Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan.Zeroaccess.b [Solved]

Started by jec280 , Jul 05 2012 07:50 PM

This topic is locked

#1
jec280

Posted 05 July 2012 - 07:50 PM

Member

Member
11 posts

Hi, Norton recently scanned my computer and told me that my computer was infected with a trojan.zeroaccess.b and that manual removal was required. I'm not sure how I got the virus as I only accessed familiar sites that day, but after I was alerted, I tried Norotn's removal suggestions using the zeroremoval tool, which turned up nothing in its scan, and Norton Power Eraser, which also found nothing when it scanned. I also tried scanning with Mcafee, and Malwarebytes, but neither of those found it either. At one point in time, Norton's auto-detect said it removed the file, but within the time it took to scan my computer again, the trojan was back. I've attempted to boot my computer in safe mood multiple times and unless I'm just really bad at hitting f8, I can't get into the Windows Advanced Options Menu. At one point I got so fed up with the useless scans I tried locating the file and manually deleting the 8000000.@ file, which I not realize was a terrible idea because I only found out after how stubborn this trojan is. (The file finding attempt was before auto-detect said deleted the trojan.) I've also looked at a few of the removal guides posted here, but as each one is system specific, here I am posting another topic.

Thanks in advance to any geeks who take a look at this.

OTL logfile created on: 7/5/2012 6:28:57 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Janna\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 74.42% Memory free
5.34 Gb Paging File | 4.53 Gb Available in Paging File | 84.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 29.81 Gb Free Space | 23.29% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Janna | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/05 18:27:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janna\Desktop\OTL.exe
PRC - [2012/06/23 17:27:43 | 000,079,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realonemessagecenter.exe
PRC - [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Janna\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/03/27 05:40:55 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2012/03/26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/12/16 17:51:24 | 000,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2001/05/06 12:14:22 | 000,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 15:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/09/03 15:55:38 | 004,478,680 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2001/05/06 12:14:24 | 000,765,952 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll
MOD - [2001/05/06 12:14:22 | 000,086,093 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll
MOD - [2001/05/06 12:14:22 | 000,053,326 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll
MOD - [2001/05/06 12:14:22 | 000,053,319 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll
MOD - [2001/05/06 12:14:22 | 000,032,841 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll
MOD - [2001/05/06 12:14:22 | 000,028,753 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll
MOD - [2001/05/06 12:14:22 | 000,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/06/14 15:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Unknown] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/29 16:05:56 | 003,417,376 | ---- | M] () [Auto | Unknown] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/11 10:58:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/13 15:07:39 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2011/06/13 02:26:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Unknown] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Unknown] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Unknown] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/13 17:12:09 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
SRV - [2002/08/01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Unknown] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump)
DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Unknown] -- -- (Changer)
DRV - [2012/06/18 17:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 11:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120704.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/05/30 19:41:59 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/30 19:41:59 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 17:12:46 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120704.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 17:12:46 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120704.017\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/21 19:53:36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symtdi.sys -- (SYMTDI)
DRV - [2011/08/21 19:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Unknown] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/03 21:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\cchpx86.sys -- (ccHP)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Unknown] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/09 19:02:55 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symds.sys -- (SymDS)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/09 17:53:23 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/04/13 17:12:09 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
DRV - [2007/08/07 02:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/18 04:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 59 68 E6 64 55 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1:9421,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/08/11 03:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012/07/05 12:02:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/23 17:29:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/04 23:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/05 11:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janna\Application Data\Mozilla\Extensions
[2012/07/04 23:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 15:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\google\chrome\application\11.0.696.60\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\google\chrome\application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\google\chrome\application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\google\chrome\application\11.0.696.60\gears.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Janna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Janna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\Janna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Janna\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [MsgCenterExe] C:\Program Files\Real\RealPlayer\update\RealOneMessageCenter.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1249179004462 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E565B8A-5468-4E35-8983-7044587A4C38}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Janna\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janna\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 00:08:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\Shell\AutoRun\command - "" = E:\ice\fire\moco.exe
O33 - MountPoints2\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\Shell\Explore\Command - "" = E:\ice\fire\moco.exe
O33 - MountPoints2\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\Shell\open\command - "" = E:\ice\fire\moco.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 18:27:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janna\Desktop\OTL.exe
[2012/07/05 18:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janna\My Documents\Downloads
[2012/07/05 11:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janna\Local Settings\Application Data\Mozilla
[2012/07/05 11:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janna\Application Data\Mozilla
[2012/07/04 23:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/07/04 23:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/04 23:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/07/04 21:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janna\Application Data\RealNetworks
[2012/07/04 19:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janna\Application Data\Malwarebytes
[2012/07/04 19:08:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/04 19:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/04 19:07:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mbam-setup-1.61.0.1400.exe
[2012/07/04 19:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/04 16:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janna\Local Settings\Application Data\NPE
[2012/06/23 17:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/06/23 17:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/06/23 17:28:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Janna\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Janna\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/05 18:27:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janna\Desktop\OTL.exe
[2012/07/05 18:26:18 | 000,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/07/05 18:26:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/05 18:26:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-412668190-725345543-1006.job
[2012/07/05 18:26:03 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/05 18:26:03 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-412668190-725345543-1004.job
[2012/07/05 18:26:03 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-412668190-725345543-1007.job
[2012/07/05 18:26:03 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-412668190-725345543-1005.job
[2012/07/05 18:26:03 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-412668190-725345543-1003.job
[2012/07/05 17:49:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/05 17:43:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-412668190-725345543-1007UA.job
[2012/07/05 17:40:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/05 12:01:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/04 23:43:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-412668190-725345543-1007Core.job
[2012/07/04 23:05:57 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/04 19:07:44 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mbam-setup-1.61.0.1400.exe
[2012/07/04 18:51:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/07/04 16:14:35 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-412668190-725345543-1006.job
[2012/07/04 15:40:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-412668190-725345543-1004.job
[2012/07/02 23:39:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-412668190-725345543-1007.job
[2012/07/02 19:01:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-412668190-725345543-1005.job
[2012/06/29 10:28:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-412668190-725345543-1003.job
[2012/06/23 17:29:38 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/06/23 17:28:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/06/13 06:02:57 | 002,212,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 03:10:33 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 03:10:33 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 03:05:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Janna\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Janna\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 09:38:19 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Janna\Local Settings\Application Data\{933e692d-f0d4-e591-f21a-707d47693b81}\U\80000000.@
[2012/07/04 23:05:56 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/04 23:05:54 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/23 17:29:38 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/06/11 23:38:34 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-412668190-725345543-1007UA.job
[2012/06/11 23:38:34 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-412668190-725345543-1007Core.job
[2012/02/14 14:07:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/29 19:20:00 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2011/05/18 13:39:16 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Janna\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/10 14:31:14 | 000,018,146 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2010/12/18 22:37:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/31 19:29:57 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Janna\Local Settings\Application Data\d3d9caps.dat
[2001/08/23 05:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Janna\Local Settings\Application Data\{933e692d-f0d4-e591-f21a-707d47693b81}\@

========== LOP Check ==========

[2009/08/19 21:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/06 20:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/11/26 15:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2012/03/21 02:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/06/09 11:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/03/22 16:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========

< End of report >

#2
maliprog

Posted 05 July 2012 - 11:17 PM

Trusted Helper

Malware Removal
6,172 posts

Hello jec280 and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1:9421,localhost,127.0.0.1"
O33 - MountPoints2\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\Shell\AutoRun\command - "" = E:\ice\fire\moco.exe
O33 - MountPoints2\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\Shell\Explore\Command - "" = E:\ice\fire\moco.exe
O33 - MountPoints2\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\Shell\open\command - "" = E:\ice\fire\moco.exe

:Files
ipconfig /flushdns /c
C:\Documents and Settings\Janna\Local Settings\Application Data\{933e692d-f0d4-e591-f21a-707d47693b81}

:Commands
[purity]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

OTL fix log
Combofix log

It would be helpful if you could post each log in separate post using "Add Reply" button

#3
jec280

Posted 06 July 2012 - 12:29 AM

Member

Topic Starter
Member
11 posts

Thanks for such a speedy reply maliprog =)(And for the warm welcome to your office)

I'd just like to ask for a quick clarification before I start trying to kill this sucker. I can only tell my computer has a virus due to the Norton scan that tells me it's still infected, especially since most of the popups where Norton tells me it has blocked something have stopped since I switched from IE to Firefox (Norton said the source of the trojan was from IE, so I figured it would be prudent to stop using it, at least for awhile), so when reporting how my computer is running now, should I use a Norton scan to see if it can still find the trojan and report that? I'd like to be sure before I do anything, since I don't want to scan something without you telling me to and subsequently messing something up.

#4
maliprog

Posted 06 July 2012 - 01:30 AM

Trusted Helper

Malware Removal
6,172 posts

In that case don't run Norton scan now. Run only my scans from instructions. I will tell you when to run Norton again to make sure infection is gone.

#5
jec280

Posted 06 July 2012 - 05:19 AM

Member

Topic Starter
Member
11 posts

Okay!

Here's the OTL log

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "127.0.0.1:9421,localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\ not found.
File E:\ice\fire\moco.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\ not found.
File E:\ice\fire\moco.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac2c161c-110f-11df-a4e9-001d7d9c9ebe}\ not found.
File E:\ice\fire\moco.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Janna\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Janna\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\Janna\Local Settings\Application Data\{933e692d-f0d4-e591-f21a-707d47693b81}\U folder moved successfully.
C:\Documents and Settings\Janna\Local Settings\Application Data\{933e692d-f0d4-e591-f21a-707d47693b81}\L folder moved successfully.
C:\Documents and Settings\Janna\Local Settings\Application Data\{933e692d-f0d4-e591-f21a-707d47693b81} folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.53.1 log created on 07062012_041357

#6
jec280

Posted 06 July 2012 - 06:11 AM

Member

Topic Starter
Member
11 posts

And here's the Conbofix log

ComboFix 12-07-06.01 - Mom 07/06/2012 4:56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2835 [GMT -7:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\JB\Application Data\inst.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 11:13 . 2012-07-06 11:13 -------- dc----w- C:\_OTL
2012-07-05 06:16 . 2012-07-05 06:16 -------- d-----w- c:\documents and settings\Mom\Application Data\FixZeroAccess
2012-07-05 06:07 . 2012-07-05 06:07 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Mozilla
2012-07-05 06:05 . 2012-07-05 06:05 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-05 02:08 . 2012-07-05 02:08 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes
2012-07-05 02:08 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-05 02:08 . 2012-07-05 02:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-05 02:00 . 2012-07-05 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-04 23:11 . 2012-07-05 01:51 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\NPE
2012-06-24 00:29 . 2012-06-24 00:29 -------- d-----w- c:\program files\Common Files\xing shared
2012-06-13 03:45 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-11 04:54 . 2012-06-11 04:58 3993600 ----a-w- c:\program files\GUT2.tmp
2012-06-11 04:54 . 2012-06-11 04:54 -------- d-----w- c:\program files\GUM1.tmp
2012-06-11 04:54 . 2012-06-12 06:38 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 00:27 . 2011-05-02 07:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-24 00:27 . 2011-05-02 07:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-02 22:19 . 2009-08-02 02:10 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-08-02 02:10 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2009-08-02 02:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-08-02 02:10 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2008-10-16 21:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2009-08-02 02:10 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-02 02:10 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2009-08-02 02:10 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2009-07-31 07:05 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2001-08-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-02 02:10 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2009-08-02 02:10 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2009-07-31 07:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2009-12-07 09:22 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2009-12-07 09:22 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2009-12-07 09:22 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2001-08-23 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2001-08-23 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 17:58 . 2012-04-12 04:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-11 17:58 . 2011-06-15 06:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-11 14:42 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2001-08-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-07-31 07:05 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 22:20 . 2012-07-05 06:05 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-17 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-04-01 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-09-13 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-24 296056]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0404000.00C\symds.sys [10/31/2011 3:11 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0404000.00C\symefa.sys [10/31/2011 3:11 PM 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 5:01 PM 821920]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0404000.00C\cchpx86.sys [10/31/2011 3:11 PM 485512]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0404000.00C\ironx86.sys [10/31/2011 3:11 PM 116784]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 5:00 AM 14336]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [10/31/2011 3:11 PM 126400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/5/2012 1:47 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120705.001\IDSXpx86.sys [7/5/2012 6:43 PM 369632]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/28/2009 1:45 PM 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 5:40 PM 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 9:48 PM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 5:40 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/4/2012 11:05 PM 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:58]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 00:40]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 00:40]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-412668190-725345543-1007Core.job
- c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-12 06:38]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-412668190-725345543-1007UA.job
- c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-12 06:38]
.
2012-07-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-412668190-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-07-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-412668190-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-07-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-412668190-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-07-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-412668190-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-07-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-412668190-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-06-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-412668190-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-07-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-412668190-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-412668190-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-07-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-412668190-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-412668190-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\t8m05fvo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ISUSPM - c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 05:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ISUSPM = "c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????I??????C??????x?+}???????????}0????????????](}0???????????P??????? ??|0??????|????????j??|0???0???????[??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-07-06 05:02:31
ComboFix-quarantined-files.txt 2012-07-06 12:02
.
Pre-Run: 31,801,966,592 bytes free
Post-Run: 32,133,242,880 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - CA3EF136FCF7EA3608040601E39AAD95

#7
maliprog

Posted 06 July 2012 - 06:31 AM

Trusted Helper

Malware Removal
6,172 posts

Good. Let's continue.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside:
- Verify Driver Digital Signature
- Detect TDLFS file system
then click OK.
Click the Start Scan button to start the scan.
If a suspicious object is detected, the default action will be Skip
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected for malicious objects
Click Continue then Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply

Step 3

Please don't forget to include these items in your reply:

TDSSKiller log
aswMBR log

It would be helpful if you could post each log in separate post using "Add Reply" button

#8
jec280

Posted 06 July 2012 - 06:48 AM

Member

Topic Starter
Member
11 posts

Should I be expecting a malicious object? My scan only turned up suspicious objects.

#9
maliprog

Posted 06 July 2012 - 06:52 AM

Trusted Helper

Malware Removal
6,172 posts

If a suspicious object is detected, the default action will be Skip. If there are no malicious object then it's better for us.

#10
jec280

Posted 06 July 2012 - 06:57 AM

Member

Topic Starter
Member
11 posts

Okay then

I clicked continue and skipped all of the suspicious objects, but there was no Reboot now option for me to click. Should I restart my computer manually?

#11
maliprog

Posted 06 July 2012 - 06:58 AM

Trusted Helper

Malware Removal
6,172 posts

You don't have to restart it if there is no Reboot now button to click. Post log here for me.

#12
jec280

Posted 06 July 2012 - 07:03 AM

Member

Topic Starter
Member
11 posts

Got it.

05:42:27.0890 2532 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
05:42:28.0343 2532 ============================================================
05:42:28.0343 2532 Current date / time: 2012/07/06 05:42:28.0343
05:42:28.0343 2532 SystemInfo:
05:42:28.0343 2532
05:42:28.0343 2532 OS Version: 5.1.2600 ServicePack: 3.0
05:42:28.0343 2532 Product type: Workstation
05:42:28.0343 2532 ComputerName: FAMILY
05:42:28.0343 2532 UserName: Mom
05:42:28.0343 2532 Windows directory: C:\WINDOWS
05:42:28.0343 2532 System windows directory: C:\WINDOWS
05:42:28.0343 2532 Processor architecture: Intel x86
05:42:28.0343 2532 Number of processors: 2
05:42:28.0343 2532 Page size: 0x1000
05:42:28.0343 2532 Boot type: Normal boot
05:42:28.0343 2532 ============================================================
05:42:30.0093 2532 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
05:42:30.0093 2532 ============================================================
05:42:30.0093 2532 \Device\Harddisk0\DR0:
05:42:30.0093 2532 MBR partitions:
05:42:30.0093 2532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
05:42:30.0093 2532 ============================================================
05:42:30.0109 2532 C: <-> \Device\Harddisk0\DR0\Partition0
05:42:30.0109 2532 ============================================================
05:42:30.0109 2532 Initialize success
05:42:30.0109 2532 ============================================================
05:42:57.0390 1304 ============================================================
05:42:57.0390 1304 Scan started
05:42:57.0390 1304 Mode: Manual; SigCheck; TDLFS;
05:42:57.0390 1304 ============================================================
05:42:57.0843 1304 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
05:42:58.0093 1304 61883 - ok
05:42:58.0093 1304 Abiosdsk - ok
05:42:58.0093 1304 abp480n5 - ok
05:42:58.0125 1304 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:42:58.0218 1304 ACPI - ok
05:42:58.0234 1304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
05:42:58.0312 1304 ACPIEC - ok
05:42:58.0343 1304 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
05:42:58.0343 1304 adfs - ok
05:42:58.0453 1304 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
05:42:58.0468 1304 Adobe Version Cue CS4 - ok
05:42:58.0515 1304 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
05:42:58.0531 1304 AdobeFlashPlayerUpdateSvc - ok
05:42:58.0531 1304 adpu160m - ok
05:42:58.0578 1304 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:42:58.0671 1304 aec - ok
05:42:58.0703 1304 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:42:58.0734 1304 AFD - ok
05:42:58.0750 1304 Aha154x - ok
05:42:58.0750 1304 aic78u2 - ok
05:42:58.0750 1304 aic78xx - ok
05:42:58.0937 1304 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll
05:42:58.0937 1304 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
05:42:58.0953 1304 Akamai ( HiddenFile.Multi.Generic ) - warning
05:42:58.0953 1304 Akamai - detected HiddenFile.Multi.Generic (1)
05:42:59.0015 1304 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
05:42:59.0109 1304 Alerter - ok
05:42:59.0125 1304 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
05:42:59.0218 1304 ALG - ok
05:42:59.0218 1304 AliIde - ok
05:42:59.0218 1304 amsint - ok
05:42:59.0281 1304 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
05:42:59.0281 1304 Apple Mobile Device - ok
05:42:59.0312 1304 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
05:42:59.0406 1304 AppMgmt - ok
05:42:59.0437 1304 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:42:59.0515 1304 Arp1394 - ok
05:42:59.0515 1304 asc - ok
05:42:59.0515 1304 asc3350p - ok
05:42:59.0531 1304 asc3550 - ok
05:42:59.0578 1304 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
05:42:59.0593 1304 aspnet_state - ok
05:42:59.0593 1304 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:42:59.0671 1304 AsyncMac - ok
05:42:59.0687 1304 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:42:59.0765 1304 atapi - ok
05:42:59.0765 1304 Atdisk - ok
05:42:59.0796 1304 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:42:59.0875 1304 Atmarpc - ok
05:42:59.0906 1304 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
05:43:00.0000 1304 AudioSrv - ok
05:43:00.0015 1304 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:43:00.0093 1304 audstub - ok
05:43:00.0109 1304 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
05:43:00.0187 1304 Avc - ok
05:43:00.0218 1304 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:43:00.0281 1304 Beep - ok
05:43:00.0375 1304 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
05:43:00.0421 1304 BHDrvx86 - ok
05:43:00.0453 1304 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
05:43:00.0531 1304 BITS - ok
05:43:00.0578 1304 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
05:43:00.0593 1304 Bonjour Service - ok
05:43:00.0625 1304 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
05:43:00.0703 1304 Browser - ok
05:43:00.0750 1304 catchme - ok
05:43:00.0781 1304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:43:00.0859 1304 cbidf2k - ok
05:43:00.0875 1304 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:43:00.0953 1304 CCDECODE - ok
05:43:01.0015 1304 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\WINDOWS\system32\drivers\N360\0404000.00C\ccHPx86.sys
05:43:01.0031 1304 ccHP - ok
05:43:01.0031 1304 cd20xrnt - ok
05:43:01.0109 1304 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:43:01.0171 1304 Cdaudio - ok
05:43:01.0203 1304 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:43:01.0265 1304 Cdfs - ok
05:43:01.0281 1304 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:43:01.0359 1304 Cdrom - ok
05:43:01.0359 1304 Changer - ok
05:43:01.0375 1304 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
05:43:01.0468 1304 cisvc - ok
05:43:01.0484 1304 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
05:43:01.0546 1304 ClipSrv - ok
05:43:01.0593 1304 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:43:01.0609 1304 clr_optimization_v2.0.50727_32 - ok
05:43:01.0609 1304 CmdIde - ok
05:43:01.0609 1304 COMSysApp - ok
05:43:01.0625 1304 Cpqarray - ok
05:43:01.0640 1304 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
05:43:01.0703 1304 CryptSvc - ok
05:43:01.0703 1304 dac2w2k - ok
05:43:01.0718 1304 dac960nt - ok
05:43:01.0765 1304 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
05:43:01.0796 1304 DcomLaunch - ok
05:43:01.0812 1304 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
05:43:01.0890 1304 Dhcp - ok
05:43:01.0906 1304 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:43:01.0984 1304 Disk - ok
05:43:01.0984 1304 dmadmin - ok
05:43:02.0015 1304 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:43:02.0109 1304 dmboot - ok
05:43:02.0125 1304 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:43:02.0203 1304 dmio - ok
05:43:02.0203 1304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:43:02.0281 1304 dmload - ok
05:43:02.0296 1304 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
05:43:02.0375 1304 dmserver - ok
05:43:02.0390 1304 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:43:02.0453 1304 DMusic - ok
05:43:02.0500 1304 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
05:43:02.0515 1304 Dnscache - ok
05:43:02.0531 1304 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
05:43:02.0609 1304 Dot3svc - ok
05:43:02.0640 1304 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
05:43:02.0718 1304 Dot4 - ok
05:43:02.0718 1304 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
05:43:02.0796 1304 Dot4Print - ok
05:43:02.0796 1304 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
05:43:02.0875 1304 dot4usb - ok
05:43:02.0875 1304 dpti2o - ok
05:43:02.0890 1304 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:43:02.0968 1304 drmkaud - ok
05:43:02.0984 1304 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
05:43:03.0062 1304 EapHost - ok
05:43:03.0140 1304 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
05:43:03.0156 1304 eeCtrl - ok
05:43:03.0171 1304 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
05:43:03.0187 1304 EraserUtilRebootDrv - ok
05:43:03.0187 1304 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
05:43:03.0265 1304 ERSvc - ok
05:43:03.0296 1304 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:43:03.0296 1304 Eventlog - ok
05:43:03.0328 1304 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
05:43:03.0328 1304 EventSystem - ok
05:43:03.0359 1304 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:43:03.0421 1304 Fastfat - ok
05:43:03.0453 1304 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:43:03.0468 1304 FastUserSwitchingCompatibility - ok
05:43:03.0484 1304 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
05:43:03.0546 1304 Fdc - ok
05:43:03.0562 1304 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:43:03.0625 1304 Fips - ok
05:43:03.0671 1304 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
05:43:03.0703 1304 FLEXnet Licensing Service - ok
05:43:03.0734 1304 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:43:03.0796 1304 Flpydisk - ok
05:43:03.0812 1304 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:43:03.0890 1304 FltMgr - ok
05:43:03.0953 1304 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
05:43:03.0953 1304 FontCache3.0.0.0 - ok
05:43:03.0968 1304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:43:04.0046 1304 Fs_Rec - ok
05:43:04.0078 1304 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:43:04.0156 1304 Ftdisk - ok
05:43:04.0171 1304 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
05:43:04.0187 1304 gdrv - ok
05:43:04.0203 1304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
05:43:04.0218 1304 GEARAspiWDM - ok
05:43:04.0218 1304 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:43:04.0296 1304 Gpc - ok
05:43:04.0343 1304 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
05:43:04.0343 1304 gupdate - ok
05:43:04.0343 1304 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
05:43:04.0359 1304 gupdatem - ok
05:43:04.0406 1304 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:43:04.0421 1304 gusvc - ok
05:43:04.0421 1304 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:43:04.0500 1304 HDAudBus - ok
05:43:04.0546 1304 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:43:04.0625 1304 helpsvc - ok
05:43:04.0640 1304 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
05:43:04.0703 1304 HidServ - ok
05:43:04.0703 1304 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:43:04.0781 1304 hidusb - ok
05:43:04.0796 1304 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
05:43:04.0859 1304 hkmsvc - ok
05:43:04.0875 1304 hpn - ok
05:43:04.0875 1304 hpt3xx - ok
05:43:04.0906 1304 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:43:04.0921 1304 HTTP - ok
05:43:04.0937 1304 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
05:43:05.0218 1304 HTTPFilter - ok
05:43:05.0218 1304 i2omgmt - ok
05:43:05.0218 1304 i2omp - ok
05:43:05.0234 1304 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:43:05.0312 1304 i8042prt - ok
05:43:05.0359 1304 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:43:05.0390 1304 idsvc - ok
05:43:05.0546 1304 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120705.001\IDSxpx86.sys
05:43:05.0562 1304 IDSxpx86 - ok
05:43:05.0609 1304 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
05:43:05.0687 1304 Imapi - ok
05:43:05.0718 1304 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
05:43:05.0796 1304 ImapiService - ok
05:43:05.0796 1304 ini910u - ok
05:43:05.0968 1304 IntcAzAudAddService (c4006af18682fca0d8a011a0a21070f8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
05:43:06.0109 1304 IntcAzAudAddService - ok
05:43:06.0156 1304 IntelIde - ok
05:43:06.0171 1304 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:43:06.0234 1304 intelppm - ok
05:43:06.0265 1304 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:43:06.0328 1304 ip6fw - ok
05:43:06.0343 1304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:43:06.0421 1304 IpFilterDriver - ok
05:43:06.0437 1304 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:43:06.0500 1304 IpInIp - ok
05:43:06.0515 1304 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:43:06.0593 1304 IpNat - ok
05:43:06.0656 1304 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
05:43:06.0687 1304 iPod Service - ok
05:43:06.0687 1304 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:43:06.0765 1304 IPSec - ok
05:43:06.0765 1304 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:43:06.0843 1304 IRENUM - ok
05:43:06.0875 1304 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:43:06.0953 1304 isapnp - ok
05:43:07.0000 1304 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
05:43:07.0015 1304 JavaQuickStarterService - ok
05:43:07.0031 1304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:43:07.0093 1304 Kbdclass - ok
05:43:07.0109 1304 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:43:07.0171 1304 kbdhid - ok
05:43:07.0218 1304 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:43:07.0281 1304 kmixer - ok
05:43:07.0312 1304 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:43:07.0343 1304 KSecDD - ok
05:43:07.0359 1304 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
05:43:07.0390 1304 lanmanserver - ok
05:43:07.0421 1304 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
05:43:07.0453 1304 lanmanworkstation - ok
05:43:07.0453 1304 lbrtfdc - ok
05:43:07.0484 1304 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
05:43:07.0546 1304 LmHosts - ok
05:43:07.0625 1304 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
05:43:07.0640 1304 McComponentHostService - ok
05:43:07.0656 1304 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
05:43:07.0734 1304 Messenger - ok
05:43:07.0765 1304 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
05:43:07.0765 1304 mfehidk - ok
05:43:07.0796 1304 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
05:43:07.0796 1304 mferkdk - ok
05:43:07.0828 1304 Microsoft SharePoint Workspace Audit Service - ok
05:43:07.0843 1304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:43:07.0921 1304 mnmdd - ok
05:43:07.0937 1304 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
05:43:08.0015 1304 mnmsrvc - ok
05:43:08.0031 1304 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:43:08.0109 1304 Modem - ok
05:43:08.0109 1304 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:43:08.0171 1304 Mouclass - ok
05:43:08.0187 1304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:43:08.0265 1304 mouhid - ok
05:43:08.0281 1304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:43:08.0343 1304 MountMgr - ok
05:43:08.0375 1304 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
05:43:08.0390 1304 MozillaMaintenance - ok
05:43:08.0390 1304 mraid35x - ok
05:43:08.0406 1304 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:43:08.0484 1304 MRxDAV - ok
05:43:08.0578 1304 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:43:08.0625 1304 MRxSmb - ok
05:43:08.0625 1304 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
05:43:08.0718 1304 MSDTC - ok
05:43:08.0750 1304 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
05:43:08.0812 1304 MSDV - ok
05:43:08.0812 1304 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:43:08.0890 1304 Msfs - ok
05:43:08.0890 1304 MSIServer - ok
05:43:08.0906 1304 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:43:08.0968 1304 MSKSSRV - ok
05:43:08.0984 1304 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:43:09.0046 1304 MSPCLOCK - ok
05:43:09.0062 1304 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:43:09.0125 1304 MSPQM - ok
05:43:09.0140 1304 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:43:09.0203 1304 mssmbios - ok
05:43:09.0218 1304 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
05:43:09.0296 1304 MSTEE - ok
05:43:09.0328 1304 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:43:09.0359 1304 Mup - ok
05:43:09.0421 1304 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
05:43:09.0421 1304 N360 - ok
05:43:09.0453 1304 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:43:09.0515 1304 NABTSFEC - ok
05:43:09.0546 1304 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
05:43:09.0625 1304 napagent - ok
05:43:09.0781 1304 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120705.018\NAVENG.SYS
05:43:09.0796 1304 NAVENG - ok
05:43:09.0843 1304 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120705.018\NAVEX15.SYS
05:43:09.0890 1304 NAVEX15 - ok
05:43:09.0984 1304 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:43:10.0046 1304 NDIS - ok
05:43:10.0062 1304 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:43:10.0140 1304 NdisIP - ok
05:43:10.0171 1304 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:43:10.0203 1304 NdisTapi - ok
05:43:10.0218 1304 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:43:10.0296 1304 Ndisuio - ok
05:43:10.0312 1304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:43:10.0375 1304 NdisWan - ok
05:43:10.0390 1304 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:43:10.0406 1304 NDProxy - ok
05:43:10.0406 1304 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:43:10.0484 1304 NetBIOS - ok
05:43:10.0500 1304 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:43:10.0578 1304 NetBT - ok
05:43:10.0593 1304 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
05:43:10.0656 1304 NetDDE - ok
05:43:10.0671 1304 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
05:43:10.0734 1304 NetDDEdsdm - ok
05:43:10.0750 1304 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:43:10.0828 1304 Netlogon - ok
05:43:10.0828 1304 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
05:43:10.0921 1304 Netman - ok
05:43:10.0984 1304 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:43:11.0000 1304 NetTcpPortSharing - ok
05:43:11.0015 1304 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:43:11.0093 1304 NIC1394 - ok
05:43:11.0140 1304 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
05:43:11.0140 1304 Nla - ok
05:43:11.0187 1304 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
05:43:11.0187 1304 NMSAccessU - ok
05:43:11.0203 1304 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:43:11.0265 1304 Npfs - ok
05:43:11.0296 1304 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:43:11.0375 1304 Ntfs - ok
05:43:11.0390 1304 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
05:43:11.0453 1304 NtLmSsp - ok
05:43:11.0484 1304 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
05:43:11.0562 1304 NtmsSvc - ok
05:43:11.0578 1304 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
05:43:11.0593 1304 NuidFltr - ok
05:43:11.0625 1304 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:43:11.0703 1304 Null - ok
05:43:11.0937 1304 nv (f85e109844787668ce8aab54ef14362a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:43:12.0140 1304 nv - ok
05:43:12.0218 1304 nvsvc (cc9275db74ad57ac0c3ee823f9922298) C:\WINDOWS\system32\nvsvc32.exe
05:43:12.0234 1304 nvsvc ( UnsignedFile.Multi.Generic ) - warning
05:43:12.0234 1304 nvsvc - detected UnsignedFile.Multi.Generic (1)
05:43:12.0250 1304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:43:12.0328 1304 NwlnkFlt - ok
05:43:12.0343 1304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:43:12.0406 1304 NwlnkFwd - ok
05:43:12.0421 1304 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:43:12.0484 1304 ohci1394 - ok
05:43:12.0515 1304 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:43:12.0531 1304 ose - ok
05:43:12.0703 1304 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
05:43:12.0828 1304 osppsvc - ok
05:43:12.0906 1304 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
05:43:12.0984 1304 Parport - ok
05:43:12.0984 1304 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:43:13.0046 1304 PartMgr - ok
05:43:13.0078 1304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:43:13.0156 1304 ParVdm - ok
05:43:13.0171 1304 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:43:13.0250 1304 PCI - ok
05:43:13.0250 1304 PCIDump - ok
05:43:13.0250 1304 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
05:43:13.0328 1304 PCIIde - ok
05:43:13.0343 1304 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:43:13.0421 1304 Pcmcia - ok
05:43:13.0421 1304 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
05:43:13.0437 1304 pcouffin ( UnsignedFile.Multi.Generic ) - warning
05:43:13.0437 1304 pcouffin - detected UnsignedFile.Multi.Generic (1)
05:43:13.0437 1304 PDCOMP - ok
05:43:13.0437 1304 PDFRAME - ok
05:43:13.0453 1304 PDRELI - ok
05:43:13.0453 1304 PDRFRAME - ok
05:43:13.0453 1304 perc2 - ok
05:43:13.0453 1304 perc2hib - ok
05:43:13.0468 1304 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:43:13.0484 1304 PlugPlay - ok
05:43:13.0500 1304 Pml Driver HPZ12 (364e30f27be1e6ded83e81c4de93e808) C:\WINDOWS\system32\HPZipm12.exe
05:43:13.0531 1304 Pml Driver HPZ12 - ok
05:43:13.0546 1304 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:43:13.0609 1304 PolicyAgent - ok
05:43:13.0625 1304 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:43:13.0859 1304 PptpMiniport - ok
05:43:13.0875 1304 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
05:43:13.0953 1304 Processor - ok
05:43:13.0953 1304 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:43:14.0015 1304 ProtectedStorage - ok
05:43:14.0031 1304 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:43:14.0109 1304 PSched - ok
05:43:14.0109 1304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:43:14.0187 1304 Ptilink - ok
05:43:14.0218 1304 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys
05:43:14.0218 1304 PxHelp20 - ok
05:43:14.0218 1304 ql1080 - ok
05:43:14.0218 1304 Ql10wnt - ok
05:43:14.0234 1304 ql12160 - ok
05:43:14.0234 1304 ql1240 - ok
05:43:14.0234 1304 ql1280 - ok
05:43:14.0265 1304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:43:14.0343 1304 RasAcd - ok
05:43:14.0359 1304 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
05:43:14.0437 1304 RasAuto - ok
05:43:14.0437 1304 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:43:14.0515 1304 Rasl2tp - ok
05:43:14.0531 1304 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
05:43:14.0609 1304 RasMan - ok
05:43:14.0609 1304 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:43:14.0687 1304 RasPppoe - ok
05:43:14.0687 1304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:43:14.0765 1304 Raspti - ok
05:43:14.0781 1304 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:43:14.0859 1304 Rdbss - ok
05:43:14.0875 1304 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:43:14.0953 1304 RDPCDD - ok
05:43:14.0968 1304 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:43:15.0062 1304 rdpdr - ok
05:43:15.0093 1304 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
05:43:15.0109 1304 RDPWD - ok
05:43:15.0125 1304 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
05:43:15.0187 1304 RDSessMgr - ok
05:43:15.0218 1304 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:43:15.0281 1304 redbook - ok
05:43:15.0296 1304 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
05:43:15.0375 1304 RemoteAccess - ok
05:43:15.0390 1304 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
05:43:15.0453 1304 RemoteRegistry - ok
05:43:15.0468 1304 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
05:43:15.0546 1304 RpcLocator - ok
05:43:15.0578 1304 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
05:43:15.0593 1304 RpcSs - ok
05:43:15.0656 1304 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
05:43:15.0734 1304 RSVP - ok
05:43:15.0750 1304 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
05:43:15.0765 1304 RTLE8023xp - ok
05:43:15.0781 1304 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:43:15.0843 1304 SamSs - ok
05:43:15.0875 1304 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
05:43:15.0953 1304 SCardSvr - ok
05:43:15.0968 1304 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
05:43:16.0046 1304 Schedule - ok
05:43:16.0046 1304 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:43:16.0125 1304 Secdrv - ok
05:43:16.0140 1304 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
05:43:16.0203 1304 seclogon - ok
05:43:16.0218 1304 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
05:43:16.0281 1304 SENS - ok
05:43:16.0296 1304 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
05:43:16.0359 1304 serenum - ok
05:43:16.0375 1304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
05:43:16.0437 1304 Serial - ok
05:43:16.0453 1304 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
05:43:16.0531 1304 Sfloppy - ok
05:43:16.0562 1304 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
05:43:16.0625 1304 SharedAccess - ok
05:43:16.0656 1304 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:43:16.0671 1304 ShellHWDetection - ok
05:43:16.0671 1304 Simbad - ok
05:43:16.0703 1304 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:43:16.0765 1304 SLIP - ok
05:43:16.0765 1304 Sparrow - ok
05:43:16.0796 1304 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:43:16.0890 1304 splitter - ok
05:43:16.0921 1304 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
05:43:16.0921 1304 Spooler - ok
05:43:16.0968 1304 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:43:17.0031 1304 sr - ok
05:43:17.0046 1304 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
05:43:17.0125 1304 srservice - ok
05:43:17.0171 1304 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0404000.00C\SRTSP.SYS
05:43:17.0187 1304 SRTSP - ok
05:43:17.0187 1304 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0404000.00C\SRTSPX.SYS
05:43:17.0203 1304 SRTSPX - ok
05:43:17.0250 1304 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:43:17.0265 1304 Srv - ok
05:43:17.0296 1304 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
05:43:17.0359 1304 SSDPSRV - ok
05:43:17.0375 1304 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
05:43:17.0453 1304 stisvc - ok
05:43:17.0468 1304 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:43:17.0531 1304 streamip - ok
05:43:17.0562 1304 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:43:17.0640 1304 swenum - ok
05:43:17.0671 1304 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:43:17.0734 1304 swmidi - ok
05:43:17.0734 1304 SwPrv - ok
05:43:17.0734 1304 symc810 - ok
05:43:17.0750 1304 symc8xx - ok
05:43:17.0765 1304 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMDS.SYS
05:43:17.0781 1304 SymDS - ok
05:43:17.0843 1304 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMEFA.SYS
05:43:17.0859 1304 SymEFA - ok
05:43:17.0937 1304 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
05:43:17.0937 1304 SymEvent - ok
05:43:17.0953 1304 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0404000.00C\Ironx86.SYS
05:43:17.0953 1304 SymIRON - ok
05:43:18.0000 1304 SYMTDI (be6de8fbf2df9f13a90b8b6e943871b7) C:\WINDOWS\System32\Drivers\N360\0404000.00C\SYMTDI.SYS
05:43:18.0015 1304 SYMTDI - ok
05:43:18.0015 1304 sym_hi - ok
05:43:18.0015 1304 sym_u3 - ok
05:43:18.0062 1304 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:43:18.0125 1304 sysaudio - ok
05:43:18.0140 1304 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
05:43:18.0234 1304 SysmonLog - ok
05:43:18.0250 1304 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
05:43:18.0328 1304 TapiSrv - ok
05:43:18.0359 1304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:43:18.0375 1304 Tcpip - ok
05:43:18.0406 1304 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:43:18.0468 1304 TDPIPE - ok
05:43:18.0484 1304 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:43:18.0562 1304 TDTCP - ok
05:43:18.0578 1304 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:43:18.0640 1304 TermDD - ok
05:43:18.0671 1304 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
05:43:18.0750 1304 TermService - ok
05:43:18.0765 1304 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:43:18.0781 1304 Themes - ok
05:43:18.0796 1304 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
05:43:18.0875 1304 TlntSvr - ok
05:43:18.0875 1304 TosIde - ok
05:43:18.0890 1304 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
05:43:18.0968 1304 TrkWks - ok
05:43:18.0984 1304 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:43:19.0046 1304 Udfs - ok
05:43:19.0046 1304 ultra - ok
05:43:19.0078 1304 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:43:19.0156 1304 Update - ok
05:43:19.0187 1304 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
05:43:19.0265 1304 upnphost - ok
05:43:19.0281 1304 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
05:43:19.0343 1304 UPS - ok
05:43:19.0390 1304 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
05:43:19.0406 1304 USBAAPL - ok
05:43:19.0421 1304 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:43:19.0500 1304 usbccgp - ok
05:43:19.0515 1304 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:43:19.0609 1304 usbehci - ok
05:43:19.0625 1304 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:43:19.0687 1304 usbhub - ok
05:43:19.0718 1304 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:43:19.0796 1304 usbprint - ok
05:43:19.0812 1304 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:43:19.0906 1304 usbscan - ok
05:43:19.0921 1304 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:43:19.0984 1304 USBSTOR - ok
05:43:20.0015 1304 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:43:20.0078 1304 usbuhci - ok
05:43:20.0093 1304 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:43:20.0171 1304 VgaSave - ok
05:43:20.0171 1304 ViaIde - ok
05:43:20.0203 1304 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:43:20.0265 1304 VolSnap - ok
05:43:20.0296 1304 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
05:43:20.0359 1304 VSS - ok
05:43:20.0390 1304 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
05:43:20.0468 1304 W32Time - ok
05:43:20.0484 1304 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:43:20.0562 1304 Wanarp - ok
05:43:20.0593 1304 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
05:43:20.0625 1304 Wdf01000 - ok
05:43:20.0625 1304 WDICA - ok
05:43:20.0640 1304 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:43:20.0718 1304 wdmaud - ok
05:43:20.0734 1304 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
05:43:20.0812 1304 WebClient - ok
05:43:20.0875 1304 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
05:43:20.0953 1304 winmgmt - ok
05:43:20.0968 1304 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
05:43:21.0031 1304 WmdmPmSN - ok
05:43:21.0078 1304 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
05:43:21.0109 1304 Wmi - ok
05:43:21.0140 1304 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
05:43:21.0218 1304 WmiApSrv - ok
05:43:21.0234 1304 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
05:43:21.0328 1304 WS2IFSL - ok
05:43:21.0343 1304 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
05:43:21.0421 1304 wscsvc - ok
05:43:21.0453 1304 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:43:21.0515 1304 WSTCODEC - ok
05:43:21.0531 1304 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
05:43:21.0609 1304 wuauserv - ok
05:43:21.0765 1304 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
05:43:21.0859 1304 WZCSVC - ok
05:43:21.0890 1304 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
05:43:21.0968 1304 xmlprov - ok
05:43:21.0984 1304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
05:43:22.0328 1304 \Device\Harddisk0\DR0 - ok
05:43:22.0328 1304 Boot (0x1200) (a329148475c67af7759dad42197b5da9) \Device\Harddisk0\DR0\Partition0
05:43:22.0328 1304 \Device\Harddisk0\DR0\Partition0 - ok
05:43:22.0328 1304 ============================================================
05:43:22.0328 1304 Scan finished
05:43:22.0328 1304 ============================================================
05:43:22.0437 1900 Detected object count: 3
05:43:22.0437 1900 Actual detected object count: 3
05:53:54.0812 1900 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
05:53:54.0812 1900 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
05:53:54.0812 1900 nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user
05:53:54.0812 1900 nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:53:54.0812 1900 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
05:53:54.0812 1900 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:01:25.0781 2596 Deinitialize success

#13
jec280

Posted 06 July 2012 - 07:33 AM

Member

Topic Starter
Member
11 posts

And the aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 06:06:34
-----------------------------
06:06:34.250 OS Version: Windows 5.1.2600 Service Pack 3
06:06:34.250 Number of processors: 2 586 0xF0B
06:06:34.250 ComputerName: FAMILY UserName: Mom
06:06:35.515 Initialize success
06:10:50.671 AVAST engine defs: 12070600
06:11:40.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
06:11:40.234 Disk 0 Vendor: ST3500820AS SD04 Size: 476938MB BusType: 3
06:11:40.234 Disk 0 MBR read successfully
06:11:40.234 Disk 0 MBR scan
06:11:40.265 Disk 0 Windows XP default MBR code
06:11:40.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
06:11:40.265 Disk 0 scanning sectors +268414020
06:11:40.296 Disk 0 scanning C:\WINDOWS\system32\drivers
06:11:48.093 Service scanning
06:12:00.546 Modules scanning
06:12:03.593 Disk 0 trace - called modules:
06:12:03.593 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
06:12:03.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af36ab8]
06:12:03.609 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8af389e8]
06:12:03.609 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-16[0x8af83d98]
06:12:04.234 AVAST engine scan C:\WINDOWS
06:12:12.718 AVAST engine scan C:\WINDOWS\system32
06:13:51.281 AVAST engine scan C:\WINDOWS\system32\drivers
06:14:02.875 AVAST engine scan C:\Documents and Settings\Mom
06:16:17.187 AVAST engine scan C:\Documents and Settings\All Users
06:25:57.203 Scan finished successfully
06:29:42.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mom\Desktop\MBR.dat"
06:29:42.828 The log file has been saved successfully to "C:\Documents and Settings\Mom\Desktop\aswMBR.txt"

Attached Files

MBR.dat 512bytes 179 downloads

#14
maliprog

Posted 06 July 2012 - 02:42 PM

Trusted Helper

Malware Removal
6,172 posts

Last two logs looks good.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post