JHirschmann
Posts: 11 +0
I am not well versed in virus removal, so please bear with me. I have a trojan which seems to be attacked svchost.exe. I have run Malwarebytes multiple times and am told that the two (2) trojans will be deleted on reboot. However, an immediate scan upon Windows rebooting still shows the trojans present. I have already run all the programs listed in the preliminary removal instructions and the logs are below. Please note that running GMER did not provide a log. Also, if it makes a difference, this is my work computer and is on the network that my employer provides.
Malwarebytes log
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.21.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jhirschmann :: 6000PRO-02 [administrator]
9/21/2012 1:42:23 PM
mbam-log-2012-09-21 (13-42-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249321
Time elapsed: 5 minute(s), 11 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2720 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by jhirschmann at 14:25:13 on 2012-09-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3991.2849 [GMT -4:00]
.
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\DWRCS.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\TSSchBkpService.exe
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\DWRCST.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.exe
StartupFolder: C:\Users\hglymour\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSTemp.bat
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.25.3 192.168.25.5
TCP: Interfaces\{BC54F5DE-F31E-4C04-9C1B-C0D3C1E6CE22} : DhcpNameServer = 192.168.25.3 192.168.25.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hglymour\AppData\Roaming\Mozilla\Firefox\Profiles\q026kose.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.webcrawler.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DRVECDB;DRVECDB;C:\Windows\system32\Drivers\DRVECDB.SYS --> C:\Windows\system32\Drivers\DRVECDB.SYS [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys [?]
R1 DLACDBHE;DLACDBHE;C:\Windows\system32\Drivers\DLACDBHE.SYS --> C:\Windows\system32\Drivers\DLACDBHE.SYS [?]
R1 DLARTL_E;DLARTL_E;C:\Windows\system32\Drivers\DLARTL_E.SYS --> C:\Windows\system32\Drivers\DLARTL_E.SYS [?]
R1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;C:\Windows\system32\DRIVERS\dwvkbd64.sys --> C:\Windows\system32\DRIVERS\dwvkbd64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120920.002\IDSviA64.sys [2012-9-20 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 DLABMFSE;DLABMFSE;C:\Windows\system32\DLA\DLABMFSE.SYS --> C:\Windows\system32\DLA\DLABMFSE.SYS [?]
R2 DLABOIOE;DLABOIOE;C:\Windows\system32\DLA\DLABOIOE.SYS --> C:\Windows\system32\DLA\DLABOIOE.SYS [?]
R2 DLADResE;DLADResE;C:\Windows\system32\DLA\DLADResE.SYS --> C:\Windows\system32\DLA\DLADResE.SYS [?]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\system32\DLA\DLAIFS_E.SYS --> C:\Windows\system32\DLA\DLAIFS_E.SYS [?]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\system32\DLA\DLAOPIOE.SYS --> C:\Windows\system32\DLA\DLAOPIOE.SYS [?]
R2 DLAPoolE;DLAPoolE;C:\Windows\system32\DLA\DLAPoolE.SYS --> C:\Windows\system32\DLA\DLAPoolE.SYS [?]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\system32\DLA\DLAUDF_E.SYS --> C:\Windows\system32\DLA\DLAUDF_E.SYS [?]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\system32\DLA\DLAUDFAE.SYS --> C:\Windows\system32\DLA\DLAUDFAE.SYS [?]
R2 DRVEDDM;DRVEDDM;C:\Windows\system32\Drivers\DRVEDDM.SYS --> C:\Windows\system32\Drivers\DRVEDDM.SYS [?]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe [2012-8-29 138272]
R2 TSScheduleBackup;TimeslipsBackup;C:\Windows\SysWOW64\TSSchBkpService.exe [2010-7-22 705024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-7-16 2066968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-31 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250288]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-21 17:50:09 20480 ----a-w- C:\Windows\svchost.exe
2012-09-21 17:49:25 -------- d-----w- C:\tstemp
2012-09-14 12:39:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-14 12:39:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-12 13:27:53 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 13:27:52 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 13:27:51 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 13:27:50 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 13:27:49 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 13:27:49 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 13:27:49 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-09 14:08:26 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-08-29 17:31:44 737952 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\srtsp64.sys
2012-08-29 17:31:44 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1308000.00E\symds64.sys
2012-08-29 17:31:44 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\symnets.sys
2012-08-29 17:31:44 37536 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\srtspx64.sys
2012-08-29 17:31:44 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\ironx64.sys
2012-08-29 17:31:44 167072 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\ccsetx64.sys
2012-08-29 17:31:44 1129120 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\symefa64.sys
2012-08-29 17:31:41 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1308000.00E
2012-08-29 17:25:12 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-08-29 17:25:12 -------- d-----w- C:\Program Files\Symantec
2012-08-29 17:25:12 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-08-29 17:24:42 -------- d-----w- C:\Windows\System32\drivers\NAVx64
2012-08-29 17:24:41 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
2012-08-29 15:56:46 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-29 15:56:46 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-29 15:56:44 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-29 15:56:43 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-29 15:56:43 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-29 15:56:43 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-29 15:56:42 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-29 15:56:42 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-29 15:56:42 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-29 15:56:42 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-29 15:56:42 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-27 15:12:34 -------- d-----w- C:\Windows\Offline Address Books
2012-08-23 19:00:10 -------- d-----w- C:\Users\hglymour\AppData\Roaming\Malwarebytes
2012-08-23 19:00:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-23 18:58:18 -------- d-----w- C:\Users\hglymour\AppData\Roaming\Ad-Aware Antivirus
.
==================== Find3M ====================
.
2012-09-21 14:53:25 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 14:53:25 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:25:58.45 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2010 1:48:17 PM
System Uptime: 9/21/2012 1:48:41 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3048h
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | XU1 PROCESSOR | 3166/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 176.49 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.697 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&60DD4BF&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&60DD4BF&0
Service: i8042prt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82567LM-3 Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_10DE&SUBSYS_3048103C&REV_02\3&21436425&0&C8
Manufacturer: Intel
Name: Intel(R) 82567LM-3 Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_10DE&SUBSYS_3048103C&REV_02\3&21436425&0&C8
Service: e1kexpress
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&60DD4BF&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&60DD4BF&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP137: 8/22/2012 11:26:34 AM - Scheduled Checkpoint
RP138: 8/29/2012 10:02:36 AM - ComboFix created restore point
RP139: 8/29/2012 11:35:08 AM - Restore Operation
RP140: 8/29/2012 12:51:27 PM - Windows Update
RP141: 9/6/2012 12:00:04 AM - Scheduled Checkpoint
RP142: 9/13/2012 3:00:20 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
HP Customer Experience Enhancements
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 31
LightScribe System Software
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Sage Timeslips 2011 Local Install
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Sonic Activation Module
Timeslips by Sage 2009
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
.
==== Event Viewer Messages From Past Week ========
.
9/21/2012 1:51:17 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.
9/21/2012 1:46:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
9/14/2012 9:03:55 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.25.111. The computer with the IP address 192.168.25.112 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
Any help you can provide will be great appreciated.
Thank you for your time.
Joe
Malwarebytes log
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.21.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jhirschmann :: 6000PRO-02 [administrator]
9/21/2012 1:42:23 PM
mbam-log-2012-09-21 (13-42-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249321
Time elapsed: 5 minute(s), 11 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2720 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by jhirschmann at 14:25:13 on 2012-09-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3991.2849 [GMT -4:00]
.
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\DWRCS.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\TSSchBkpService.exe
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\DWRCST.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.exe
StartupFolder: C:\Users\hglymour\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSTemp.bat
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.25.3 192.168.25.5
TCP: Interfaces\{BC54F5DE-F31E-4C04-9C1B-C0D3C1E6CE22} : DhcpNameServer = 192.168.25.3 192.168.25.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hglymour\AppData\Roaming\Mozilla\Firefox\Profiles\q026kose.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.webcrawler.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DRVECDB;DRVECDB;C:\Windows\system32\Drivers\DRVECDB.SYS --> C:\Windows\system32\Drivers\DRVECDB.SYS [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys [?]
R1 DLACDBHE;DLACDBHE;C:\Windows\system32\Drivers\DLACDBHE.SYS --> C:\Windows\system32\Drivers\DLACDBHE.SYS [?]
R1 DLARTL_E;DLARTL_E;C:\Windows\system32\Drivers\DLARTL_E.SYS --> C:\Windows\system32\Drivers\DLARTL_E.SYS [?]
R1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;C:\Windows\system32\DRIVERS\dwvkbd64.sys --> C:\Windows\system32\DRIVERS\dwvkbd64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120920.002\IDSviA64.sys [2012-9-20 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 DLABMFSE;DLABMFSE;C:\Windows\system32\DLA\DLABMFSE.SYS --> C:\Windows\system32\DLA\DLABMFSE.SYS [?]
R2 DLABOIOE;DLABOIOE;C:\Windows\system32\DLA\DLABOIOE.SYS --> C:\Windows\system32\DLA\DLABOIOE.SYS [?]
R2 DLADResE;DLADResE;C:\Windows\system32\DLA\DLADResE.SYS --> C:\Windows\system32\DLA\DLADResE.SYS [?]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\system32\DLA\DLAIFS_E.SYS --> C:\Windows\system32\DLA\DLAIFS_E.SYS [?]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\system32\DLA\DLAOPIOE.SYS --> C:\Windows\system32\DLA\DLAOPIOE.SYS [?]
R2 DLAPoolE;DLAPoolE;C:\Windows\system32\DLA\DLAPoolE.SYS --> C:\Windows\system32\DLA\DLAPoolE.SYS [?]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\system32\DLA\DLAUDF_E.SYS --> C:\Windows\system32\DLA\DLAUDF_E.SYS [?]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\system32\DLA\DLAUDFAE.SYS --> C:\Windows\system32\DLA\DLAUDFAE.SYS [?]
R2 DRVEDDM;DRVEDDM;C:\Windows\system32\Drivers\DRVEDDM.SYS --> C:\Windows\system32\Drivers\DRVEDDM.SYS [?]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe [2012-8-29 138272]
R2 TSScheduleBackup;TimeslipsBackup;C:\Windows\SysWOW64\TSSchBkpService.exe [2010-7-22 705024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-7-16 2066968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-31 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250288]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-21 17:50:09 20480 ----a-w- C:\Windows\svchost.exe
2012-09-21 17:49:25 -------- d-----w- C:\tstemp
2012-09-14 12:39:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-14 12:39:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-12 13:27:53 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 13:27:52 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 13:27:51 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 13:27:50 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 13:27:49 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 13:27:49 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 13:27:49 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-09 14:08:26 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-08-29 17:31:44 737952 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\srtsp64.sys
2012-08-29 17:31:44 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1308000.00E\symds64.sys
2012-08-29 17:31:44 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\symnets.sys
2012-08-29 17:31:44 37536 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\srtspx64.sys
2012-08-29 17:31:44 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\ironx64.sys
2012-08-29 17:31:44 167072 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\ccsetx64.sys
2012-08-29 17:31:44 1129120 ----a-w- C:\Windows\System32\drivers\NAVx64\1308000.00E\symefa64.sys
2012-08-29 17:31:41 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1308000.00E
2012-08-29 17:25:12 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-08-29 17:25:12 -------- d-----w- C:\Program Files\Symantec
2012-08-29 17:25:12 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-08-29 17:24:42 -------- d-----w- C:\Windows\System32\drivers\NAVx64
2012-08-29 17:24:41 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
2012-08-29 15:56:46 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-29 15:56:46 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-29 15:56:44 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-29 15:56:43 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-29 15:56:43 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-29 15:56:43 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-29 15:56:42 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-29 15:56:42 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-29 15:56:42 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-29 15:56:42 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-29 15:56:42 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-27 15:12:34 -------- d-----w- C:\Windows\Offline Address Books
2012-08-23 19:00:10 -------- d-----w- C:\Users\hglymour\AppData\Roaming\Malwarebytes
2012-08-23 19:00:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-23 18:58:18 -------- d-----w- C:\Users\hglymour\AppData\Roaming\Ad-Aware Antivirus
.
==================== Find3M ====================
.
2012-09-21 14:53:25 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 14:53:25 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:25:58.45 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2010 1:48:17 PM
System Uptime: 9/21/2012 1:48:41 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3048h
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | XU1 PROCESSOR | 3166/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 176.49 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.697 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&60DD4BF&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&60DD4BF&0
Service: i8042prt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82567LM-3 Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_10DE&SUBSYS_3048103C&REV_02\3&21436425&0&C8
Manufacturer: Intel
Name: Intel(R) 82567LM-3 Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_10DE&SUBSYS_3048103C&REV_02\3&21436425&0&C8
Service: e1kexpress
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&60DD4BF&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&60DD4BF&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP137: 8/22/2012 11:26:34 AM - Scheduled Checkpoint
RP138: 8/29/2012 10:02:36 AM - ComboFix created restore point
RP139: 8/29/2012 11:35:08 AM - Restore Operation
RP140: 8/29/2012 12:51:27 PM - Windows Update
RP141: 9/6/2012 12:00:04 AM - Scheduled Checkpoint
RP142: 9/13/2012 3:00:20 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
HP Customer Experience Enhancements
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 31
LightScribe System Software
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Sage Timeslips 2011 Local Install
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Sonic Activation Module
Timeslips by Sage 2009
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
.
==== Event Viewer Messages From Past Week ========
.
9/21/2012 1:51:17 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.
9/21/2012 1:46:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
9/14/2012 9:03:55 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.25.111. The computer with the IP address 192.168.25.112 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
Any help you can provide will be great appreciated.
Thank you for your time.
Joe