Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spam emails being sent using my email address.


  • Please log in to reply
5 replies to this topic

#1 edruss1960

edruss1960

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 19 July 2016 - 10:24 AM

People have been telling me they are getting spam emails from my email address. I am not sending these. In the list of addresses in these emails most of the addresses are some I have in my address book. I use Microsoft Outlook but none of these emails show up in my Sent folder. I have run several different scans and nothing shows up. I have included my FRST and Addition logs.

Thanks

Ed Varner

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2016
Ran by Edward Varner (administrator) on N4EDI (19-07-2016 10:58:09)
Running from C:\Documents and Settings\Edward Varner\Desktop
Loaded Profiles: Edward Varner (Available Profiles: Edward Varner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Thinking Man Software) C:\Program Files\D4\D4.exe
(Executive Software International, Inc.) C:\Program Files\Executive Software\Diskeeper\DkService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(SEIKO EPSON CORPORATION) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\WINDOWS\system32\PSIService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Thinking Man Software) C:\Program Files\D4\D4.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)
HKLM\...\Run: [PCMService] => "C:\Program Files\Dell\Media Experience\PCMService.exe"
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-11-01] ()
HKLM\...\Run: [DVDLauncher] => C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [49152 2005-12-09] (CyberLink Corp.)
HKLM\...\Run: [LifeCamSetup] => "D:\setupstb.exe"
HKLM\...\Run: [EPSON Stylus Photo R1800] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE [177664 2007-01-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-03-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267048 2008-03-30] (Apple Inc.)
HKLM\...\Run: [MediaFace Integration] => C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [53248 2002-12-17] (Fellowes, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Nikon Transfer Monitor] => C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\...\Run: [Dimension4] => C:\Program Files\D4\D4.exe [318464 2013-01-26] (Thinking Man Software)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [896984 2016-07-08] (Webroot)
HKU\S-1-5-21-1177238915-651377827-725345543-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1177238915-651377827-725345543-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [139264 2006-10-09] (Nero AG)
HKU\S-1-5-21-1177238915-651377827-725345543-1003\...\Run: [ISUSPM] => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\S-1-5-21-1177238915-651377827-725345543-1003\...\Run: [HP ENVY 7640 series (NET)] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [2424840 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1177238915-651377827-725345543-1003\...\MountPoints2: {34350498-7dea-11e2-a32b-001372086f9f} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-1177238915-651377827-725345543-1003\...\MountPoints2: {7008b485-411d-11e1-a2e2-001372086f9f} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1177238915-651377827-725345543-1003\...\MountPoints2: {9711403a-d928-11e3-a35d-001372086f9f} - F:\EasySuite.exe
HKU\S-1-5-21-1177238915-651377827-725345543-1003\...\MountPoints2: {ebffc748-4311-11dd-a22c-001372086f9f} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1177238915-651377827-725345543-1003\...\MountPoints2: {ebffc75f-4311-11dd-a22c-001372086f9f} - F:\LaunchU3.exe -a
IFEO\Your Image File Name Here without a path: [Debugger]
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2015-11-01]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2007-07-24] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D6A8DAF3-8A92-440B-B2D6-9CCB1040E103}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1177238915-651377827-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1177238915-651377827-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1177238915-651377827-725345543-1003 -> Comcast URL = hxxp://search.comcast.net/?cat=web&con=net&q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30] (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15] (Safer Networking Limited)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-10-18] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-10-06] (Google Inc.)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2016-02-20] (Webroot)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1177238915-651377827-725345543-1003 -> No Name - {A057A204-BACC-4D26-8398-26FADCF27386} -  No File
Toolbar: HKU\S-1-5-21-1177238915-651377827-725345543-1003 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
DPF: {01113300-3E00-11D2-8470-0060089874ED} hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Edward Varner\Application Data\Mozilla\Firefox\Profiles\d41ub5m0.default
FF Homepage: hxxp://www.msn.com/
hxxp://www.qrz.com/index.html
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2008-03-30] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-05-30] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-06] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-08-30] (Adobe Systems Inc.)
FF Extension: Vista-aero - C:\Documents and Settings\Edward Varner\Application Data\Mozilla\Firefox\Profiles\d41ub5m0.default\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2010-06-17] [not signed]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Edward Varner\Application Data\Mozilla\Firefox\Profiles\d41ub5m0.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-17] [not signed]
FF Extension: Malware Search - C:\Documents and Settings\Edward Varner\Application Data\Mozilla\Firefox\Profiles\d41ub5m0.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-07-15]
FF Extension: N0HR Propfire - C:\Documents and Settings\Edward Varner\Application Data\Mozilla\Firefox\Profiles\d41ub5m0.default\Extensions\{8E722C16-301F-43d7-A17D-3882AC67FAA5}.xpi [2016-07-15]
FF Extension: Tab Mix Plus - C:\Documents and Settings\Edward Varner\Application Data\Mozilla\Firefox\Profiles\d41ub5m0.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-03-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-06] [not signed]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\Documents and Settings\All Users\Application Data\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\Documents and Settings\All Users\Application Data\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2016-07-13]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2008-05-01] (Adobe Systems) [File not signed]
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-02-18] (Apple, Inc.) [File not signed]
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
R2 Dimension4; C:\Program Files\D4\D4.exe [318464 2013-01-26] (Thinking Man Software) [File not signed]
R2 Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [426098 2003-08-22] (Executive Software International, Inc.) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-10-03] (Sun Microsystems, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) [File not signed]
R2 PDHelper.exe; C:\Program Files\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe [1539470 2007-08-29] () [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [896984 2016-07-08] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [124504 2013-03-18] (SlySoft, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 cvspydr2; C:\WINDOWS\System32\DRIVERS\cvspydr2.sys [33024 2002-04-02] (Colorvision Inc)
R2 DLPortIO; C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS [3584 2009-01-19] () [File not signed]
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [62216 2012-09-19] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2013-01-09] (Logix4u) [File not signed]
R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2010-12-21] (Highresolution Enterprises [www.highrez.co.uk])
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 QSerBus; C:\WINDOWS\System32\DRIVERS\qserbus.sys [48976 2009-12-22] (Quatech, Incorporated)
R3 QTSerial; C:\WINDOWS\System32\DRIVERS\qtserial.sys [97488 2009-12-22] (Quatech, Incorporated)
S3 silabenm; C:\WINDOWS\System32\DRIVERS\silabenm.sys [47176 2013-03-06] (Silicon Laboratories)
S3 silabser; C:\WINDOWS\System32\DRIVERS\silabser.sys [63104 2013-03-06] (Silicon Laboratories)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 SSKBFD; C:\WINDOWS\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com))
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180864 2005-06-14] (SigmaTel, Inc.)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [119288 2016-07-08] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [25600 2016-07-13] (Webroot) [File not signed]
S3 bvrp_pci; no ImagePath
S4 IntelIde; no ImagePath
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-18 20:55 - 2016-07-18 20:57 - 00054377 _____ C:\Documents and Settings\Edward Varner\Desktop\Addition.txt
2016-07-18 20:53 - 2016-07-19 10:58 - 00022356 _____ C:\Documents and Settings\Edward Varner\Desktop\FRST.txt
2016-07-18 20:53 - 2016-07-19 10:58 - 00000000 ____D C:\FRST
2016-07-18 20:52 - 2016-07-18 20:49 - 01741824 _____ (Farbar) C:\Documents and Settings\Edward Varner\Desktop\FRST.exe
2016-07-18 20:50 - 2016-07-18 20:51 - 16409960 _____ (Safer Networking Limited ) C:\Documents and Settings\Edward Varner\Desktop\setup-spybotsd162.exe
2016-07-15 17:03 - 2016-07-15 17:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\F-Secure
2016-07-15 17:03 - 2016-07-15 17:03 - 00000000 ____D C:\Documents and Settings\Edward Varner\Local Settings\Application Data\F-Secure
2016-07-15 17:03 - 2016-07-15 17:03 - 00000000 ____D C:\Documents and Settings\Edward Varner\Local Settings\Application Data\FSDART
2016-07-15 14:47 - 2016-07-15 17:00 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-15 14:46 - 2016-07-15 14:46 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-15 14:46 - 2016-07-15 14:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-15 14:46 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-19 10:58 - 2008-04-30 17:21 - 00000000 ____D C:\Documents and Settings\Edward Varner\Local Settings\Temp
2016-07-19 10:19 - 2012-03-31 22:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-19 10:16 - 2009-12-26 02:43 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-19 10:10 - 2015-01-27 17:48 - 00000450 _____ C:\WINDOWS\Tasks\At1.job
2016-07-18 21:06 - 2008-04-30 22:14 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-07-18 20:54 - 2015-02-01 12:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2016-07-18 20:53 - 2008-04-30 22:14 - 00000933 _____ C:\Documents and Settings\Edward Varner\Desktop\Spybot - Search & Destroy.lnk
2016-07-18 20:53 - 2008-04-30 22:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2016-07-18 20:50 - 2008-04-30 20:33 - 00000000 ____D C:\Download
2016-07-18 20:40 - 2015-01-27 17:48 - 00000450 _____ C:\WINDOWS\Tasks\At2.job
2016-07-18 20:16 - 2009-12-26 02:43 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-18 16:48 - 2015-01-27 17:48 - 00000450 _____ C:\WINDOWS\Tasks\At3.job
2016-07-18 14:00 - 2015-01-27 17:48 - 00000450 _____ C:\WINDOWS\Tasks\At4.job
2016-07-18 13:51 - 2009-03-24 19:09 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2016-07-18 09:19 - 2008-04-30 17:20 - 00032478 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-15 18:05 - 2009-09-12 12:36 - 00001804 _____ C:\WINDOWS\ModemLog_Standard Modem.txt
2016-07-15 18:05 - 2008-04-30 21:36 - 00004072 _____ C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2016-07-15 16:59 - 2016-01-27 18:50 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2016-07-15 16:59 - 2014-04-10 19:35 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-07-15 16:59 - 2008-04-30 17:42 - 00007275 _____ C:\WINDOWS\system32\nvapps.xml
2016-07-15 16:59 - 2008-04-30 17:12 - 00000000 ____D C:\WINDOWS\Registration
2016-07-15 16:58 - 2015-02-01 12:46 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\Webroot SecureAnywhere.lnk
2016-07-15 16:58 - 2008-04-30 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-15 16:57 - 2008-04-30 17:21 - 00000278 ___SH C:\Documents and Settings\Edward Varner\ntuser.ini
2016-07-15 14:46 - 2012-04-18 12:35 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-15 14:46 - 2009-07-06 15:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2016-07-15 14:46 - 2009-07-06 15:10 - 00000000 ____D C:\Documents and Settings\Edward Varner\Application Data\Malwarebytes
2016-07-15 14:46 - 2009-07-06 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-07-15 01:19 - 2012-03-31 22:45 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-15 01:19 - 2011-05-24 09:03 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-13 18:14 - 2015-03-05 14:52 - 00025600 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2016-07-13 03:20 - 2008-04-30 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-07-13 03:18 - 2013-08-15 03:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 03:04 - 2008-05-01 06:41 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-12 22:19 - 2008-04-30 17:14 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-08 18:13 - 2015-02-01 12:46 - 00181176 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2016-07-08 18:08 - 2015-02-01 12:46 - 00119288 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2016-07-08 18:07 - 2004-08-10 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

==================== Files in the root of some directories =======

2008-05-04 21:14 - 2008-05-04 21:14 - 0002528 _____ () C:\Documents and Settings\Edward Varner\Application Data\$_hpcst$.hpc
2011-08-15 18:47 - 2012-01-17 17:51 - 0000288 _____ () C:\Documents and Settings\Edward Varner\Application Data\.backup.dm
2008-04-30 22:23 - 2008-04-30 22:23 - 0000040 ___SH () C:\Documents and Settings\Edward Varner\Application Data\.zreglib
2010-12-27 09:44 - 2010-12-27 09:44 - 0000268 ___RH () C:\Documents and Settings\Edward Varner\Application Data\Overdrive
2008-09-24 17:08 - 2016-04-27 17:33 - 0000298 _____ () C:\Documents and Settings\Edward Varner\Application Data\PD+Rescue v2 Prefs
2008-09-24 17:05 - 2008-09-24 17:05 - 0000043 ____H () C:\Documents and Settings\Edward Varner\Application Data\PD+Rescue_OwnerName
2008-09-24 17:03 - 2008-09-24 17:03 - 0000011 ____H () C:\Documents and Settings\Edward Varner\Application Data\PD+Rescue_Time
2010-12-27 09:45 - 2010-12-27 09:45 - 0000268 ___RH () C:\Documents and Settings\Edward Varner\Application Data\PPD Plugins
2008-04-30 20:36 - 2008-06-28 12:08 - 0005632 _____ () C:\Documents and Settings\Edward Varner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-04-30 17:24 - 2008-04-30 17:24 - 0000136 _____ () C:\Documents and Settings\Edward Varner\Local Settings\Application Data\fusioncache.dat
2008-05-01 20:26 - 2008-05-01 20:26 - 0000048 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
2015-01-27 17:48 - 2015-01-27 17:48 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2008-04-30 19:46 - 2015-01-27 17:38 - 0012083 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2008-07-19 16:40 - 2008-07-19 16:47 - 0000000 _____ () C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
2010-12-27 09:44 - 2010-12-27 09:44 - 0000268 ___RH () C:\Documents and Settings\All Users\Application Data\Pedal Hard
2010-12-27 09:45 - 2010-12-27 09:45 - 0000268 ___RH () C:\Documents and Settings\All Users\Application Data\Percussion Kit
2010-12-27 09:44 - 2010-12-27 09:44 - 0000012 ___RH () C:\Documents and Settings\All Users\Application Data\Piano Hard
2010-12-27 09:45 - 2010-12-27 09:45 - 0000012 ___RH () C:\Documents and Settings\All Users\Application Data\Pipe Organ
2010-12-27 09:44 - 2011-08-01 18:35 - 0000020 ____H () C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2010-12-27 09:45 - 2011-08-01 18:43 - 0000020 ____H () C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT

Files to move or delete:
====================
C:\Documents and Settings\Edward Varner\KVASD.DAT
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:48 AM

Posted 22 July 2016 - 11:47 AM

hi,

 

Dont see a whole lot to worry about in the logs. Usually only on this site once or twice per day so you may not get a reply back from me until the following day.

 

Why dont you get a copy of Malwarebytes and root kit and run that and we will move on from there:

 

Download Malwarebytes Anti-Rootkit to your desktop.  BETA

http://www.malwarebytes.org/antirootkit/

    Double-click the icon to start the tool.
    It will ask you where to extract it, then it will start.
    Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    Click in the introduction screen "next" to continue.
    Click in the following screen "Update" to obtain the latest malware definitions.
    Once the update is complete select "Next" and click "Scan".
    When the scan is finished and no malware has been found select "Exit".
    If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    Open the MBAR folder and paste the content of the following files in your next reply:

    "mbar-log-{date} (xx-xx-xx).txt"
    "system-log.txt"


How Can I Reduce My Risk to Malware?


#3 edruss1960

edruss1960
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 22 July 2016 - 02:06 PM

Here are the results of the scan. I think I found the problem though. Someone hacked my Comcast email account and it appears they were sending junk from the Comcast online email. I have changed the password and deleted all the sent emails from them and so far no more problems.

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.07.22.10
  rootkit: v2016.05.27.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Edward Varner :: N4EDI [administrator]

7/22/2016 2:04:17 PM
mbar-log-2016-07-22 (14-04-17).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 286938
Time elapsed: 26 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_29

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1071738880, free: 598392832

Downloaded database version: v2016.07.22.10
Downloaded database version: v2016.05.27.01
Downloaded database version: v2016.07.18.02
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     07/22/2016 14:03:40
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
iaStor.sys
atapi.sys
cercsr6.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
WRkrn.sys
\WINDOWS\System32\drivers\NDIS.SYS
\WINDOWS\System32\drivers\TDI.SYS
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\qserbus.sys
\SystemRoot\system32\DRIVERS\QTWDMLIB.sys
\SystemRoot\system32\DRIVERS\IntelC53.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\IntelC51.sys
\SystemRoot\system32\DRIVERS\IntelC52.sys
\SystemRoot\system32\DRIVERS\mohfilt.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\qtserial.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\hwinterface.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iastor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\inpout32.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2016.07.22.10
  rootkit: v2016.05.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87187ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff867b72e0, DeviceName: Unknown, DriverName: \Driver\WRkrn\
DevicePointer: 0xffffffff87154e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87187ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff871ca030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C6358FD7

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 976751937
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 



#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:48 AM

Posted 22 July 2016 - 03:21 PM

ok good. You can keep MBAM anti-rootkit if you want. It has to be updated manually and a scan started manually, dosnt run in the background like AV. Make sure to use complex passwords.

Alot of passwords are easily guessed. Treat your e-mail address like personal info. Be-careful where you use it and who you share it with.


How Can I Reduce My Risk to Malware?


#5 edruss1960

edruss1960
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 22 July 2016 - 03:33 PM

Ok. Thanks for your help.

 

Ed



#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:48 AM

Posted 22 July 2016 - 04:19 PM

Hey your welcome. Happy safe surfing.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users