Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did Norton remove W32.Xpiro.D?


  • Please log in to reply
12 replies to this topic

#1 amelia12

amelia12

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 28 September 2012 - 10:00 PM

In the last week or so Norton keeps removing W32.Xpiro.D (threat name description). It detected and removed it 8 times tonight within 1 hour. Is it really being removed or do I have a problem? The file location is different each time. Thanks.

BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:16 AM

Posted 29 September 2012 - 10:48 AM

Hi, amelia12! I'm going to try to help you out. :)

TDSSKiller

I need you to run a scan using TDSSKiller.

  • Download TDSSKiller from here, and save it to your desktop.
  • Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.
  • Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.

  • Download MBAM from here, and save it to your desktop.
  • Double-click the installer to run it. During the installation, simply follow the prompts and let the program install. However, if you do not want to start a trial of the full version, please decline, and if offered any external toolbars/programs, feel free to uncheck to install them, unless you want them.
  • Once the program is done installing and updating, select the Perform full scan option on the main interface. The click the Scan button, hit Scan, and let the scan run.
  • Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.

Please tell me how all this went in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 amelia12

amelia12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 29 September 2012 - 07:27 PM

Thanks for the quick response. Below are the TDSS Killer & Malwarebytes logs. Malwarebyte found 6 issues which I removed. My Norton notify did pop up a couple of times while Malwarebytes was scanning.

14:33:33.0562 1460 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:33:33.0828 1460 ============================================================
14:33:33.0828 1460 Current date / time: 2012/09/29 14:33:33.0828
14:33:33.0828 1460 SystemInfo:
14:33:33.0828 1460
14:33:33.0828 1460 OS Version: 5.1.2600 ServicePack: 3.0
14:33:33.0828 1460 Product type: Workstation
14:33:33.0828 1460 ComputerName: EMI
14:33:33.0828 1460 UserName: Owner
14:33:33.0828 1460 Windows directory: C:\WINDOWS
14:33:33.0828 1460 System windows directory: C:\WINDOWS
14:33:33.0828 1460 Processor architecture: Intel x86
14:33:33.0828 1460 Number of processors: 1
14:33:33.0828 1460 Page size: 0x1000
14:33:33.0828 1460 Boot type: Normal boot
14:33:33.0828 1460 ============================================================
14:33:36.0406 1460 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2865, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
14:33:36.0421 1460 ============================================================
14:33:36.0421 1460 \Device\Harddisk0\DR0:
14:33:36.0421 1460 MBR partitions:
14:33:36.0421 1460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xB16AD1
14:33:36.0421 1460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB16B10, BlocksNum 0x8A02730
14:33:36.0421 1460 ============================================================
14:33:36.0484 1460 C: <-> \Device\Harddisk0\DR0\Partition2
14:33:36.0500 1460 D: <-> \Device\Harddisk0\DR0\Partition1
14:33:36.0500 1460 ============================================================
14:33:36.0500 1460 Initialize success
14:33:36.0500 1460 ============================================================
14:33:40.0953 3212 ============================================================
14:33:40.0953 3212 Scan started
14:33:40.0953 3212 Mode: Manual;
14:33:40.0953 3212 ============================================================
14:33:41.0984 3212 ================ Scan system memory ========================
14:33:41.0984 3212 System memory - ok
14:33:42.0000 3212 ================ Scan services =============================
14:33:42.0125 3212 Abiosdsk - ok
14:33:42.0140 3212 abp480n5 - ok
14:33:42.0187 3212 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:33:42.0187 3212 ACPI - ok
14:33:42.0234 3212 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:33:42.0234 3212 ACPIEC - ok
14:33:42.0250 3212 adpu160m - ok
14:33:42.0296 3212 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:33:42.0296 3212 aec - ok
14:33:42.0328 3212 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:33:42.0343 3212 AFD - ok
14:33:42.0421 3212 [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:33:42.0453 3212 AgereSoftModem - ok
14:33:42.0484 3212 Aha154x - ok
14:33:42.0500 3212 aic78u2 - ok
14:33:42.0515 3212 aic78xx - ok
14:33:42.0578 3212 [ FBBCB95F677CBAA924140B6EA2D9A97B ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
14:33:42.0593 3212 ALCXSENS - ok
14:33:42.0687 3212 [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
14:33:42.0750 3212 ALCXWDM - ok
14:33:42.0796 3212 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:33:42.0796 3212 Alerter - ok
14:33:42.0843 3212 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:33:42.0843 3212 ALG - ok
14:33:42.0859 3212 AliIde - ok
14:33:42.0875 3212 amsint - ok
14:33:43.0015 3212 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:33:43.0015 3212 Apple Mobile Device - ok
14:33:43.0046 3212 AppMgmt - ok
14:33:43.0078 3212 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:33:43.0078 3212 Arp1394 - ok
14:33:43.0109 3212 asc - ok
14:33:43.0125 3212 asc3350p - ok
14:33:43.0140 3212 asc3550 - ok
14:33:43.0234 3212 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:33:43.0250 3212 aspnet_state - ok
14:33:43.0296 3212 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:33:43.0296 3212 AsyncMac - ok
14:33:43.0343 3212 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:33:43.0343 3212 atapi - ok
14:33:43.0359 3212 Atdisk - ok
14:33:43.0390 3212 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:33:43.0390 3212 Atmarpc - ok
14:33:43.0437 3212 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:33:43.0437 3212 AudioSrv - ok
14:33:43.0468 3212 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:33:43.0484 3212 audstub - ok
14:33:43.0515 3212 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:33:43.0515 3212 Beep - ok
14:33:43.0656 3212 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx86.sys
14:33:43.0687 3212 BHDrvx86 - ok
14:33:43.0750 3212 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\System32\qmgr.dll
14:33:43.0796 3212 BITS - ok
14:33:43.0843 3212 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:33:43.0843 3212 Browser - ok
14:33:43.0890 3212 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:33:43.0890 3212 cbidf2k - ok
14:33:43.0984 3212 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NAV C:\WINDOWS\system32\drivers\NAV\1308000.00E\ccSetx86.sys
14:33:43.0984 3212 ccSet_NAV - ok
14:33:44.0000 3212 cd20xrnt - ok
14:33:44.0046 3212 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:33:44.0046 3212 Cdaudio - ok
14:33:44.0093 3212 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:33:44.0093 3212 Cdfs - ok
14:33:44.0109 3212 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:33:44.0125 3212 Cdrom - ok
14:33:44.0140 3212 Changer - ok
14:33:44.0187 3212 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:33:44.0187 3212 CiSvc - ok
14:33:44.0218 3212 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:33:44.0234 3212 ClipSrv - ok
14:33:44.0250 3212 CmdIde - ok
14:33:44.0265 3212 COMSysApp - ok
14:33:44.0296 3212 Cpqarray - ok
14:33:44.0328 3212 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:33:44.0328 3212 CryptSvc - ok
14:33:44.0343 3212 dac2w2k - ok
14:33:44.0359 3212 dac960nt - ok
14:33:44.0406 3212 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:33:44.0421 3212 DcomLaunch - ok
14:33:44.0468 3212 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:33:44.0468 3212 Dhcp - ok
14:33:44.0515 3212 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:33:44.0515 3212 Disk - ok
14:33:44.0531 3212 dmadmin - ok
14:33:44.0593 3212 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:33:44.0625 3212 dmboot - ok
14:33:44.0656 3212 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:33:44.0671 3212 dmio - ok
14:33:44.0703 3212 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:33:44.0703 3212 dmload - ok
14:33:44.0750 3212 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:33:44.0750 3212 dmserver - ok
14:33:44.0781 3212 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:33:44.0781 3212 DMusic - ok
14:33:44.0812 3212 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:33:44.0812 3212 Dnscache - ok
14:33:44.0843 3212 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:33:44.0859 3212 Dot3svc - ok
14:33:44.0875 3212 dpti2o - ok
14:33:44.0906 3212 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:33:44.0906 3212 drmkaud - ok
14:33:44.0953 3212 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:33:44.0953 3212 EapHost - ok
14:33:45.0031 3212 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:33:45.0031 3212 eeCtrl - ok
14:33:45.0078 3212 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:33:45.0078 3212 EraserUtilRebootDrv - ok
14:33:45.0109 3212 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:33:45.0109 3212 ERSvc - ok
14:33:45.0156 3212 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:33:45.0171 3212 Eventlog - ok
14:33:45.0218 3212 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
14:33:45.0234 3212 EventSystem - ok
14:33:45.0265 3212 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:33:45.0265 3212 Fastfat - ok
14:33:45.0296 3212 [ 1E580770BDECE924494B368AC980749E ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
14:33:45.0312 3212 fasttx2k - ok
14:33:45.0359 3212 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:33:45.0359 3212 FastUserSwitchingCompatibility - ok
14:33:45.0406 3212 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
14:33:45.0406 3212 Fax - ok
14:33:45.0437 3212 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:33:45.0437 3212 Fdc - ok
14:33:45.0484 3212 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:33:45.0484 3212 Fips - ok
14:33:45.0515 3212 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:33:45.0515 3212 Flpydisk - ok
14:33:45.0562 3212 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:33:45.0562 3212 FltMgr - ok
14:33:45.0593 3212 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:33:45.0593 3212 Fs_Rec - ok
14:33:45.0640 3212 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:33:45.0640 3212 Ftdisk - ok
14:33:45.0687 3212 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:33:45.0687 3212 GEARAspiWDM - ok
14:33:45.0734 3212 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:33:45.0734 3212 Gpc - ok
14:33:45.0781 3212 [ 160B24FD894E79E71C983EA403A6E6E7 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
14:33:45.0781 3212 HdAudAddService - ok
14:33:45.0812 3212 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:33:45.0812 3212 HDAudBus - ok
14:33:45.0875 3212 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:33:45.0875 3212 helpsvc - ok
14:33:45.0921 3212 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:33:45.0921 3212 HidServ - ok
14:33:45.0953 3212 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:33:45.0953 3212 HidUsb - ok
14:33:46.0015 3212 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:33:46.0015 3212 hkmsvc - ok
14:33:46.0031 3212 hpn - ok
14:33:46.0078 3212 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:33:46.0078 3212 HTTP - ok
14:33:46.0109 3212 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:33:46.0125 3212 HTTPFilter - ok
14:33:46.0140 3212 i2omgmt - ok
14:33:46.0156 3212 i2omp - ok
14:33:46.0187 3212 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:33:46.0187 3212 i8042prt - ok
14:33:46.0265 3212 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:33:46.0296 3212 ialm - ok
14:33:46.0406 3212 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120928.001\IDSxpx86.sys
14:33:46.0421 3212 IDSxpx86 - ok
14:33:46.0453 3212 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:33:46.0453 3212 Imapi - ok
14:33:46.0515 3212 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
14:33:46.0515 3212 ImapiService - ok
14:33:46.0531 3212 ini910u - ok
14:33:46.0578 3212 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:33:46.0578 3212 IntelIde - ok
14:33:46.0625 3212 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:33:46.0625 3212 intelppm - ok
14:33:46.0656 3212 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:33:46.0656 3212 ip6fw - ok
14:33:46.0703 3212 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:33:46.0703 3212 IpFilterDriver - ok
14:33:46.0750 3212 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:33:46.0750 3212 IpInIp - ok
14:33:46.0781 3212 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:33:46.0796 3212 IpNat - ok
14:33:46.0921 3212 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:33:47.0000 3212 iPod Service - ok
14:33:47.0031 3212 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:33:47.0031 3212 IPSec - ok
14:33:47.0062 3212 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:33:47.0062 3212 IRENUM - ok
14:33:47.0109 3212 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:33:47.0109 3212 isapnp - ok
14:33:47.0156 3212 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
14:33:47.0156 3212 Iviaspi - ok
14:33:47.0171 3212 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:33:47.0171 3212 Kbdclass - ok
14:33:47.0203 3212 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:33:47.0203 3212 kbdhid - ok
14:33:47.0234 3212 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:33:47.0234 3212 kmixer - ok
14:33:47.0281 3212 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:33:47.0281 3212 KSecDD - ok
14:33:47.0312 3212 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:33:47.0328 3212 lanmanserver - ok
14:33:47.0359 3212 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:33:47.0375 3212 lanmanworkstation - ok
14:33:47.0390 3212 lbrtfdc - ok
14:33:47.0437 3212 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:33:47.0437 3212 LmHosts - ok
14:33:47.0484 3212 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:33:47.0484 3212 Messenger - ok
14:33:47.0515 3212 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:33:47.0531 3212 mnmdd - ok
14:33:47.0562 3212 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
14:33:47.0562 3212 mnmsrvc - ok
14:33:47.0609 3212 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:33:47.0609 3212 Modem - ok
14:33:47.0640 3212 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:33:47.0640 3212 Mouclass - ok
14:33:47.0687 3212 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:33:47.0687 3212 mouhid - ok
14:33:47.0703 3212 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:33:47.0703 3212 MountMgr - ok
14:33:47.0734 3212 mraid35x - ok
14:33:47.0765 3212 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:33:47.0781 3212 MRxDAV - ok
14:33:47.0859 3212 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:33:47.0890 3212 MRxSmb - ok
14:33:47.0921 3212 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
14:33:47.0921 3212 MSDTC - ok
14:33:47.0953 3212 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:33:47.0953 3212 Msfs - ok
14:33:48.0000 3212 MSIServer - ok
14:33:48.0015 3212 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:33:48.0015 3212 MSKSSRV - ok
14:33:48.0046 3212 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:33:48.0046 3212 MSPCLOCK - ok
14:33:48.0062 3212 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:33:48.0062 3212 MSPQM - ok
14:33:48.0109 3212 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:33:48.0109 3212 mssmbios - ok
14:33:48.0140 3212 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:33:48.0140 3212 Mup - ok
14:33:48.0203 3212 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:33:48.0218 3212 napagent - ok
14:33:48.0296 3212 [ F2840DBFE9322F35557219AE82CC4597 ] NAV C:\Program Files\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
14:33:48.0312 3212 NAV - ok
14:33:48.0390 3212 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120928.033\NAVENG.SYS
14:33:48.0390 3212 NAVENG - ok
14:33:48.0484 3212 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120928.033\NAVEX15.SYS
14:33:48.0500 3212 NAVEX15 - ok
14:33:48.0562 3212 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:33:48.0562 3212 NDIS - ok
14:33:48.0609 3212 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:33:48.0609 3212 NdisTapi - ok
14:33:48.0640 3212 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:33:48.0640 3212 Ndisuio - ok
14:33:48.0671 3212 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:33:48.0671 3212 NdisWan - ok
14:33:48.0703 3212 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:33:48.0703 3212 NDProxy - ok
14:33:48.0750 3212 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:33:48.0750 3212 NetBIOS - ok
14:33:48.0796 3212 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:33:48.0796 3212 NetBT - ok
14:33:48.0843 3212 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:33:48.0843 3212 NetDDE - ok
14:33:48.0859 3212 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:33:48.0859 3212 NetDDEdsdm - ok
14:33:48.0906 3212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
14:33:48.0906 3212 Netlogon - ok
14:33:48.0953 3212 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:33:48.0953 3212 Netman - ok
14:33:48.0984 3212 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:33:48.0984 3212 NIC1394 - ok
14:33:49.0015 3212 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:33:49.0031 3212 Nla - ok
14:33:49.0062 3212 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:33:49.0062 3212 Npfs - ok
14:33:49.0109 3212 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:33:49.0125 3212 Ntfs - ok
14:33:49.0156 3212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
14:33:49.0156 3212 NtLmSsp - ok
14:33:49.0203 3212 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:33:49.0218 3212 NtmsSvc - ok
14:33:49.0265 3212 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:33:49.0265 3212 Null - ok
14:33:49.0296 3212 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:33:49.0296 3212 NwlnkFlt - ok
14:33:49.0328 3212 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:33:49.0328 3212 NwlnkFwd - ok
14:33:49.0359 3212 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:33:49.0359 3212 ohci1394 - ok
14:33:49.0406 3212 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:33:49.0406 3212 Parport - ok
14:33:49.0437 3212 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:33:49.0437 3212 PartMgr - ok
14:33:49.0468 3212 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:33:49.0468 3212 ParVdm - ok
14:33:49.0500 3212 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:33:49.0500 3212 PCI - ok
14:33:49.0515 3212 PCIDump - ok
14:33:49.0546 3212 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:33:49.0546 3212 PCIIde - ok
14:33:49.0578 3212 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:33:49.0593 3212 Pcmcia - ok
14:33:49.0609 3212 PDCOMP - ok
14:33:49.0625 3212 PDFRAME - ok
14:33:49.0640 3212 PDRELI - ok
14:33:49.0656 3212 PDRFRAME - ok
14:33:49.0671 3212 perc2 - ok
14:33:49.0703 3212 perc2hib - ok
14:33:49.0765 3212 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
14:33:49.0765 3212 Pfc - ok
14:33:49.0812 3212 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:33:49.0812 3212 PlugPlay - ok
14:33:49.0828 3212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
14:33:49.0843 3212 PolicyAgent - ok
14:33:49.0875 3212 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:33:49.0875 3212 PptpMiniport - ok
14:33:49.0906 3212 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
14:33:49.0906 3212 Processor - ok
14:33:49.0921 3212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:33:49.0921 3212 ProtectedStorage - ok
14:33:49.0953 3212 [ 9B793A1FFD480155FE9EE5261153F21B ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
14:33:49.0953 3212 Ps2 - ok
14:33:49.0968 3212 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:33:49.0968 3212 PSched - ok
14:33:50.0000 3212 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:33:50.0000 3212 Ptilink - ok
14:33:50.0062 3212 [ B5DFB86A6CAEAE9B2BF3DEDB43BE6393 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
14:33:50.0062 3212 PxHelp20 - ok
14:33:50.0078 3212 ql1080 - ok
14:33:50.0093 3212 Ql10wnt - ok
14:33:50.0109 3212 ql12160 - ok
14:33:50.0125 3212 ql1240 - ok
14:33:50.0156 3212 ql1280 - ok
14:33:50.0187 3212 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:33:50.0187 3212 RasAcd - ok
14:33:50.0234 3212 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:33:50.0234 3212 RasAuto - ok
14:33:50.0265 3212 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:33:50.0265 3212 Rasl2tp - ok
14:33:50.0312 3212 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:33:50.0328 3212 RasMan - ok
14:33:50.0359 3212 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:33:50.0359 3212 RasPppoe - ok
14:33:50.0390 3212 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:33:50.0390 3212 Raspti - ok
14:33:50.0437 3212 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:33:50.0437 3212 Rdbss - ok
14:33:50.0484 3212 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:33:50.0484 3212 RDPCDD - ok
14:33:50.0546 3212 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:33:50.0546 3212 RDPWD - ok
14:33:50.0593 3212 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:33:50.0609 3212 RDSessMgr - ok
14:33:50.0625 3212 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:33:50.0640 3212 redbook - ok
14:33:50.0671 3212 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:33:50.0687 3212 RemoteAccess - ok
14:33:50.0718 3212 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
14:33:50.0734 3212 RpcLocator - ok
14:33:50.0781 3212 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:33:50.0796 3212 RpcSs - ok
14:33:50.0828 3212 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
14:33:50.0843 3212 RSVP - ok
14:33:50.0875 3212 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
14:33:50.0890 3212 rtl8139 - ok
14:33:50.0906 3212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:33:50.0906 3212 SamSs - ok
14:33:50.0953 3212 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:33:50.0953 3212 SCardSvr - ok
14:33:51.0000 3212 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:33:51.0000 3212 Schedule - ok
14:33:51.0046 3212 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:33:51.0046 3212 Secdrv - ok
14:33:51.0093 3212 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:33:51.0093 3212 seclogon - ok
14:33:51.0125 3212 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:33:51.0140 3212 SENS - ok
14:33:51.0156 3212 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:33:51.0156 3212 serenum - ok
14:33:51.0187 3212 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:33:51.0187 3212 Serial - ok
14:33:51.0203 3212 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:33:51.0218 3212 Sfloppy - ok
14:33:51.0250 3212 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:33:51.0265 3212 SharedAccess - ok
14:33:51.0296 3212 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:33:51.0312 3212 ShellHWDetection - ok
14:33:51.0328 3212 Simbad - ok
14:33:51.0343 3212 Sparrow - ok
14:33:51.0390 3212 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:33:51.0390 3212 splitter - ok
14:33:51.0421 3212 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:33:51.0437 3212 Spooler - ok
14:33:51.0453 3212 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:33:51.0453 3212 sr - ok
14:33:51.0500 3212 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
14:33:51.0515 3212 srservice - ok
14:33:51.0578 3212 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NAV\1308000.00E\SRTSP.SYS
14:33:51.0593 3212 SRTSP - ok
14:33:51.0640 3212 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NAV\1308000.00E\SRTSPX.SYS
14:33:51.0640 3212 SRTSPX - ok
14:33:51.0687 3212 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:33:51.0703 3212 Srv - ok
14:33:51.0734 3212 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:33:51.0750 3212 SSDPSRV - ok
14:33:51.0796 3212 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:33:51.0812 3212 stisvc - ok
14:33:51.0859 3212 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:33:51.0859 3212 swenum - ok
14:33:51.0890 3212 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:33:51.0890 3212 swmidi - ok
14:33:51.0906 3212 SwPrv - ok
14:33:51.0937 3212 symc810 - ok
14:33:51.0953 3212 symc8xx - ok
14:33:52.0000 3212 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NAV\1308000.00E\SYMDS.SYS
14:33:52.0015 3212 SymDS - ok
14:33:52.0109 3212 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NAV\1308000.00E\SYMEFA.SYS
14:33:52.0140 3212 SymEFA - ok
14:33:52.0203 3212 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:33:52.0203 3212 SymEvent - ok
14:33:52.0250 3212 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NAV\1308000.00E\Ironx86.SYS
14:33:52.0250 3212 SymIRON - ok
14:33:52.0312 3212 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NAV\1308000.00E\SYMTDI.SYS
14:33:52.0328 3212 SYMTDI - ok
14:33:52.0343 3212 sym_hi - ok
14:33:52.0359 3212 sym_u3 - ok
14:33:52.0390 3212 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:33:52.0390 3212 sysaudio - ok
14:33:52.0437 3212 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:33:52.0437 3212 SysmonLog - ok
14:33:52.0500 3212 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:33:52.0515 3212 TapiSrv - ok
14:33:52.0562 3212 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:33:52.0578 3212 Tcpip - ok
14:33:52.0625 3212 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:33:52.0625 3212 TDPIPE - ok
14:33:52.0656 3212 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:33:52.0656 3212 TDTCP - ok
14:33:52.0687 3212 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:33:52.0687 3212 TermDD - ok
14:33:52.0734 3212 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:33:52.0781 3212 TermService - ok
14:33:52.0812 3212 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:33:52.0812 3212 Themes - ok
14:33:52.0828 3212 TosIde - ok
14:33:52.0875 3212 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:33:52.0875 3212 TrkWks - ok
14:33:52.0921 3212 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:33:52.0937 3212 Udfs - ok
14:33:52.0953 3212 ultra - ok
14:33:53.0015 3212 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:33:53.0031 3212 Update - ok
14:33:53.0062 3212 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:33:53.0062 3212 upnphost - ok
14:33:53.0093 3212 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:33:53.0093 3212 UPS - ok
14:33:53.0140 3212 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:33:53.0140 3212 usbccgp - ok
14:33:53.0187 3212 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:33:53.0187 3212 usbehci - ok
14:33:53.0218 3212 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:33:53.0218 3212 usbhub - ok
14:33:53.0250 3212 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:33:53.0250 3212 usbohci - ok
14:33:53.0281 3212 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:33:53.0281 3212 usbprint - ok
14:33:53.0312 3212 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:33:53.0312 3212 USBSTOR - ok
14:33:53.0343 3212 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:33:53.0359 3212 usbuhci - ok
14:33:53.0375 3212 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:33:53.0375 3212 VgaSave - ok
14:33:53.0421 3212 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
14:33:53.0421 3212 viaagp1 - ok
14:33:53.0468 3212 [ 0CC705DB634A3BC355887E3D478DD386 ] viagfx C:\WINDOWS\system32\DRIVERS\vtmini.sys
14:33:53.0468 3212 viagfx - ok
14:33:53.0500 3212 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:33:53.0500 3212 ViaIde - ok
14:33:53.0515 3212 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:33:53.0531 3212 VolSnap - ok
14:33:53.0578 3212 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:33:53.0593 3212 VSS - ok
14:33:53.0625 3212 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
14:33:53.0640 3212 W32Time - ok
14:33:53.0671 3212 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:33:53.0687 3212 Wanarp - ok
14:33:53.0703 3212 WDICA - ok
14:33:53.0750 3212 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:33:53.0750 3212 wdmaud - ok
14:33:53.0781 3212 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:33:53.0796 3212 WebClient - ok
14:33:53.0859 3212 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:33:53.0875 3212 winmgmt - ok
14:33:53.0921 3212 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
14:33:53.0921 3212 WmdmPmSN - ok
14:33:53.0984 3212 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:33:53.0984 3212 WmiApSrv - ok
14:33:54.0031 3212 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:33:54.0031 3212 wscsvc - ok
14:33:54.0078 3212 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:33:54.0078 3212 wuauserv - ok
14:33:54.0140 3212 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:33:54.0156 3212 WZCSVC - ok
14:33:54.0203 3212 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:33:54.0203 3212 xmlprov - ok
14:33:54.0218 3212 ================ Scan global ===============================
14:33:54.0250 3212 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:33:54.0296 3212 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:33:54.0343 3212 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:33:54.0359 3212 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:33:54.0375 3212 [Global] - ok
14:33:54.0375 3212 ================ Scan MBR ==================================
14:33:54.0390 3212 [ BAD0263FBE81B49F5F07B32DC9D198B3 ] \Device\Harddisk0\DR0
14:33:54.0578 3212 \Device\Harddisk0\DR0 - ok
14:33:54.0578 3212 ================ Scan VBR ==================================
14:33:54.0593 3212 [ 3DC6F594CDC1D07C9FD4AF41D715D39B ] \Device\Harddisk0\DR0\Partition1
14:33:54.0593 3212 \Device\Harddisk0\DR0\Partition1 - ok
14:33:54.0609 3212 [ 11B2EB6073658ABF82FFDB31DF7E890D ] \Device\Harddisk0\DR0\Partition2
14:33:54.0609 3212 \Device\Harddisk0\DR0\Partition2 - ok
14:33:54.0625 3212 ============================================================
14:33:54.0625 3212 Scan finished
14:33:54.0625 3212 ============================================================
14:33:54.0640 3528 Detected object count: 0
14:33:54.0640 3528 Actual detected object count: 0
14:34:54.0515 3136 Deinitialize success



Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.29.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: EMI [administrator]

9/29/2012 6:23:06 PM
mbam-log-2012-09-29 (18-23-06).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 305605
Time elapsed: 1 hour(s), 40 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Documents and Settings\Owner\My Documents\Pics\01-rug_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\Pics\Bottom_Footer[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\Pics\Bottom_Footer[1]_1.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\Pics\Bottom_Footer[1]_2.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\Pics\F3JNQCADOVDMXCATS6RV9CAWIDBC5CALUD92XCAG3GGQ3CAD2M8TZCAGYSPUHCAC6KQ48CA1H3JZRCA46STD5CAYJFPQZCAW14NW3CA4Z4F8VCA9LO7U4CA7QBCN9CANV2482CA8Y5FACCAPYIEEJCAFJ2CXQ.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\Pics\301_1_~1.JPG (Extension.Mismatch) -> Quarantined and deleted successfully.

(end)

#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:16 AM

Posted 30 September 2012 - 09:35 AM

Hi,

Is Norton still giving you warnings? Are you having any other issues?

I'm going to have you run a couple of other scans, so I can see if they find anything. :)

SUPERAntiSpyware

I need you to run a scan with SUPERAntiSpyware.

  • Download SAS from here, and save it to your desktop.
  • Double click the installer to start the installation. If you do not want to start the trial of the full version, please decline, and feel free to uncheck options to install external toolbars/software, unless you want them. Otherwise, follow the prompts and let the program install.
  • Once the program is done installing and updating, tick the Complete Scan option on the interface, and press the big Scan your Computer... button. Ensure that the options Activate Scan Boost™ > Low boost and Scan inside .ZIP archives are selected and Start Complete Scan.
  • After scanning, be sure to remove all detected threats if any were detected. If asked to reboot to remove threats, do so immediately.
  • Once finished, return to the main interface, go to View Scan Logs and view the newest log. Copy and paste it into your reply.

ESET Online Scanner

I need you to run a scan with ESET Online Scanner.

  • Download the scanner from here, and save it to your desktop.
  • Double click the file to install the program. Once it's done, accept the terms of use and click Start. Be sure the following settings are checked before beginning:
    Scan archives
    Remove found threats
    Scan potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth technology
  • Once the scan is done, if anything was found, click List of found threats, and then Export to text file..., and save the log to your desktop.
  • Click << Back, and then Finish. If you have to reboot, do so immediately.
  • After ESET finishes scanning and removing threats, copy and paste the log into your reply.

Please tell me how all of this went in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 amelia12

amelia12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 30 September 2012 - 06:15 PM

Gunto,

While running the Super Anitspyware scan Norton auto protect popped up again saying it removed W32.Xpiro.D. Since I have finished that scan I haven't seen that message from Norton yet. Below is the Super Antispyware log. I had an issue with the ESET Scan @ 49% I had a runtime error. I stopped the scan since it froze and accidentally clicked finish before exporting the threats (it had found 23). Should I rerun?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/30/2012 at 01:34 PM

Application Version : 5.5.1022

Core Rules Database Version : 9316
Trace Rules Database Version: 7128

Scan type : Complete Scan
Total Scan Time : 02:09:52

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 511
Memory threats detected : 0
Registry items scanned : 33760
Registry threats detected : 0
File items scanned : 47558
File threats detected : 185

Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.EMI\Cookies\administrator@atdmt[2].txt [ Cookie:administrator@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.EMI\Cookies\administrator@c.atdmt[2].txt [ Cookie:administrator@c.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.EMI\Cookies\administrator@c1.atdmt[1].txt [ Cookie:administrator@c1.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.EMI\Cookies\administrator@doubleclick[1].txt [ Cookie:administrator@doubleclick.net/ ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-ImageDocFake
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\0000000019[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\01-RUG.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\011_1_~1_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\079_1_~1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\0E612C148658382[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\0E612C148658382[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\0E612C148658382[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\0_1_~1_6.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\108_1_~1_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\11_2_~1_3.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\12-25-2008_003.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\136_1_~1_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\1762610-0[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\1762610-0[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\1762610-0[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\192X144-1229691[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\192X144-1313800[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\192X144-1350901[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\192X144-3983470[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\192X144-4311299[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\192X144-5777875[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\192X144-5851001[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\192X144-7532809[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\192X144-8300771[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\1BF9C7116583939[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\2-1-1-300X250_2(1)[1].GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\220_1_~1_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\23252_698036476_4107_Q[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\23252_698036476_4107_Q[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\23252_698036476_4107_Q[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\244667[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\258_1_~1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\274172_1150838603_6434477_Q[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\274896_1662191171_1308231386_Q[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\274893_100000775940830_7532584_Q[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\275563_552811854_1702125996_Q[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\276311_43606570_300700508_Q[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\2965_2203E9DA-BAC1-422F-BA1A-637AF7C793F9[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\2_3_~1_4.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\3-1_1_~1_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\300X250-514415[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\300X250-514415[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\300X250-514415[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\309512_229981747050952_100001173867507_647366_100626544_S[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\34R8578[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\402834.05[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\405094148970091[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\405094148970091[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\405094148970091[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\41662_1351369500_6790_Q[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\41421_542288983_738_Q[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\41421_542288983_738_Q[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\41421_542288983_738_Q[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\41554_100001084043084_1294_Q[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\41554_100001084043084_1294_Q[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\41554_100001084043084_1294_Q[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\41662_1351369500_6790_Q[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\41662_1351369500_6790_Q[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\45235_1522392107316_1459980054_1374419_1778338_S[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\45235_1522392107316_1459980054_1374419_1778338_S[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\45235_1522392107316_1459980054_1374419_1778338_S[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\46265550[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\4_8_~1_5.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\55630192[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\5_1_~1_10.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\6-2_1_~1_3.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\67_1_~1_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\68F4FFB_CLARY-87_300X25085[1].GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\6_2_~1_5.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\6_3_~1_5.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\6_8_~1_4.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\783_1_~1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\7PCQ5_003_THUMB[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\7PCQ5_003_THUMB[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\7PCQ5_003_THUMB[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\7XZ6VCAKVENJZCA1HB7CUCA3GQ2ULCAFIPICNCAC34TKFCA84L2GLCAK1X3XWCAZ2OLXLCALYEZ5YCAJMK3JHCA0ROHRHCADVUTB0CAH3883DCAH9QDV1CAHD51ORCAQ01KHYCAQCZ63ICAHXU8N3CA8BAYCR.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\8-300X250-SEVEN-MISTAKES[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\8833833_BN06NADIA03OF94_5000[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\89675174[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\8_2_~1_4.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\9-5_1_~1_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\9CAB02KN0.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\9H401CAA82EBJCA65FN2CCAOXW88CCA5K55VKCA1QMD65CAWWW2Q8CAEDCYMLCAK4MN3ACA93GQOOCAA1I9C3CARVRU3CCA4BOANQCAF9TSW3CAZ09QPPCAPOUFWKCA2686TLCAH2IXB2CAUNMIUMCA7IVHGD.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\9UFJW_IMG43_THUMB[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\9UFJW_IMG43_THUMB[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\9UFJW_IMG43_THUMB[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\9_2_~1_3.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\AK73CCAYUHGHVCAYXT0QJCA3ZWEWICA6LOARJCAKOJ726CABB6H4YCAO5KBEMCAOUY7QFCA087VKLCA9IAVK3CA5QH2LGCA92XV0TCAHPTQCFCA7QG0AHCA36PHCJCASC8UT8CA5T3FSJCA3HEY70CA0MPYYR.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\BEJEWELEDR3_50X50[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\BKTILCA20WQANCACMD0NGCAPM87V5CAS4UYY4CA1I6MDICACYAJOXCALF8ITNCAYJPS7ACALPPDNTCASIBY89CA3B3BCCCAIZZFZ2CA35S2N6CAJI06LZCAMJ9Q5QCAQNTYNQCAWZPV04CAK0ZJ86CAZ8BSQP.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\BUTTONBUY[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\CCB7BCACP5WPACACOB5MTCAXQ8J3DCASIW7FQCARKTCIZCALOPMZ3CARUJQ1DCA9DR89ECANAW3NICA1VXTDTCAOX7P8NCAZQ0O9SCAW4RJ5ECAUPLNZDCATPM2FLCAR5OG54CAY1GVQCCAMF7HG4CANZY4KQ.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\CHRISTINE_CENTENERA[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\CLOSEIT[1].GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\CNJ289-2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\CNJ811WB.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\CNJ917.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\DSCN1460[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\DSCN1460[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\DSCN1460[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\DSCN0613.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\DSCN0613_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\DSC_0896__2_EDIHT[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\EC9IMPZQ_100X75_APART_100[1].GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\EC9IMPZQ_100X75_APART_100[1]_1.GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\EC9IMPZQ_100X75_APART_100[1]_2.GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\EKATERINAFEDOROVASERGEYKOROLKOVFORDECLICREVUE1[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\ENSDMNJO_200X150_WRATHOFANUBIS2_200[1].GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\ENSDMNJO_200X150_WRATHOFANUBIS2_200[1]_1.GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\ENSDMNJO_200X150_WRATHOFANUBIS2_200[1]_2.GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\F01E72116584598[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\FROWN_~1.GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\FSH3YCAR2TQD1CA6SEL5UCABZIF66CAJSWUJBCAN2YAN7CAPUMHTQCAO2X35ACALQXE72CAXQIR8QCAC0NRBWCAQUCEJKCAS9X0B8CA1K9PIZCAZG1QA5CAB113JTCAUDGN2PCAWHV441CA8YMU7ZCADB3ZJ4.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\GROUPPIC1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\ILV-PLAYBUTTON-SMALL[1].GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\IMAGES.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\IMGAD_~1_15.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\IMGAD_~1_10.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\IMGAD_~1_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\IMP_GETIMAGE[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\JULIA_ROITFELD[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\K1YQGIJZPXZ.140X105.09[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\KATE_MOSS_CRAIG_MCDEAN_2[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\KGWFPCA3RBUV6CAEPFMU4CAXKN3HDCA767N7SCA413SQ6CA1GG7K2CANZITXKCA2DPDZ5CARSYSVFCAN01B3HCAHGV36WCAT1PD2JCALWE7F1CADYTINSCAT2DQHTCAAV69H7CAU3MLSOCAFV9T8RCA1PDHLI.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\KGWFPCA3RBUV6CAEPFMU4CAXKN3HDCA767N7SCA413SQ6CA1GG7K2CANZITXKCA2DPDZ5CARSYSVFCAN01B3HCAHGV36WCAT1PD2JCALWE7F1CADYTINSCAT2DQHTCAAV69H7CAU3MLSOCAFV9T8RCA1PDHLI_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\KGWFPCA3RBUV6CAEPFMU4CAXKN3HDCA767N7SCA413SQ6CA1GG7K2CANZITXKCA2DPDZ5CARSYSVFCAN01B3HCAHGV36WCAT1PD2JCALWE7F1CADYTINSCAT2DQHTCAAV69H7CAU3MLSOCAFV9T8RCA1PDHLI_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\KIM-KARDASHIAN-PERFUMANIA[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\KIM-KARDASHIAN-PERFUMANIA[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\KIM-KARDASHIAN-PERFUMANIA[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\LINDAEVANGELISTAWMAGAZINESEPTEMBER2012NSFW6[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\LOGO-MAIN[1].GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\MARSHAJACEKZAJACNSFW1[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\MET_ART_VESTALE_ANNA_AU_BY_ELENA_RAY_MEDIUM_0003[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\MEICABRETSANO1[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\NE5Z8CAV8YQIQCAXL9ILSCAT3DNWVCALNKD68CA3AMKV7CAEOC9NXCA2E9TNHCA03UME2CAVZBGVFCA0E1M1NCABFV8Y9CACLGIS1CAM4VSE4CA1T74WECAZK3C0ZCAPRDX66CAEYXE9LCA2U8IMSCAE3MGAL.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\NIGHTONEARKIUSZSZCZUDLOCONFASHIONMAGAZINE12[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\OLIVIA_PALERMO_HARPERS_BAZAAR_UK[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\P4040002[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\PEGGLETMDELUXE_50X50[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\RATING_4[1]_2.GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\RATING_4[1]_3.GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\RATING_4[1].GIF
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\RG3J2CAS11J6WCAKCHYA6CA49TOL3CAJ626HZCAUBM8J5CAEABJU7CA0SOU04CA263ZQ7CA3DK4PFCA6Z4FXXCAF9K5E9CAEL53LRCAJ6EMKACAC6TZ38CAS85LFZCA77O48UCA7H5RJLCA10GM6ACANETO0N.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\SECONDARY-NAV-HEADER[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\SPLASH_LOGO[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\SPLASH_LOGO[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\SPLASH_LOGO[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\SWAROVSKI_LAUREEN_RING[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_002CAFZC1V3.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_001[11]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\TH_14812_KEITYWHITECHAIR_COVERL_123_3LO[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\TH_14812_KEITYWHITECHAIR_COVERL_123_3LO[1]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_010[1]_1.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_006[8].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_002[7].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_028[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_005[2]_3.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_004[5]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_12[1]_3.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_003CA7HQSZA.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\THUMB_002[11].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\TH_14812_KEITYWHITECHAIR_COVERL_123_3LO[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\TH_4F6_LINDSAYLOHAN_WHB_009[1].JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\XIMAGE[6]_2.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\XLS9TCAAF514UCA1E169GCAQN0XBTCAQT2OF6CAN3BIYECA7ZRHWUCAXVILO4CA1CJ40BCA8CC6YCCA6B1VJ4CARDKHY3CAJEXTELCA3AU03YCAB8T6WVCA27H3WFCAKH73FOCA6GYIVVCACFOPPPCAJ0FIXV.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\YU2MPCAU2T1X4CAW99HPYCA71UNIDCAN4WTBSCAB46HL1CAOHI5FQCABK39B0CA28J336CATRW25BCAO3AUEHCATTORWICAIYD3RFCADBV30JCAJQ8BVACAO9XK1TCA8VIMF2CAD4PZLHCAIFOFF4CA8ALR3D.JPG
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\PICS\[016080].JPG

Adware.MegaSearch
C:\PROGRAM FILES\COMMON FILES\REAL\TOOLBAR\REALBAR.DLL

#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:16 AM

Posted 01 October 2012 - 01:09 AM

Hi,

Good to see Norton isn't bothering you yet. :thumbup2: Yes, please rerun ESET for me.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 amelia12

amelia12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 02 October 2012 - 05:47 AM

Gunto,

I ran the ESET scan overnight. I scanned 134000 files with no threats found but the status bar was only at 15% in the morning. I double checked and had the settings as you instructed. Is there something I am doing wrong?

#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:16 AM

Posted 02 October 2012 - 11:19 PM

Hi,

You're doing nothing wrong. :) We'll just skip by ESET.

Has Norton popped up with any warnings recently?

Security Check

I need you to run a checkup with Security Check.

  • Download Security Check here, and save it to your desktop.
  • Double click the file to run it. In the first screen, hit any key and let the scan run.
  • Once the scan is finished, copy and paste the resulting log into your reply.

Please tell me how all of this went in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 amelia12

amelia12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 03 October 2012 - 06:16 PM

I have not had any auto protect notifications from Norton. Below is the security check log.

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
Norton AntiVirus
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Norton AntiVirus Engine 19.9.0.9 ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````

#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:16 AM

Posted 03 October 2012 - 11:28 PM

Hi,

Looking good! :thumbsup: We've only got a little cleaning up to do now.

Please delete TDSSKiller and Security Check from your desktop as we don't need them anymore.

We also need to uninstall a couple things. Your Java is outdated, so we'll be installing the new version after removing the old one, and we don't need ESET anymore. I recommend keeping SUPERAntiSpyware and Malwarebytes though. :)

Uninstall Programs

I need you to uninstall some programs using either Add or Remove Programs or Revo Uninstaller.

If you want to use Add or remove Programs:

  • Go to Start > Control Panel > Add or Remove Programs.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    ESET Online Scanner v3
    Java 2 Runtime Environment, SE v1.4.2_03

    by clicking Change/Remove.

If you want to use Revo Uninstaller (which cleans up a bit better):

  • Download Revo from here, and save it to your desktop.
  • Double-click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    ESET Online Scanner v3
    Java 2 Runtime Environment, SE v1.4.2_03
  • Double-click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check only the bolded items. If there is a closed folder visible, click the + to expand it until you find the bolded item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too. Repeat this with the other programs to uninstall.

Java

I need you to install the latest version of Java.

  • Download Java from here, and save it to your desktop.
  • Close any open browsers.
  • Double-click the installer to start the installation. Feel free to uncheck to install third-party toolbars or software, unless you want them. Otherwise, follow the prompts and let the program install.

Please tell me how all of this went in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#11 amelia12

amelia12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 04 October 2012 - 08:05 PM

Gunto,

I remove the ESET & Java programs...no problems. Then updated my Java....no problems there either and I have not received any auto protect notifications from Norton since the weekend.

#12 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:16 AM

Posted 04 October 2012 - 11:35 PM

Hi,

Congrats, your computer looks free of malware! :woot:

However, here are some steps to improve how your computer works, and to help you from getting infected again.

Keep all your software updated. This is especially true for your antivirus. Keeping your software up-to-date is one of the most important steps to keeping malware out of your system. For new software version updates, I recommend FileHippo Update Checker. However, FH doesn't find all updates, so be sure and manually check for updates, too.

Browse safely. Much of the time, malware gets in because the user isn't cautious. Examples of safe browsing include not opening emails from people you don't know, especially if it has an attachment. Files, especially those with a .exe, .com, .bat and .scr extension should never be trusted unless you know for a fact you can trust the source. You should also be careful with these files even from friends, since their email might actually not be from them.

You should also clean out your System Restore points. SR is used to restore your computer to an earlier time if it's damaged, and since many of your old restore points are probably infected, let's clean out your old points and create a new, clean one.

  • Go to Start > Programs > Accessories > System Tools > System Restore.
  • Select Create a new restore point, then click the Next button.
  • Give the point a name, then click Create.
  • Go to Start > Run... and enter cleanmgr.
  • Once the utility opens, click the More Options tab, and under System Restore, click Clean up..., then say Yes.

Happy surfing! :)

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#13 amelia12

amelia12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 05 October 2012 - 07:39 PM

Thanks for the help Gunto! :thumbsup: Really appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users