42.0125 3088 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SYMTDI.SYS 01:01:42.0250 3088 SYMTDI - ok 01:01:42.0250 3088 sym_hi - ok 01:01:42.0250 3088 sym_u3 - ok 01:01:42.0296 3088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 01:01:42.0437 3088 sysaudio - ok 01:01:42.0453 3088 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 01:01:42.0625 3088 SysmonLog - ok 01:01:42.0671 3088 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 01:01:42.0812 3088 TapiSrv - ok 01:01:42.0859 3088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 01:01:42.0906 3088 Tcpip - ok 01:01:42.0937 3088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 01:01:43.0062 3088 TDPIPE - ok 01:01:43.0078 3088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 01:01:43.0203 3088 TDTCP - ok 01:01:43.0234 3088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 01:01:43.0359 3088 TermDD - ok 01:01:43.0421 3088 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 01:01:43.0546 3088 TermService - ok 01:01:43.0609 3088 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 01:01:43.0656 3088 Themes - ok 01:01:43.0687 3088 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 01:01:43.0796 3088 TlntSvr - ok 01:01:43.0796 3088 TosIde - ok 01:01:43.0828 3088 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 01:01:43.0953 3088 TrkWks - ok 01:01:43.0968 3088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 01:01:44.0109 3088 Udfs - ok 01:01:44.0125 3088 ultra - ok 01:01:44.0171 3088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 01:01:44.0296 3088 Update - ok 01:01:44.0328 3088 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 01:01:44.0421 3088 upnphost - ok 01:01:44.0453 3088 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 01:01:44.0593 3088 UPS - ok 01:01:44.0625 3088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 01:01:44.0750 3088 usbccgp - ok 01:01:44.0781 3088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 01:01:44.0906 3088 usbehci - ok 01:01:44.0937 3088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 01:01:45.0078 3088 usbhub - ok 01:01:45.0109 3088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 01:01:45.0234 3088 usbprint - ok 01:01:45.0265 3088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 01:01:45.0375 3088 usbscan - ok 01:01:45.0406 3088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 01:01:45.0531 3088 USBSTOR - ok 01:01:45.0546 3088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 01:01:45.0671 3088 usbuhci - ok 01:01:45.0687 3088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 01:01:45.0812 3088 VgaSave - ok 01:01:45.0828 3088 ViaIde - ok 01:01:45.0843 3088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 01:01:45.0968 3088 VolSnap - ok 01:01:46.0015 3088 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 01:01:46.0125 3088 VSS - ok 01:01:46.0156 3088 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 01:01:46.0296 3088 W32Time - ok 01:01:46.0328 3088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 01:01:46.0468 3088 Wanarp - ok 01:01:46.0468 3088 WDICA - ok 01:01:46.0484 3088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 01:01:46.0640 3088 wdmaud - ok 01:01:46.0671 3088 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 01:01:46.0796 3088 WebClient - ok 01:01:46.0875 3088 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 01:01:46.0921 3088 winachsf - ok 01:01:47.0000 3088 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 01:01:47.0140 3088 winmgmt - ok 01:01:47.0156 3088 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 01:01:47.0218 3088 WmdmPmSN - ok 01:01:47.0281 3088 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 01:01:47.0484 3088 Wmi - ok 01:01:47.0531 3088 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 01:01:47.0703 3088 WmiApSrv - ok 01:01:47.0734 3088 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 01:01:47.0796 3088 WpdUsb - ok 01:01:47.0843 3088 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 01:01:48.0031 3088 wscsvc - ok 01:01:48.0062 3088 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 01:01:48.0171 3088 wuauserv - ok 01:01:48.0218 3088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 01:01:48.0296 3088 WudfPf - ok 01:01:48.0312 3088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 01:01:48.0390 3088 WudfRd - ok 01:01:48.0421 3088 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 01:01:48.0468 3088 WudfSvc - ok 01:01:48.0531 3088 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 01:01:48.0734 3088 WZCSVC - ok 01:01:48.0781 3088 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 01:01:48.0906 3088 xmlprov - ok 01:01:48.0937 3088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 01:01:49.0421 3088 \Device\Harddisk0\DR0 - ok 01:01:49.0421 3088 Boot (0x1200) (beceaddcfe5c4c87fa552c40c6f2cec6) \Device\Harddisk0\DR0\Partition0 01:01:49.0421 3088 \Device\Harddisk0\DR0\Partition0 - ok 01:01:49.0453 3088 Boot (0x1200) (c0cfe80092fbc95221607b104c4f2f04) \Device\Harddisk0\DR0\Partition1 01:01:49.0453 3088 \Device\Harddisk0\DR0\Partition1 - ok 01:01:49.0453 3088 ============================================================ 01:01:49.0453 3088 Scan finished 01:01:49.0453 3088 ============================================================ 01:01:49.0562 1888 Detected object count: 3 01:01:49.0562 1888 Actual detected object count: 3 01:05:26.0328 1888 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user 01:05:26.0328 1888 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:05:26.0328 1888 MHN ( UnsignedFile.Multi.Generic ) - skipped by user 01:05:26.0328 1888 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:05:26.0343 1888 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user 01:05:26.0343 1888 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
  5. Thanks for your reply! MBAM said it was already up-to-date, and here is the log of the quick scan. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.22.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: USER-2CCCC38035 [administrator] Protection: Enabled 6/22/2012 12:32:00 AM mbam-log-2012-06-22 (00-32-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 194495 Time elapsed: 20 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. I hope so! Thanks again.
  7. Merged post I started a post on another MB forum and was told to open a new one here so someone could help me fix my problem. Here is a link to the other post I had, as well as the DDS & Attach files. Thanks in advance for your help! . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1 Run by User at 23:31:00 on 2012-06-19 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1889 [GMT -4:00] . AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: Norton Internet Security *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\stsystra.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = 108.166.95.58:8080 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [adblock pro] c:\program files\adblock pro\abpmain.exe -m mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} - hxxp://surfcam.castleinthesand.com/iqeye.ocx.gz DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309922957656 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{845F1E14-703E-43C9-8E95-FC74DABB12FA} : DhcpNameServer = 75.75.76.76 75.75.75.75 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\et9ohpua.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.ftp - 203.42.246.231 FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.http - 203.42.246.231 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - 203.42.246.231 FF - prefs.js: network.proxy.socks_port - 80 FF - prefs.js: network.proxy.ssl - 203.42.246.231 FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-6-17 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-6-17 905336] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120531.001\BHDrvx86.sys [2012-5-31 821880] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-6-17 132744] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-6-17 149624] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-15 654408] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280] R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-6-17 138232] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-16 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120613.007\IDSXpx86.sys [2012-6-13 356792] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-15 22344] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120619.009\NAVENG.SYS [2012-6-19 87928] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120619.009\NAVEX15.SYS [2012-6-19 1589752] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-20 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 257696] S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2001-9-9 17976] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-20 136176] . =============== Created Last 30 ================ . 2012-06-20 02:04:25 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9ca2fbe-8354-4478-8ce9-773ed43f048f}\mpengine.dll 2012-06-18 18:53:05 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-06-18 06:36:37 -------- d-----w- c:\program files\Trend Micro 2012-06-18 02:16:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-18 02:16:08 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-06-18 01:36:25 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2012-06-17 17:37:25 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys 2012-06-17 17:37:25 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys 2012-06-17 17:37:25 388216 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdi.sys 2012-06-17 17:37:25 345208 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys 2012-06-17 17:37:25 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys 2012-06-17 17:37:25 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys 2012-06-17 17:37:25 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys 2012-06-17 17:37:25 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys 2012-06-17 17:37:25 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys 2012-06-17 17:37:07 4782 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symvtcer.dat 2012-06-17 17:37:06 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005 2012-06-17 03:34:13 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-06-17 03:34:13 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-06-17 03:34:13 -------- d-----w- c:\program files\Symantec 2012-06-17 03:34:13 -------- d-----w- c:\program files\common files\Symantec Shared 2012-06-17 03:33:49 -------- d-----w- c:\windows\system32\drivers\NIS 2012-06-17 03:33:47 -------- d-----w- c:\program files\Norton Internet Security 2012-06-17 03:33:27 -------- d-----w- c:\program files\NortonInstaller 2012-06-17 03:33:27 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller 2012-06-17 02:53:36 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage 2012-06-17 02:21:46 -------- d-----w- c:\program files\Advanced Fix 2012 2012-06-17 00:41:00 -------- d-----w- c:\documents and settings\user\local settings\application data\ID Vault 2012-06-17 00:40:13 -------- d-----w- c:\documents and settings\user\application data\ID Vault 2012-06-16 23:25:17 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun 2012-06-16 23:09:10 -------- d-----w- c:\program files\Oracle 2012-06-16 23:09:04 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-16 23:09:04 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-16 23:09:04 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-16 22:09:26 -------- d-----w- c:\documents and settings\user\local settings\application data\PCHealth 2012-06-16 18:20:37 -------- d-----w- c:\program files\Constant Guard Protection Suite 2012-06-16 18:20:16 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc 2012-06-16 18:08:15 -------- d-----w- c:\windows\system32\appmgmt 2012-06-16 07:25:36 -------- d-----w- c:\documents and settings\user\local settings\application data\NPE 2012-06-16 07:25:36 -------- d-----w- c:\documents and settings\all users\application data\Norton 2012-06-16 06:55:23 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-06-16 06:55:23 -------- d-----w- c:\windows\system32\wbem\Repository 2012-06-14 05:43:23 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 09:05:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 09:05:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 23:31:31.60 =============== I guess pasting the link before posting would help. http://forums.malwarebytes.org/index.php?showtopic=111347 attach.txt dds.txt
  8. Thanks for all of the information! I knew it was still infected. What in that code proves it, or is it more than one thing? I guess I'll start a new post in the other forum you suggested.
  9. I called Comcast and had them assign me a new IP#. The 'popup' doesn't show up anymore, but I'm sure it's still on the system, even though there are no signs of it. Here is the info. you requested. Thanks for your reply! attach.txt dds.txt
  10. A couple days ago, I started getting this annoying "popup" in my IE browser. It looks more like an image than a popup and there is no way to close it. It will go away on its own sometimes, but will return. It shows up in Firefox and Chrome too. Firefox would block it like it was a popup at first, but doesn't anymore. It doesn't appear until I open a browser. I have a good knowledge of computers, but this one is putting me to the test. I have Norton Internet Security and MalwareBytes Anti-Malware. I talked to Comcast and it's not from them. The number goes to "MarketLink" and I got a recording to call back M-F from 8-5. I've tried Norton (and Power Eraser), Eset, BitDefender, Malwarebytes, MS Security Essentials, HiJackThis, SpyBot Search & Destroy, Kaspersky, and SuperAntiSpyware in regular & safe modes. Nothing catches it. If I run Safe Mode w/ Networking and open a browser, it will still show up. One interesting detail is that if I switch to a proxy server in my browser, the "popup" goes away immediately and doesn't return. Obviously, I can't run through a proxy all the time, so I need my normal IP to work normally again. I'll try to post a screenshot of the "popup". The image was taken at Comcast.net, but it stays with me no matter what site I go to. I'm running XP, service pack 3.