Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed XP Total Security 2011; Lingering Problems


  • Please log in to reply
24 replies to this topic

#1 idrawstuff

idrawstuff

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 19 May 2011 - 11:01 AM

Hello,

Yesterday I stepped away from my computer for half an hour, and when I came back I had pop-ups for XP Total Security 2011 and Antimalware Doctor going. I endeded up running FixNCR.reg to begin with because of the .exe file problems I was having, and then rKill and Malwarebytes while I was in Safe Mode. However, this morning I am still having problems with browser redirects and pop-ups on ALL THREE of my browsers (IE/Firefox/Chrome) and my virus scanner picked up and deleted something called V30516.exe, something detected as a W32/Tuared virus (whatever that means).

I'm running XP Pro, with McAfee VirusScan Enterprise 8.5.0i for protection, and Spybot for my spyware protection.

Anything you can recommend to help would be greatly appreciated :-) I have an OTL log and the MBAM log if it would help anyone, but I see we don't post those yet :-)

BC AdBot (Login to Remove)

 


#2 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:05:12 AM

Posted 19 May 2011 - 02:33 PM

Hi idrawstuff,

Please post the results from your Malwarebytes scans.

Also, Please download GMER from one of the following locations and save it to your desktop:

* Main Mirror
This version will download a randomly named file (Recommended)
* Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

* Disconnect from the Internet and close all running programs.
* Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
* Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
* Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
Posted Image

* GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
* If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
* Now click the Scan button. If you see a rootkit warning window, click OK.
* When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
* Click the Copy button and paste the results into your next reply.
* Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#3 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 19 May 2011 - 06:47 PM

Here are the results of my MBAM log from yesterday; HOWEVER, this has gotten back to being a full blown infection again, annoying popups and all. I'm going to re-run MBAM, as well as GMER as you recommended and post the results of both as soon as they've completed.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6611

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/18/2011 3:44:31 PM
mbam-log-2011-05-18 (15-44-31).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 390678
Time elapsed: 1 hour(s), 2 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SNJQ66R8MU (Trojan.Downloader) -> Value: SNJQ66R8MU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lavsstr70.exe (Trojan.FakeAlert) -> Value: lavsstr70.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Skype (Trojan.Agent) -> Value: Skype -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\mike.DTB\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\mike.DTB\local settings\Temp\Avz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\application data\fe442b965fd86bcfad90d4711b37bdb9\lavsstr70.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\application data\Adobe\plugs\kb13108203.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\application data\Sun\Java\deployment\cache\6.0\24\42332498-1b1d8c0f (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\local settings\application data\lcn.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\local settings\Temp\Av0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\local settings\Temp\Avx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\local settings\Temp\Avy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Axyxaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ktxc\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\application data\Skype\Phone\Skype.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

#4 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 19 May 2011 - 09:32 PM

Here's the new MBAM. Rebooting and running GMER.


Malwarebytes' Anti-Malware

1.50.1.1100
www.malwarebytes.org

Database version: 6611

Windows 5.1.2600 Service Pack 3

(Safe Mode)
Internet Explorer 8.0.6001.18702

5/19/2011 7:27:59 PM
mbam-log-2011-05-19 (19-27-59).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 385505
Time elapsed: 59 minute(s), 11

second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\itlnfw32.dll

(Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsof

t\Windows

NT\CurrentVersion\Winlogon\Notify\it

lnfw32 (Trojan.Agent) -> Quarantined

and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsof

t\Security

Center\AntiVirusDisableNotify

(PUM.Disabled.SecurityCenter) ->

Bad: (1) Good: (0) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsof

t\Security

Center\FirewallDisableNotify

(PUM.Disabled.SecurityCenter) ->

Bad: (1) Good: (0) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsof

t\Security

Center\UpdatesDisableNotify

(PUM.Disabled.SecurityCenter) ->

Bad: (1) Good: (0) -> Quarantined

and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and

settings\mike.DTB\local

settings\application data\rsq.exe

(Trojan.ExeShell.Gen) -> Quarantined

and deleted successfully.
c:\system volume

information\_restore{a80475b6-cf6d-

4b3a-bd21-b16c67db5304}\RP0

\A0000025.exe (Trojan.FakeAlert) ->

Quarantined and deleted

successfully.
c:\system volume

information\_restore{a80475b6-cf6d-

4b3a-bd21-b16c67db5304}\RP0

\A0000026.exe (Trojan.FakeAlert) ->

Quarantined and deleted

successfully.
c:\system volume

information\_restore{a80475b6-cf6d-

4b3a-bd21-b16c67db5304}\RP0

\A0000027.exe (Malware.Gen) ->

Quarantined and deleted

successfully.
c:\system volume

information\_restore{a80475b6-cf6d-

4b3a-bd21-b16c67db5304}\RP0

\A0000028.exe (Trojan.Downloader) ->

Quarantined and deleted

successfully.
c:\WINDOWS\system32\itlnfw32.dll

(Trojan.Agent) -> Quarantined and

deleted successfully.
c:\WINDOWS\system32\itlpfw32.dll

(Trojan.Agent) -> Quarantined and

deleted successfully.

#5 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:05:12 AM

Posted 20 May 2011 - 06:23 AM

Hi idrawstuff,

Looks like MBAM is removing a bunch things each time you run it. That's a good thing.

I'm not seeing the results from your GMER scan though.

Could you post those results and also do the following:

SAS, may take a long time to scan
Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
  • First

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:

  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#6 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 20 May 2011 - 10:13 AM

Here's the GMER log:

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-20 08:05:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.BBFO
Running: i0hwzx95.exe; Driver: C:\DOCUME~1\mike.DTB\LOCALS~1\Temp\kwldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

? nfgmwbjg.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AD000A
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AE000A
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006F000C
.text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00FF000A
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D5000A
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D6000A
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C3000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs bihomimo.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----




I'll jump right on running SAS.

Thanks again for all your help!

#7 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 20 May 2011 - 01:22 PM

Ran SAS, but the system is hanging at the reboot: it's stuck on the "saving your settings" screen, and has been for about three minutes now. Should I give it some more time?

It's the reboot from AFTER the scan and removal.

#8 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 20 May 2011 - 01:34 PM

Still hanging, it's been more than fifteen minutes now. Would I be safe doing a hard shutdown?

#9 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 20 May 2011 - 01:35 PM

I'll go to lunch, and see if it's still hanging when I get back.

#10 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 20 May 2011 - 03:03 PM

It was still hanging when I got back from lunch, so I went ahead and gave it a hard shutdown. Browser redirection still exists, so I'm shutting the computer down after posting this pending further advice. My SAS Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2011 at 11:12 AM

Application Version : 4.52.1000

Core Rules Database Version : 7096
Trace Rules Database Version: 4908

Scan type : Complete Scan
Total Scan Time : 02:39:22

Memory items scanned : 286
Memory threats detected : 0
Registry items scanned : 8749
Registry threats detected : 0
File items scanned : 179662
File threats detected : 358

Adware.Tracking Cookie
C:\Documents and Settings\mike.DTB\Cookies\mike@advertnation[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@tribalfusion[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@pointroll[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@insightexpressai[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@perf.overture[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@invitemedia[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adecn[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@trafficmp[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@collective-media[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adserv.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@content.yieldmanager[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@specificmedia[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ru4[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adbrite[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adxpose[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@media6degrees[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@media.adfrontiers[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@dmtracker[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@2o7[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adinterax[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@questionmarket[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@specificclick[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@in.getclicky[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@revsci[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ad.yieldmanager[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ad.wsod[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@lucidmedia[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@m1.mediasrv[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adserver.adtechus[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@serving-sys[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@content.yieldmanager[4].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@mediabrandsww[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@kontera[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@pro-market[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.matrix-media[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@legolas-media[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@lucidmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.burstbeacon[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.windowsmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@imrworldwide[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adserving.versaneeds[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@harrenmedianetwork[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@vidasco.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@lucidmedia[4].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@rotator.adjuggler[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.mediaquantics[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@cdn4.specificclick[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.pubmatic[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwindows.112.2o7[1].txt
.kaspersky.122.2o7.net [ C:\Documents and Settings\Administrator.DOUGLASS\Application Data\Mozilla\Firefox\Profiles\gv627ajq.default\cookies.sqlite ]
.clickbank.net [ C:\Documents and Settings\Administrator.DOUGLASS\Application Data\Mozilla\Firefox\Profiles\gv627ajq.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Administrator.DOUGLASS\Application Data\Mozilla\Firefox\Profiles\gv627ajq.default\cookies.sqlite ]
C:\Documents and Settings\administrator.DTB\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\administrator.DTB\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\administrator.DTB\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\administrator.DTB\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\administrator.DTB\Cookies\administrator@interclick[1].txt
C:\Documents and Settings\administrator.DTB\Cookies\administrator@revsci[1].txt
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\D79AKQTQ ]
a.ads2.msads.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
a.media.soapnet.go.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
adimages.scrippsnetworks.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ads2.msads.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
adsatt.espn.go.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ao1.crosscutmedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
b.ads2.msads.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
bc.youporn.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
blog.youradultcams.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
broadcast.piximedia.fr [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cache.specificmedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cdn-www.pornhub.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cdn.eyewonder.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cdn.insights.gravity.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cdn.media.soapnet.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cdn4.specificclick.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cloud.video.unrulymedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
content.oddcast.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
convoad.technoratimedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
core.insightexpressai.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
crackle.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
dcl.wdpromedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
dcl2.wdpromedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
dlr1.wdpromedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ds.serving-sys.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ia.media-imdb.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ieadtrack.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
images.indieclick.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
indieclick.3janecdn.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
interclick.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
m.uk.2mdn.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
m1.2mdn.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.bakersfieldnow.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.entertonement.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.hamptonroads.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.ign.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.jambocast.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.mtvnservices.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.noob.us [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.podaddies.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.scanscout.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.socialvibe.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.tattomedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.vmixcore.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media01.kyte.tv [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media1.break.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media1.clubpenguin.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media10.washingtonpost.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
mediaplex.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
msnbcmedia.msn.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
msntest.serving-sys.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
naiadsystems.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
objects.tremormedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
parksandresorts2.wdpromedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
picayune.uclick.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
rmd.atdmt.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
s0.2mdn.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
secure-uk.imrworldwide.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
serving-sys.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
spe.atdmt.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
speed.pointroll.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
static.2mdn.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
static.youporn.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
stmedia.startribune.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
udn.specificclick.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
videos.mediaite.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
vidii.hardsextube.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
wdw2.wdpromedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.adultswim.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.bisexualplayground.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.crackle.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.naiadsystems.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.petfinder.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.soundclick.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
wwwstatic.megaporn.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
xxxbunker.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
yieldmanager.edgesuite.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
C:\Documents and Settings\mike.DTB\Cookies\mike@247realmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@a1.interclick[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@accountmanager.att[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ad.uolmg[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ad.wsod[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ad.yieldmanager[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adbrite[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adbureau.traffic[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adinterax[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adopt.euroclick[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adopt.specificclick[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.addesktop[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.addynamix[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.bridgetrack[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.clicksor[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.cnn[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.foodbuzz[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.hartenergy[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.lucidmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.mail[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.ookla[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.pastemagazine[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.pointroll[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.sesameworkshop[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.techguy[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.undertone[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ads.vcgcorporate[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adserver.adtechus[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adserver.overclock[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adtech[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@advertise[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@advertising[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@at.atwola[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@atdmt[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@atwola[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@azjmp[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@bs.serving-sys[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@buttecounty[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@bzresults.122.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@cdn4.specificclick[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@chitika[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@cms.trafficmp[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@collective-media[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@content.yieldmanager[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@counter.surfcounters[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@countyofbutte[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@dealtime[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@dmtracker[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@e-2dj6wjkycocpohq.stats.esomniture[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ecnext.advertserve[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@eharmony.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@electronicarts.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ext-us.bestofmedia[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ford.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ge.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@goodyear.122.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@iacas.adbureau[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@imageads6.googleadservices[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@imrworldwide[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@insightexpressai[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@interclick[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@intermundomedia[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@invitemedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@kontera[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@libertytaxservice.122.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@media.sensis.com[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@media6degrees[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@mediafire[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@mediarecover[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@microsoftsto.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@msnportal.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@msnservices.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@myroitracking[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@naked[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@nextag[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@oasn04.247realmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@overture[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@pentonmedia.122.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@pointroll[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@portal.lacounty[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@pro-market[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@questionmarket[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@realmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@revenue[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@revsci[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@richmedia.yahoo[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@roiservice[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@saccounty[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@sales.liveperson[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@sales.liveperson[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@sales.liveperson[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@sales.liveperson[4].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@sales.liveperson[6].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@server.iad.liveperson[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@server.iad.liveperson[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@server.iad.liveperson[4].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@serving-sys[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@smartadserver[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@smileycentral[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@snapfish.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@socialmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@specificclick[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@specificmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@stat.dealtime[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@stat.onestat[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@superstats[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@tacoda[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@technologyquestions[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@thefind[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@timeinc.122.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@tracking.foxnews[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@trafficmp[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@traffic[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@traveladvertising[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@tribalfusion[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@tripod[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@usatoday1.112.2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@videoegg.adbureau[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@webtrack.bestsoftware[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.buttecounty[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.find-quick-results[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.googleadservices[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.googleadservices[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.googleadservices[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.googleadservices[4].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.mediafire[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.technologyquestions[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.traffic[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@www.visitor-track[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@xiti[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@yieldmanager[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@yieldmanager[2].txt
cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
udn.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.zanox[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad2.adfarm1.adition[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adfarm1.adition[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.blogtalkradio[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adservr[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@d.mediadakine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@p373t1s2853432.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksare[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.hippofind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.find-quick-results[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.find-quick-results[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.finditch[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.click9[2].txt

Rogue.AntiMalwareDoctor
C:\Documents and Settings\mike.DTB\Application Data\FE442B965FD86BCFAD90D4711B37BDB9

Trojan.Agent/Gen-RogueDrop
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\6.0\42\6DADDD6A-5EF5F502

Trojan.Agent/Gen-IExplorer[Fake]
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX4\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX1\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX4\PROCS\EXPLORER.EXE

Heuristic.Backdoor
C:\WINDOWS\TEMP\EXPLORER.EXE

Trojan.Agent/Gen-Faldesc[RE]
C:\WINDOWS\TEMP\TBUQ\SETUP.EXE

#11 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 20 May 2011 - 03:11 PM

Just a note, I was unable to shut down (the computer just hung up) so I had to give it a hard shutdown again.

#12 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 21 May 2011 - 06:23 PM

I know you guys are SUPER busy and you're only doing this out of the goodness of your heart, but can you tell me if you think you might have an opportunity to check the logs today? If I can't getting running by Monday I'm going to have to figure something else out. Don't get me wrong, I can TOTALLY see the backlog of problems you've got, and I'm sure everyone is in an urgent situation... I very much appreciate all the help you've already given me. I'm just trying to plan my weekend :-)

#13 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 23 May 2011 - 03:03 AM

Nevermind, it looks like I got it; it was a TDSS family rootkit that was making me redirect until I eventually ended up with the virus again. Looks like it's solved, but if you'd like to see any logs to verify just let me know.

#14 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:05:12 AM

Posted 23 May 2011 - 07:20 AM

Hi idrawstuff,

Sorry for my tardyness over the weekend.

I'm glad that you got things sorted with your TDSS Rootkit. I'm interested in any logs you might have and also would like to recommend an online virus scan.

Please perform a scan with Eset Onlinescan (NOD32).
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista Users be sure to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

  • You will see the Terms of Use. Tick the check-box in front of YES, I accept the Terms of Use
  • Now click Start.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.
  • A new window will appear asking "Do you want to install this software?" (OnlineScanner.cab)".
  • Answer Yes to install and download the ActiveX controls that allows the scan to run.
  • Click Start.(the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, check: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan to start the online scan. (this could take some time to complete)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software. Just close the window.
  • Now click Start > Run... > type: C:\Program Files\Eset\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad.
  • Copy and paste the log results in your next reply.

Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn\ them back on after you are finished
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#15 idrawstuff

idrawstuff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 23 May 2011 - 10:48 AM

No problem, I appreciate all you guys do and understand you DO have a life outside of these forums.

Basically all I did was I ran MBAM and SAS again as the administrator, just to see if it made a difference (my infected user account has administrative privileges, so I wasn't sure). SAS didn't catch anything, but MBAM caught a single thing, some kind of log off Hijack (which would explain my problems rebooting I guess, because it works fine now). Afterwards I was still getting the redirect, so I ran a McAfee virus scan and another MBAM scan again as the user. McAfee gave me a clean bill of health other than a few old quarantined files, and MBAM came back with 0 infections. Even ran Spybot in an old-school last ditch effort :-P Everything was clean.

That's when I started wondering if this was a separate problem that was just packaged with my initial infection, and so I did some online homework about redirects in general and found out a little about the rootkits that could possibly infect all three of my browsers. I used ATF Cleaner for some house cleaning, manually deleted the TEMP files from my browsers, and ran TDSSKiller and THAT did the trick.

Here's the MBAM log that caught the logoff problem, the clean bill of health from McAfee (except for those old quarantine files), and my TDSSKiller report; if you still think I need to run that Eset online scan even though I have the McAfee log, let me know, and I will right after work. Thanks again for your help!


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6644

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/22/2011 6:24:41 PM
mbam-log-2011-05-22 (18-24-41).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 390709
Time elapsed: 1 hour(s), 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*****************************************************************


McAfee On-Demand Scan Log

5/22/2011 9:10:24 PM Engine version =5400.1158
5/22/2011 9:10:24 PM AntiVirus DAT version =6352.0000
5/22/2011 9:10:24 PM Number of detection signatures in EXTRA.DAT =None
5/22/2011 9:10:24 PM Names of detection signatures in EXTRA.DAT =None
5/22/2011 9:10:02 PM Scan Started MIKE-LT\mike On-Demand Scan
5/22/2011 9:33:58 PM Deleted mike c:\documents and settings\mike.dtb\desktop\mike's junk\spywarevirus tools\gooredfix backups\c\documents and settings\mike\local settings\application data\{7da9e5ac-1b88-4782-ab96-9c26ef91e341}\chrome\content\_cfg.js JS/Redirector.ab(Trojan)
5/22/2011 9:34:02 PM Cleaned mike c:\Documents and Settings\mike.DTB\Desktop\Mike's Junk\SpywareVirus Tools\GooredFix Backups\C\Documents and Settings\mike\Local Settings\Application Data\{7DA9E5AC-1B88-4782-AB96-9C26EF91E341}\chrome\content\overlay.xul JS/Redirector.ab(Trojan)
5/22/2011 9:34:02 PM Deleted mike c:\documents and settings\mike.dtb\desktop\mike's junk\spywarevirus tools\gooredfix backups\c\documents and settings\mike\local settings\application data\{af6f91ae-b854-4278-9817-718fdcb33ed3}\chrome\content\_cfg.js JS/Redirector.ab(Trojan)
5/22/2011 9:34:02 PM Cleaned mike c:\Documents and Settings\mike.DTB\Desktop\Mike's Junk\SpywareVirus Tools\GooredFix Backups\C\Documents and Settings\mike\Local Settings\Application Data\{AF6F91AE-B854-4278-9817-718FDCB33ED3}\chrome\content\overlay.xul JS/Redirector.ab(Trojan)
5/22/2011 11:08:35 PM Deleted mike c:\_otl\movedfiles\02222010_193007\c_windows\iwacokuvomuyi.dll Hiloti.gen.g(Trojan)
5/22/2011 11:08:37 PM Cleaned mike c:\_otl\movedfiles\02222010_193007\c_windows\iwacokuvomuyi.dll Hiloti.gen.g(Trojan)
5/22/2011 11:08:40 PM Deleted mike C:\_OTL\MOVEDFILES\02222010_193007\C_WINDOWS\IWACOKUVOMUYI.DLL Hiloti.gen.g(Trojan)
5/22/2011 11:08:40 PM Deleted mike c:\_OTL\MovedFiles\02222010_193007\C_WINDOWS\iwacokuvomuyi.dll Hiloti.gen.g(Trojan)
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Scan Summary
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Processes scanned : 13
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Processes detected : 0
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Processes cleaned : 0
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Boot sectors scanned : 2
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Boot sectors detected: 0
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Boot sectors cleaned : 0
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Files scanned : 189969
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Files with detections: 3
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike File detections : 8
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Files cleaned : 2
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Files deleted : 1
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Files not scanned : 40
5/22/2011 11:09:27 PM Scan Summary MIKE-LT\mike Run time : 1:53:44
5/22/2011 11:09:27 PM Scan Complete MIKE-LT\mike On-Demand Scan


*****************************************************************


2011/05/23 00:48:17.0703 0532 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/23 00:48:18.0171 0532 ================================================================================
2011/05/23 00:48:18.0171 0532 SystemInfo:
2011/05/23 00:48:18.0171 0532
2011/05/23 00:48:18.0171 0532 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/23 00:48:18.0171 0532 Product type: Workstation
2011/05/23 00:48:18.0171 0532 ComputerName: MIKE-LT
2011/05/23 00:48:18.0171 0532 UserName: mike
2011/05/23 00:48:18.0171 0532 Windows directory: C:\WINDOWS
2011/05/23 00:48:18.0171 0532 System windows directory: C:\WINDOWS
2011/05/23 00:48:18.0171 0532 Processor architecture: Intel x86
2011/05/23 00:48:18.0171 0532 Number of processors: 2
2011/05/23 00:48:18.0171 0532 Page size: 0x1000
2011/05/23 00:48:18.0171 0532 Boot type: Safe boot with network
2011/05/23 00:48:18.0171 0532 ================================================================================
2011/05/23 00:48:18.0562 0532 Initialize success
2011/05/23 00:48:44.0921 1280 ================================================================================
2011/05/23 00:48:44.0921 1280 Scan started
2011/05/23 00:48:44.0921 1280 Mode: Manual;
2011/05/23 00:48:44.0921 1280 ================================================================================
2011/05/23 00:48:46.0359 1280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/23 00:48:46.0406 1280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/23 00:48:46.0500 1280 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/23 00:48:46.0718 1280 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/05/23 00:48:46.0812 1280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/23 00:48:46.0875 1280 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/23 00:48:47.0000 1280 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/23 00:48:47.0390 1280 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/23 00:48:47.0562 1280 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/23 00:48:47.0843 1280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/23 00:48:47.0906 1280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/23 00:48:48.0109 1280 ati2mtag (b11e7e282eeb8d144b2f429fa0383c0a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/23 00:48:48.0312 1280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/23 00:48:48.0390 1280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/23 00:48:48.0453 1280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/23 00:48:48.0593 1280 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
2011/05/23 00:48:48.0734 1280 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/05/23 00:48:48.0843 1280 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/05/23 00:48:49.0015 1280 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/05/23 00:48:49.0078 1280 btwmodem (e206ec370646e42dc862fd995869d31d) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/05/23 00:48:49.0156 1280 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/05/23 00:48:49.0218 1280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/23 00:48:49.0421 1280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/23 00:48:49.0500 1280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/23 00:48:49.0546 1280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/23 00:48:49.0765 1280 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/23 00:48:49.0890 1280 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/23 00:48:50.0125 1280 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
2011/05/23 00:48:50.0218 1280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/23 00:48:50.0421 1280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/23 00:48:50.0562 1280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/23 00:48:50.0625 1280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/23 00:48:50.0718 1280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/23 00:48:50.0828 1280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/23 00:48:50.0968 1280 DroidCam (6b2217af067d2f4d04fa2ae0ffa7a3aa) C:\WINDOWS\system32\drivers\droidcam.sys
2011/05/23 00:48:51.0062 1280 e1express (ed91f1042071a36f54e7c430e130e4cd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/05/23 00:48:51.0187 1280 ethqoots (b4f210a11fc62a0285063fc785430ac3) C:\WINDOWS\system32\drivers\ethqoots.sys
2011/05/23 00:48:51.0390 1280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/23 00:48:51.0484 1280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/23 00:48:51.0531 1280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/23 00:48:51.0640 1280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/23 00:48:51.0781 1280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/23 00:48:51.0875 1280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/23 00:48:51.0968 1280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/23 00:48:52.0062 1280 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/23 00:48:52.0140 1280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/23 00:48:52.0218 1280 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/05/23 00:48:52.0312 1280 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/23 00:48:52.0453 1280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/23 00:48:52.0593 1280 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/05/23 00:48:52.0734 1280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/23 00:48:52.0953 1280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/23 00:48:53.0031 1280 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/23 00:48:53.0109 1280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/23 00:48:53.0296 1280 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/23 00:48:53.0343 1280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/23 00:48:53.0390 1280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/23 00:48:53.0453 1280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/23 00:48:53.0531 1280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/23 00:48:53.0640 1280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/23 00:48:53.0687 1280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/23 00:48:53.0750 1280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/23 00:48:53.0843 1280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/23 00:48:54.0000 1280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/23 00:48:54.0046 1280 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/23 00:48:54.0109 1280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/23 00:48:54.0140 1280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/23 00:48:54.0359 1280 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/05/23 00:48:54.0515 1280 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/05/23 00:48:54.0609 1280 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/05/23 00:48:54.0750 1280 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/23 00:48:54.0796 1280 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/23 00:48:54.0906 1280 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/23 00:48:54.0968 1280 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/23 00:48:55.0125 1280 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
2011/05/23 00:48:55.0234 1280 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/05/23 00:48:55.0343 1280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/23 00:48:55.0437 1280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/23 00:48:55.0484 1280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/23 00:48:55.0640 1280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/23 00:48:55.0671 1280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/23 00:48:55.0750 1280 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
2011/05/23 00:48:55.0828 1280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/23 00:48:55.0921 1280 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/23 00:48:56.0093 1280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/23 00:48:56.0171 1280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/23 00:48:56.0265 1280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/23 00:48:56.0296 1280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/23 00:48:56.0375 1280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/23 00:48:56.0578 1280 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/23 00:48:56.0640 1280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/23 00:48:56.0671 1280 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/23 00:48:56.0734 1280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/23 00:48:56.0781 1280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/23 00:48:56.0828 1280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/23 00:48:57.0015 1280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/23 00:48:57.0093 1280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/23 00:48:57.0296 1280 NETw4x32 (a9574f52e2fd5c1c1b4807a326e0488f) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/05/23 00:48:57.0515 1280 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/23 00:48:57.0593 1280 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/05/23 00:48:57.0656 1280 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/05/23 00:48:57.0843 1280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/23 00:48:57.0890 1280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/23 00:48:58.0078 1280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/23 00:48:58.0156 1280 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2011/05/23 00:48:58.0218 1280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/23 00:48:58.0250 1280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/23 00:48:58.0312 1280 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
2011/05/23 00:48:58.0390 1280 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
2011/05/23 00:48:58.0578 1280 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
2011/05/23 00:48:58.0609 1280 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
2011/05/23 00:48:58.0687 1280 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/23 00:48:58.0765 1280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/23 00:48:58.0921 1280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/23 00:48:59.0015 1280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/23 00:48:59.0125 1280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/23 00:48:59.0203 1280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/23 00:48:59.0265 1280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/23 00:48:59.0843 1280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/23 00:48:59.0921 1280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/23 00:49:00.0000 1280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/23 00:49:00.0062 1280 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/23 00:49:00.0375 1280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/23 00:49:00.0484 1280 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/23 00:49:00.0546 1280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/23 00:49:00.0593 1280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/23 00:49:00.0734 1280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/23 00:49:00.0828 1280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/23 00:49:00.0859 1280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/23 00:49:00.0921 1280 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/23 00:49:01.0062 1280 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/23 00:49:01.0187 1280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/23 00:49:01.0281 1280 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2011/05/23 00:49:01.0484 1280 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/23 00:49:01.0562 1280 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/23 00:49:01.0765 1280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/23 00:49:01.0843 1280 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/23 00:49:01.0906 1280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/23 00:49:02.0000 1280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/23 00:49:02.0140 1280 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/05/23 00:49:02.0250 1280 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2011/05/23 00:49:02.0546 1280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/23 00:49:02.0640 1280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/23 00:49:02.0718 1280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/23 00:49:02.0828 1280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/23 00:49:02.0984 1280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/23 00:49:03.0281 1280 SynTP (6f9cff60129569ec39efc490f4bcde0e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/23 00:49:03.0343 1280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/23 00:49:03.0468 1280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/23 00:49:03.0609 1280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/23 00:49:03.0671 1280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/23 00:49:03.0734 1280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/23 00:49:04.0015 1280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/23 00:49:04.0140 1280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/23 00:49:04.0265 1280 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/23 00:49:04.0437 1280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/23 00:49:04.0593 1280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/23 00:49:04.0656 1280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/23 00:49:04.0750 1280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/23 00:49:04.0890 1280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/23 00:49:04.0953 1280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/23 00:49:05.0015 1280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/23 00:49:05.0093 1280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/23 00:49:05.0125 1280 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/23 00:49:05.0281 1280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/23 00:49:05.0390 1280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/23 00:49:05.0468 1280 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/23 00:49:05.0593 1280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/23 00:49:05.0828 1280 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/05/23 00:49:05.0890 1280 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/23 00:49:06.0000 1280 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/23 00:49:06.0109 1280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/23 00:49:06.0187 1280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/23 00:49:06.0328 1280 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/23 00:49:06.0328 1280 ================================================================================
2011/05/23 00:49:06.0328 1280 Scan finished
2011/05/23 00:49:06.0328 1280 ================================================================================
2011/05/23 00:49:06.0375 0212 Detected object count: 1
2011/05/23 00:49:13.0421 0212 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/23 00:49:13.0421 0212 \HardDisk0 - ok
2011/05/23 00:49:13.0421 0212 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/23 00:49:59.0765 1060 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users