Jump to content

Mediashiting.com popups


Recommended Posts

Whenever I browse the internet, mediashifting.com always popups on another window/tab.

So far, it has happened with Mozilla and Chrome.

I also believe that this virus changed my proxy settings, as I had to manually click the no proxy option under both browsers.

My DDS.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0

Run by faneriewar13 at 17:18:48 on 2011-12-27

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2417 [GMT 10:00]

.

AV: Norton 360 Premier Edition *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 Premier Edition *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe

C:\WINDOWS\explorer.exe

C:\Program Files\OpenDrive\OpenDrive_Tray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\System32\NOTEPAD.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://search.babylon.com/home?AF=15627

uDefault_Page_URL = hxxp://www.msn.com

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:58061

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uWinlogon: Shell=c:\documents and settings\faneriewar13\local settings\application data\c4331eb6\X

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL

TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coIEPlg.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [OpenDrive Tray] c:\program files\opendrive\OpenDrive_Tray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] c:\program files\java\jre7\bin\jusched.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\faneri~1\startm~1\programs\startup\onenote 2007 screen clipper and launcher.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\faneri~1\startm~1\programs\startup\stardock objectdock.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp image zone fast start.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee security scan plus.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\windows search.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-explorer: DisallowRun = 0 (0x0)

uPolicies-explorer: <NO NAME> = 0

uPolicies-explorer: SpecifyDefaultButtons = 1 (0x1)

uPolicies-explorer: Btn_Back = 1 (0x1)

uPolicies-explorer: Btn_Forward = 1 (0x1)

uPolicies-explorer: Btn_Stop = 1 (0x1)

uPolicies-explorer: Btn_Refresh = 1 (0x1)

uPolicies-explorer: Btn_Home = 1 (0x1)

uPolicies-explorer: Btn_Search = 1 (0x1)

uPolicies-explorer: Btn_Favorites = 1 (0x1)

uPolicies-explorer: Btn_History = 1 (0x1)

uPolicies-explorer: Btn_Folders = 1 (0x1)

uPolicies-explorer: Btn_Fullscreen = 1 (0x1)

uPolicies-explorer: Btn_Tools = 1 (0x1)

uPolicies-explorer: Btn_MailNews = 1 (0x1)

uPolicies-explorer: Btn_Size = 1 (0x1)

uPolicies-explorer: Btn_Print = 1 (0x1)

uPolicies-explorer: Btn_Edit = 1 (0x1)

uPolicies-explorer: Btn_Discussions = 1 (0x1)

uPolicies-explorer: Btn_Cut = 1 (0x1)

uPolicies-explorer: Btn_Copy = 1 (0x1)

uPolicies-explorer: Btn_Paste = 1 (0x1)

uPolicies-explorer: Btn_Encoding = 1 (0x1)

dPolicies-explorer: DisallowRun = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

TCP: DhcpNameServer = 202.128.0.78 202.128.0.3

TCP: Interfaces\{B5DF8DC9-FDA1-4652-B0BF-C302A46752B4} : DhcpNameServer = 202.128.0.78 202.128.0.3

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: CheckRunOnce - {8fb7653a-13a5-4db0-b917-d8d6c18208f9} - No File

STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 0.0.0.0 localhost

Hosts: 0.0.0.0 localhost

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\faneriewar13\application data\mozilla\firefox\profiles\xa5arzrm.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-8-17 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-8-17 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110909.001\BHDrvx86.sys [2011-9-10 816760]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-8-17 136312]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-27 366152]

R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\5.1.0.29\ccSvcHst.exe [2011-8-17 130008]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-24 2218600]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-27 22216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110915.030\IDSXpx86.sys [2011-9-16 356280]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110916.002\NAVENG.SYS [2011-9-17 86136]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110916.002\NAVEX15.SYS [2011-9-17 1576312]

S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2009-2-20 34064]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-12-26 21:36:28 -------- d-----w- c:\documents and settings\faneriewar13\application data\Malwarebytes

2011-12-26 21:36:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-26 21:36:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-15 07:23:35 -------- d-sh--w- c:\documents and settings\faneriewar13\local settings\application data\c4331eb6

2011-12-15 07:20:45 -------- d-----w- c:\program files\54F0C

2011-12-15 07:20:01 -------- d-----w- c:\program files\LP

2011-12-15 07:20:01 -------- d-----w- c:\documents and settings\faneriewar13\application data\1C854

2011-12-15 07:19:29 -------- d-----w- c:\documents and settings\faneriewar13\local settings\application data\Sun

2011-12-14 07:39:21 -------- d-----w- c:\program files\iPod

2011-11-30 08:51:55 -------- d-----w- c:\documents and settings\all users\SonicStage

2011-11-30 08:43:45 -------- d-----w- c:\program files\Sony

2011-11-30 08:43:16 -------- d-----w- c:\program files\common files\Sony Shared

.

==================== Find3M ====================

.

2011-11-30 05:53:04 544656 -c--a-w- c:\windows\system32\deployJava1.dll

2011-11-30 05:53:04 128000 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-19 04:20:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-28 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-10-24 04:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 04:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2006-10-27 05:23:04 347432 -c--a-w- c:\program files\WINWORD.EXE

.

============= FINISH: 17:19:21.43 ===============

Link to post
Share on other sites

Don't know if this helps, but I did a TDSSKiller scan before checking this site.

17:30:28.0562 0284 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

17:30:29.0515 0284 ============================================================

17:30:29.0515 0284 Current date / time: 2011/12/27 17:30:29.0515

17:30:29.0515 0284 SystemInfo:

17:30:29.0515 0284

17:30:29.0515 0284 OS Version: 5.1.2600 ServicePack: 2.0

17:30:29.0515 0284 Product type: Workstation

17:30:29.0515 0284 ComputerName: NEW-E92D0C81434

17:30:29.0515 0284 UserName: faneriewar13

17:30:29.0515 0284 Windows directory: C:\WINDOWS

17:30:29.0515 0284 System windows directory: C:\WINDOWS

17:30:29.0515 0284 Processor architecture: Intel x86

17:30:29.0515 0284 Number of processors: 2

17:30:29.0515 0284 Page size: 0x1000

17:30:29.0515 0284 Boot type: Normal boot

17:30:29.0515 0284 ============================================================

17:30:31.0031 0284 Initialize success

17:31:40.0140 1236 ============================================================

17:31:40.0140 1236 Scan started

17:31:40.0140 1236 Mode: Manual; SigCheck; TDLFS;

17:31:40.0140 1236 ============================================================

17:31:40.0734 1236 Abiosdsk - ok

17:31:40.0734 1236 abp480n5 - ok

17:31:40.0781 1236 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:31:42.0171 1236 ACPI - ok

17:31:42.0281 1236 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:31:42.0375 1236 ACPIEC - ok

17:31:42.0390 1236 adpu160m - ok

17:31:42.0421 1236 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

17:31:42.0687 1236 aec - ok

17:31:42.0718 1236 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

17:31:42.0718 1236 AegisP ( UnsignedFile.Multi.Generic ) - warning

17:31:42.0718 1236 AegisP - detected UnsignedFile.Multi.Generic (1)

17:31:42.0750 1236 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

17:31:42.0812 1236 AFD - ok

17:31:42.0843 1236 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

17:31:42.0859 1236 AFS2K - ok

17:31:42.0937 1236 AgereSoftModem (1320b1184ba03e09bdda5df480d8e3a0) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

17:31:43.0046 1236 AgereSoftModem ( UnsignedFile.Multi.Generic ) - warning

17:31:43.0046 1236 AgereSoftModem - detected UnsignedFile.Multi.Generic (1)

17:31:43.0062 1236 Aha154x - ok

17:31:43.0062 1236 aic78u2 - ok

17:31:43.0062 1236 aic78xx - ok

17:31:43.0078 1236 AliIde - ok

17:31:43.0078 1236 amsint - ok

17:31:43.0125 1236 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:31:43.0234 1236 Arp1394 - ok

17:31:43.0234 1236 asc - ok

17:31:43.0250 1236 asc3350p - ok

17:31:43.0250 1236 asc3550 - ok

17:31:43.0281 1236 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:31:43.0375 1236 AsyncMac - ok

17:31:43.0406 1236 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:31:43.0484 1236 atapi - ok

17:31:43.0500 1236 Atdisk - ok

17:31:43.0531 1236 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys

17:31:43.0578 1236 atksgt - ok

17:31:43.0593 1236 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:31:43.0687 1236 Atmarpc - ok

17:31:43.0718 1236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:31:43.0812 1236 audstub - ok

17:31:43.0859 1236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:31:43.0968 1236 Beep - ok

17:31:44.0125 1236 BHDrvx86 (09b8897ac84c49beabea75cf9fe1ab45) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110909.001\BHDrvx86.sys

17:31:44.0171 1236 BHDrvx86 - ok

17:31:44.0218 1236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:31:44.0296 1236 cbidf2k - ok

17:31:44.0328 1236 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:31:44.0421 1236 CCDECODE - ok

17:31:44.0421 1236 cd20xrnt - ok

17:31:44.0453 1236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:31:44.0531 1236 Cdaudio - ok

17:31:44.0546 1236 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

17:31:44.0625 1236 Cdfs - ok

17:31:44.0671 1236 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:31:44.0718 1236 Cdrom - ok

17:31:44.0734 1236 Changer - ok

17:31:44.0734 1236 CmdIde - ok

17:31:44.0750 1236 Cpqarray - ok

17:31:44.0750 1236 dac2w2k - ok

17:31:44.0765 1236 dac960nt - ok

17:31:44.0812 1236 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

17:31:44.0906 1236 Disk - ok

17:31:44.0937 1236 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

17:31:45.0078 1236 dmboot - ok

17:31:45.0093 1236 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

17:31:45.0171 1236 dmio - ok

17:31:45.0203 1236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:31:45.0296 1236 dmload - ok

17:31:45.0328 1236 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

17:31:45.0421 1236 DMusic - ok

17:31:45.0437 1236 dpti2o - ok

17:31:45.0468 1236 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

17:31:45.0562 1236 drmkaud - ok

17:31:45.0593 1236 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

17:31:45.0625 1236 e1express - ok

17:31:45.0625 1236 EagleNT - ok

17:31:45.0734 1236 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

17:31:45.0750 1236 eeCtrl - ok

17:31:45.0781 1236 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

17:31:45.0890 1236 Fastfat - ok

17:31:45.0906 1236 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:31:46.0015 1236 Fdc - ok

17:31:46.0015 1236 FilterService - ok

17:31:46.0046 1236 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

17:31:46.0156 1236 Fips - ok

17:31:46.0171 1236 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:31:46.0265 1236 Flpydisk - ok

17:31:46.0312 1236 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:31:46.0562 1236 FltMgr - ok

17:31:46.0578 1236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:31:46.0687 1236 Fs_Rec - ok

17:31:46.0687 1236 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:31:46.0781 1236 Ftdisk - ok

17:31:46.0812 1236 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

17:31:46.0828 1236 GEARAspiWDM - ok

17:31:46.0843 1236 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:31:46.0953 1236 Gpc - ok

17:31:47.0000 1236 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:31:47.0046 1236 HDAudBus - ok

17:31:47.0093 1236 HECI (cc2c8c23417cc7ddf5eddb17e60a14db) C:\WINDOWS\system32\DRIVERS\HECI.sys

17:31:47.0109 1236 HECI - ok

17:31:47.0171 1236 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:31:47.0265 1236 HidUsb - ok

17:31:47.0281 1236 hpn - ok

17:31:47.0312 1236 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

17:31:47.0328 1236 HPZid412 - ok

17:31:47.0375 1236 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

17:31:47.0421 1236 HPZipr12 - ok

17:31:47.0468 1236 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

17:31:47.0515 1236 HPZius12 - ok

17:31:47.0578 1236 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys

17:31:47.0843 1236 HTTP - ok

17:31:47.0843 1236 i2omgmt - ok

17:31:47.0859 1236 i2omp - ok

17:31:47.0890 1236 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:31:48.0000 1236 i8042prt - ok

17:31:48.0156 1236 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110915.030\IDSxpx86.sys

17:31:48.0187 1236 IDSxpx86 - ok

17:31:48.0218 1236 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:31:48.0312 1236 Imapi - ok

17:31:48.0312 1236 ini910u - ok

17:31:48.0421 1236 IntcAzAudAddService (e37589414437a60797e94c0f57c546db) C:\WINDOWS\system32\drivers\RtkHDAud.sys

17:31:48.0578 1236 IntcAzAudAddService - ok

17:31:48.0593 1236 IntelIde - ok

17:31:48.0625 1236 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:31:48.0734 1236 intelppm - ok

17:31:48.0750 1236 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:31:48.0843 1236 Ip6Fw - ok

17:31:48.0875 1236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:31:48.0968 1236 IpFilterDriver - ok

17:31:48.0984 1236 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:31:49.0078 1236 IpInIp - ok

17:31:49.0109 1236 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:31:49.0375 1236 IpNat - ok

17:31:49.0375 1236 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:31:49.0468 1236 IPSec - ok

17:31:49.0484 1236 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:31:49.0531 1236 IRENUM - ok

17:31:49.0562 1236 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:31:49.0656 1236 isapnp - ok

17:31:49.0703 1236 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:31:49.0796 1236 Kbdclass - ok

17:31:49.0828 1236 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

17:31:50.0078 1236 kmixer - ok

17:31:50.0109 1236 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

17:31:50.0203 1236 KSecDD - ok

17:31:50.0218 1236 lbrtfdc - ok

17:31:50.0250 1236 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

17:31:50.0265 1236 lirsgt - ok

17:31:50.0281 1236 LVRS - ok

17:31:50.0281 1236 LVUSBSta - ok

17:31:50.0296 1236 LVUVC - ok

17:31:50.0328 1236 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

17:31:50.0328 1236 MBAMProtector - ok

17:31:50.0343 1236 MBAMSwissArmy - ok

17:31:50.0359 1236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:31:50.0453 1236 mnmdd - ok

17:31:50.0468 1236 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

17:31:50.0562 1236 Modem - ok

17:31:50.0578 1236 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:31:50.0656 1236 Mouclass - ok

17:31:50.0703 1236 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:31:50.0781 1236 mouhid - ok

17:31:50.0796 1236 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

17:31:50.0890 1236 MountMgr - ok

17:31:50.0890 1236 mraid35x - ok

17:31:50.0906 1236 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:31:51.0171 1236 MRxDAV - ok

17:31:51.0218 1236 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:31:51.0265 1236 MRxSmb - ok

17:31:51.0296 1236 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

17:31:51.0390 1236 Msfs - ok

17:31:51.0421 1236 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:31:51.0515 1236 MSKSSRV - ok

17:31:51.0531 1236 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:31:51.0625 1236 MSPCLOCK - ok

17:31:51.0640 1236 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

17:31:51.0734 1236 MSPQM - ok

17:31:51.0765 1236 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:31:51.0859 1236 mssmbios - ok

17:31:51.0890 1236 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

17:31:52.0000 1236 MSTEE - ok

17:31:52.0000 1236 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

17:31:52.0078 1236 Mup - ok

17:31:52.0125 1236 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:31:52.0234 1236 NABTSFEC - ok

17:31:52.0390 1236 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110916.002\NAVENG.SYS

17:31:52.0390 1236 NAVENG - ok

17:31:52.0453 1236 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110916.002\NAVEX15.SYS

17:31:52.0531 1236 NAVEX15 - ok

17:31:52.0562 1236 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

17:31:52.0656 1236 NDIS - ok

17:31:52.0687 1236 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:31:52.0765 1236 NdisIP - ok

17:31:52.0796 1236 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:31:52.0875 1236 NdisTapi - ok

17:31:52.0906 1236 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:31:53.0000 1236 Ndisuio - ok

17:31:53.0015 1236 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:31:53.0125 1236 NdisWan - ok

17:31:53.0140 1236 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

17:31:53.0218 1236 NDProxy - ok

17:31:53.0234 1236 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:31:53.0312 1236 NetBIOS - ok

17:31:53.0328 1236 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:31:53.0437 1236 NetBT - ok

17:31:53.0453 1236 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:31:53.0546 1236 NIC1394 - ok

17:31:53.0593 1236 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\NPF.sys

17:31:53.0609 1236 NPF - ok

17:31:53.0609 1236 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

17:31:53.0703 1236 Npfs - ok

17:31:53.0750 1236 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

17:31:54.0000 1236 Ntfs - ok

17:31:54.0015 1236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:31:54.0109 1236 Null - ok

17:31:54.0281 1236 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:31:54.0484 1236 nv - ok

17:31:54.0531 1236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:31:54.0609 1236 NwlnkFlt - ok

17:31:54.0625 1236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:31:54.0703 1236 NwlnkFwd - ok

17:31:54.0718 1236 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:31:54.0828 1236 ohci1394 - ok

17:31:54.0859 1236 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

17:31:54.0968 1236 Parport - ok

17:31:54.0984 1236 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

17:31:55.0078 1236 PartMgr - ok

17:31:55.0093 1236 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:31:55.0187 1236 ParVdm - ok

17:31:55.0203 1236 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

17:31:55.0296 1236 PCI - ok

17:31:55.0296 1236 PCIDump - ok

17:31:55.0312 1236 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:31:55.0390 1236 PCIIde - ok

17:31:55.0437 1236 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:31:55.0546 1236 Pcmcia - ok

17:31:55.0546 1236 PDCOMP - ok

17:31:55.0562 1236 PDFRAME - ok

17:31:55.0562 1236 PDRELI - ok

17:31:55.0562 1236 PDRFRAME - ok

17:31:55.0578 1236 perc2 - ok

17:31:55.0578 1236 perc2hib - ok

17:31:55.0609 1236 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:31:55.0703 1236 PptpMiniport - ok

17:31:55.0703 1236 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

17:31:55.0796 1236 PSched - ok

17:31:55.0812 1236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:31:55.0890 1236 Ptilink - ok

17:31:55.0921 1236 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:31:55.0921 1236 PxHelp20 - ok

17:31:55.0937 1236 ql1080 - ok

17:31:55.0937 1236 Ql10wnt - ok

17:31:55.0953 1236 ql12160 - ok

17:31:55.0953 1236 ql1240 - ok

17:31:55.0968 1236 ql1280 - ok

17:31:55.0984 1236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:31:56.0062 1236 RasAcd - ok

17:31:56.0109 1236 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:31:56.0218 1236 Rasl2tp - ok

17:31:56.0250 1236 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:31:56.0343 1236 RasPppoe - ok

17:31:56.0343 1236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:31:56.0437 1236 Raspti - ok

17:31:56.0484 1236 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:31:56.0750 1236 Rdbss - ok

17:31:56.0765 1236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:31:56.0859 1236 RDPCDD - ok

17:31:56.0890 1236 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:31:56.0984 1236 rdpdr - ok

17:31:57.0031 1236 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

17:31:57.0281 1236 RDPWD - ok

17:31:57.0312 1236 redbook (cc5f0b5d5d2488320f1361b2d25231d1) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:31:57.0312 1236 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: cc5f0b5d5d2488320f1361b2d25231d1, Fake md5: b31b4588e4086d8d84adbf9845c2402b

17:31:57.0312 1236 redbook ( Rootkit.Win32.ZAccess.aml ) - infected

17:31:57.0312 1236 redbook - detected Rootkit.Win32.ZAccess.aml (0)

17:31:57.0359 1236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:31:57.0593 1236 Secdrv - ok

17:31:57.0625 1236 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:31:57.0718 1236 serenum - ok

17:31:57.0734 1236 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

17:31:57.0812 1236 Serial - ok

17:31:57.0828 1236 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:31:57.0937 1236 Sfloppy - ok

17:31:57.0937 1236 Simbad - ok

17:31:57.0984 1236 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:31:58.0062 1236 SLIP - ok

17:31:58.0078 1236 Sparrow - ok

17:31:58.0109 1236 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

17:31:58.0359 1236 splitter - ok

17:31:58.0390 1236 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

17:31:58.0453 1236 sr - ok

17:31:58.0546 1236 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS

17:31:58.0562 1236 SRTSP - ok

17:31:58.0609 1236 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS

17:31:58.0625 1236 SRTSPX - ok

17:31:58.0656 1236 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys

17:31:58.0718 1236 Srv - ok

17:31:58.0718 1236 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:31:58.0812 1236 streamip - ok

17:31:58.0828 1236 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:31:58.0906 1236 swenum - ok

17:31:58.0953 1236 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

17:31:59.0031 1236 swmidi - ok

17:31:59.0031 1236 symc810 - ok

17:31:59.0046 1236 symc8xx - ok

17:31:59.0093 1236 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS

17:31:59.0109 1236 SymDS - ok

17:31:59.0187 1236 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS

17:31:59.0234 1236 SymEFA - ok

17:31:59.0312 1236 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

17:31:59.0328 1236 SymEvent - ok

17:31:59.0343 1236 SYMFW - ok

17:31:59.0343 1236 SYMIDS - ok

17:31:59.0375 1236 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS

17:31:59.0390 1236 SymIRON - ok

17:31:59.0390 1236 SYMNDIS - ok

17:31:59.0437 1236 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS

17:31:59.0453 1236 SYMTDI - ok

17:31:59.0468 1236 sym_hi - ok

17:31:59.0468 1236 sym_u3 - ok

17:31:59.0515 1236 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

17:31:59.0593 1236 sysaudio - ok

17:31:59.0656 1236 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:31:59.0703 1236 Tcpip - ok

17:31:59.0718 1236 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:31:59.0812 1236 TDPIPE - ok

17:31:59.0843 1236 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

17:31:59.0921 1236 TDTCP - ok

17:31:59.0968 1236 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:32:00.0062 1236 TermDD - ok

17:32:00.0078 1236 TosIde - ok

17:32:00.0109 1236 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

17:32:00.0203 1236 Udfs - ok

17:32:00.0218 1236 ultra - ok

17:32:00.0265 1236 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

17:32:00.0546 1236 Update - ok

17:32:00.0593 1236 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:32:00.0609 1236 USBAAPL - ok

17:32:00.0656 1236 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

17:32:00.0765 1236 usbaudio - ok

17:32:00.0781 1236 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:32:00.0875 1236 usbccgp - ok

17:32:00.0906 1236 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:32:01.0000 1236 usbehci - ok

17:32:01.0015 1236 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:32:01.0125 1236 usbhub - ok

17:32:01.0140 1236 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:32:01.0218 1236 usbprint - ok

17:32:01.0250 1236 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:32:01.0328 1236 usbscan - ok

17:32:01.0375 1236 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:32:01.0484 1236 USBSTOR - ok

17:32:01.0515 1236 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:32:01.0593 1236 usbuhci - ok

17:32:01.0625 1236 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys

17:32:01.0718 1236 usbvideo - ok

17:32:01.0750 1236 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

17:32:01.0828 1236 VgaSave - ok

17:32:01.0843 1236 ViaIde - ok

17:32:01.0875 1236 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

17:32:01.0968 1236 VolSnap - ok

17:32:01.0968 1236 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:32:02.0078 1236 Wanarp - ok

17:32:02.0109 1236 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

17:32:02.0140 1236 Wdf01000 - ok

17:32:02.0140 1236 WDICA - ok

17:32:02.0203 1236 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

17:32:02.0468 1236 wdmaud - ok

17:32:02.0500 1236 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

17:32:02.0500 1236 WinUSB - ok

17:32:02.0546 1236 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:32:02.0640 1236 WpdUsb - ok

17:32:02.0671 1236 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:32:02.0765 1236 WSTCODEC - ok

17:32:02.0796 1236 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:32:02.0828 1236 WudfPf - ok

17:32:02.0875 1236 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:32:02.0906 1236 WudfRd - ok

17:32:02.0921 1236 zumbus - ok

17:32:02.0937 1236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

17:32:03.0140 1236 \Device\Harddisk1\DR1 - ok

17:32:03.0171 1236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:32:03.0359 1236 \Device\Harddisk0\DR0 - ok

17:32:03.0359 1236 Boot (0x1200) (e1c0ee00c1dcdae1354a055439c3b213) \Device\Harddisk1\DR1\Partition0

17:32:03.0359 1236 \Device\Harddisk1\DR1\Partition0 - ok

17:32:03.0359 1236 Boot (0x1200) (b36b7884728c1ef2a5000ed145d0d3a4) \Device\Harddisk0\DR0\Partition0

17:32:03.0359 1236 \Device\Harddisk0\DR0\Partition0 - ok

17:32:03.0359 1236 ============================================================

17:32:03.0359 1236 Scan finished

17:32:03.0359 1236 ============================================================

17:32:03.0484 3636 Detected object count: 3

17:32:03.0484 3636 Actual detected object count: 3

17:32:18.0046 3636 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

17:32:18.0046 3636 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:32:18.0046 3636 AgereSoftModem ( UnsignedFile.Multi.Generic ) - skipped by user

17:32:18.0046 3636 AgereSoftModem ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:32:18.0203 3636 Backup copy found, using it..

17:32:18.0390 3636 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot

17:32:18.0718 3636 C:\WINDOWS\system32\c_12285.nls - will be deleted on reboot

17:32:19.0843 3636 redbook ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure

17:32:23.0750 3200 Deinitialize success

Link to post
Share on other sites

  • 1 month later...

Save and close any work documents, close any apps that you started.

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

If and only if your system is Windows 7 x64, Vista x64, Windows XP x64 and Windows 2008/2003 x64 computers.

Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

http://www.microsoft.com/downloads/details.aspx?familyid=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the contents of last scan log into reply.

If we do not hear back from you in 3 days, this thread will be closed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.