Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stop 0x0000007B Possible MBR Virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 KMMillerJD

KMMillerJD

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 18 June 2011 - 03:01 PM

Hello: Recently I experienced a Stop 0x7B blue screen error when starting windows. This caused windows not to startup normally or in safe mode or by using any other mode. I ran Norton Boot Recovery Tool and it found no viruses, but the machine would still not startup. Later, I ran Windows XP setup to repair (reinstall) the operating system. The system will now start, however, the startup process is slower than previously and my hard drive shows activity at regular intervals even when I am not accessing it. I have turned off indexing and reviewed the preparation guide and followed other steps where indicated. I was sent here from the "Am I infected? What do I do?" forum (link to post fololows):

http://www.bleepingcomputer.com/forums/topic401281.html/page__p__2291400

Dell Latitude E5500, Windows XP Pro SP3, Intel Core Duo 2GHz, 4GB RAM

The original error is:

*** STOP: 0x0000007B (0xBA4CF524, 0xC0000034, 0x00000000, 0x00000000)

I am not getting this error since the first re-install, but I had to reinstall windows because a second time because I could not start windows between my post to the AII forum and this post. I did not get the stop error, but the computer would not start up in any mode.

My logs follow as instructed.

Thank you,

Kent

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by KMMiller at 23:18:18 on 2011-06-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2417 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
svchost.exe
C:\WINDOWS\system32\LFXGDIPO.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.EXE
C:\Program Files\Companion Suite Pro LL\MFPrintServer.exe
C:\Program Files\Companion Suite Pro LL\MFServices.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\KMMiller\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SRS Premium Sound] "c:\program files\srs labs\srs premium sound\SRSPremiumSoundBig_Small.exe" /hideme
uRun: [Google Update] "c:\documents and settings\kmmiller\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x4\programs\QFSCHD140.EXE"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [MFPrintServer_Pro_LL] "c:\program files\companion suite pro ll\MFPrintServer.exe"
mRun: [MFServices_Pro_LL] "c:\program files\companion suite pro ll\MFServices.exe" -n
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\kmmiller\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kmmiller\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\kmmiller\start menu\programs\ultimatebet\UltimateBet.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: chipleader.com\affiliates
Trusted Zone: cloudfront.net\d1rzercstjfql6
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.0.cab
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252547485171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{12402EE4-279A-4934-9A05-84DF6BBDBBDF} : DhcpNameServer = 167.206.251.129 167.206.251.130
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-22 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-22 744568]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-6-28 911680]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110519.002\BHDrvx86.sys [2011-5-19 810616]
R1 lfxnt;lfxnt;c:\windows\system32\drivers\lfxnt.sys [2010-7-26 61740]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-22 136312]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-27 1664248]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 378224]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-13 366640]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-22 130008]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-12-22 77312]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-9-1 112512]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-6-28 160704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-15 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110615.001\IDSXpx86.sys [2011-6-15 355256]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-1 109568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-13 22712]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110615.021\NAVENG.SYS [2011-6-15 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110615.021\NAVEX15.SYS [2011-6-15 1542392]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-9-1 232744]
S0 cerc6;cerc6; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-6-28 2480048]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]
S3 LFXACT;Companion Suite Pro LL F@X activities;c:\windows\system32\drivers\LFXACT.sys [2010-7-26 20672]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-2-19 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\drivers\XMLDIUSB.sys [2010-7-26 31879]
.
=============== Created Last 30 ================
.
2011-06-16 03:11:59 -------- d-----w- c:\windows\pss
2011-06-16 02:42:23 206200 ----a-w- C:\Contig.exe
2011-06-16 01:53:30 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-06-15 22:35:17 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-06-15 22:35:13 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-06-15 22:35:13 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-06-15 22:35:10 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-06-15 22:35:07 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-06-15 22:33:59 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-06-15 22:32:57 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-06-15 22:31:57 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-06-15 22:30:57 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-06-15 22:29:56 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-06-15 22:28:55 73796 -c--a-w- c:\windows\system32\dllcache\slserv.exe
2011-06-15 22:27:58 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2011-06-15 22:26:57 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2011-06-15 22:25:59 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2011-06-15 22:24:57 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2011-06-15 22:23:56 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-06-15 22:22:59 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-06-15 22:21:58 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-06-15 22:20:57 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-06-15 22:19:45 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2011-06-15 22:18:45 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2011-06-15 22:17:58 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2011-06-15 22:16:59 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2011-06-15 22:15:59 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2011-06-15 22:14:59 24648 -c--a-w- c:\windows\system32\dllcache\dfe650.sys
2011-06-15 22:13:59 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-06-15 22:12:59 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-06-15 22:11:51 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-06-14 03:02:29 -------- d-----w- c:\documents and settings\kmmiller\application data\SUPERAntiSpyware.com
2011-06-14 03:02:29 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-14 03:02:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-13 23:38:32 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-13 23:38:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 23:38:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-13 03:34:06 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-06-13 03:33:41 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-06-13 02:48:54 -------- d-----w- c:\documents and settings\all users\application data\NTRU Cryptosystems
2011-06-13 02:27:32 405504 ----a-r- c:\documents and settings\kmmiller\application data\microsoft\installer\{0003c1e0-e0e7-49bb-a0f6-4ae6d2b09202}\ARPPRODUCTICON.exe
2011-06-13 01:45:42 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-13 01:29:27 5443584 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2011-06-13 01:03:21 0 ----a-w- c:\windows\invcol.tmp
2011-06-13 00:59:36 -------- d-----w- c:\documents and settings\kmmiller\local settings\application data\Deployment
2011-06-13 00:27:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-13 00:27:16 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-13 00:27:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-13 00:27:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-13 00:27:16 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-13 00:27:15 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-13 00:27:15 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-06-12 21:46:17 2192768 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-06-12 21:46:16 2069376 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-06-12 21:09:59 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2011-06-12 21:08:59 19456 -c--a-w- c:\windows\system32\dllcache\agt0804.dll
2011-06-12 21:06:33 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-06-12 21:06:33 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-06-12 20:47:42 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-06-12 20:47:42 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-06-12 20:47:42 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-06-12 20:47:42 13312 ----a-w- c:\windows\system32\irclass.dll
2011-06-12 20:47:25 16535 ----a-r- c:\windows\SETD8.tmp
2011-06-12 20:47:23 1088840 ----a-r- c:\windows\SETCC.tmp
2011-06-12 20:47:21 1296669 ----a-r- c:\windows\SETC9.tmp
2011-06-11 00:23:10 -------- d-----w- c:\documents and settings\kmmiller\.amu
2011-06-02 13:53:36 -------- d-----w- c:\documents and settings\kmmiller\local settings\application data\NPE
2011-05-30 23:12:47 -------- d-----w- c:\windows\system32\winrm
2011-05-30 23:12:42 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-05-30 14:49:18 16535 ----a-r- c:\windows\SET141.tmp
2011-05-30 14:49:16 1088840 ----a-r- c:\windows\SET135.tmp
2011-05-30 14:49:14 1296669 ----a-r- c:\windows\SET132.tmp
2011-05-30 10:38:32 -------- d-----w- c:\windows\Dell
2011-05-28 15:15:52 -------- d-----w- c:\windows\mytmp
2011-05-28 10:06:38 -------- d-----w- C:\_Backup.RC
2011-05-27 19:24:19 -------- d-----w- C:\NBRT
2011-05-23 02:19:55 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys
2011-05-23 02:19:55 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-05-23 02:19:55 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-05-23 02:19:55 369784 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys
2011-05-23 02:19:55 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys
2011-05-23 02:19:55 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-05-23 02:19:55 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-05-23 02:19:55 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys
2011-05-23 02:19:39 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
.
==================== Find3M ====================
.
2011-06-06 03:28:12 3818 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-05-23 02:22:02 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-23 02:22:02 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-14 00:52:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-09 13:04:27 1409 ----a-w- c:\windows\arial.fot
.
============= FINISH: 23:19:29.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 AM

Posted 26 June 2011 - 07:24 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 KMMillerJD

KMMillerJD
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 26 June 2011 - 07:29 PM

Hi: Thanks for the reply. I'm here and waiting for next steps. -- Kent

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 AM

Posted 26 June 2011 - 07:48 PM

Let's see if we can find any sign of a boot-sector virus

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 KMMillerJD

KMMillerJD
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 26 June 2011 - 09:17 PM

Here are the scan logs:

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-26 22:11:39
-----------------------------
22:11:39.261 OS Version: Windows 5.1.2600 Service Pack 3
22:11:39.261 Number of processors: 2 586 0xF0D
22:11:39.261 ComputerName: KMMILLERJD UserName: KMMiller
22:11:41.246 Initialize success
22:12:08.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:12:08.355 Disk 0 Vendor: Hitachi_ FC2O Size: 152627MB BusType: 3
22:12:08.402 Disk 0 MBR read successfully
22:12:08.402 Disk 0 MBR scan
22:12:08.402 Disk 0 Windows XP default MBR code
22:12:08.402 Disk 0 scanning sectors +312576705
22:12:08.449 Disk 0 scanning C:\WINDOWS\system32\drivers
22:12:18.261 Service scanning
22:12:19.558 Disk 0 trace - called modules:
22:12:19.621 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:12:19.621 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b033688]
22:12:19.621 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b034028]
22:12:19.636 Scan finished successfully
22:12:27.761 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\KMMiller\Desktop\MBR.dat"
22:12:27.777 The log file has been saved successfully to "C:\Documents and Settings\KMMiller\Desktop\aswMBR.txt"


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F05000 dmio.sys
0xBA4C4000 ACPIEC.sys
0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA328000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9E2A000 iaStor.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E0A000 fltMgr.sys
0xB9DB3000 SYMDS.SYS
0xB9DA1000 sr.sys
0xB9CE6000 SYMEFA.SYS
0xBA5AE000 DLACDBHM.SYS
0xB9CCF000 DRVMCDB.SYS
0xBA118000 PxHelp20.sys
0xB9CB8000 KSecDD.sys
0xB9CA5000 WudfPf.sys
0xB9C18000 Ntfs.sys
0xB9BEB000 NDIS.sys
0xB9B5E000 timntr.sys
0xB9A81000 tdrpm258.sys
0xB9A5A000 snapman.sys
0xBA128000 PBADRV.sys
0xB9A40000 Mup.sys
0xB7FDD000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB7FC9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA380000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7FA5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7F7D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7CEA000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB7CB8000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA258000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB7CA4000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB7C93000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xBA268000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB7C51000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA278000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB7BE0000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA390000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA398000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA298000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB866A000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7BBD000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB98FF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB98FB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB865A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7ACC000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB7A94000 \SystemRoot\system32\drivers\srs_PremiumSound_i386.sys
0xB864A000 \SystemRoot\system32\drivers\povrtdev.sys
0xB7A70000 \SystemRoot\system32\drivers\portcls.sys
0xB863A000 \SystemRoot\system32\drivers\drmk.sys
0xBA765000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB862A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB98F7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7A59000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB861A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB860A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7A48000 \SystemRoot\system32\DRIVERS\psched.sys
0xB85FA000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7A18000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB85EA000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5B4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB79BA000 \SystemRoot\system32\DRIVERS\update.sys
0xB99DF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xA5694000 \SystemRoot\system32\DRIVERS\btport.sys
0xA51DA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA4309000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA65C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA3AE9000 \SystemRoot\system32\drivers\sthda.sys
0xA3ACD000 \SystemRoot\system32\drivers\AESTAud.sys
0xA3AAD000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x9DFDC000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0x9EE17000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9DCFE000 \SystemRoot\System32\Drivers\Null.SYS
0x9EE15000 \SystemRoot\System32\Drivers\Beep.SYS
0x9D959000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x9D951000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9D949000 \SystemRoot\System32\drivers\vga.sys
0x9EE13000 \SystemRoot\System32\Drivers\mnmdd.SYS
0x9EE11000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9D941000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9D939000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9DFD0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9C6ED000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9C694000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9C63B000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMTDI.SYS
0x9C615000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9C5EF000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0x9D627000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9C56D000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9C54B000 \SystemRoot\System32\drivers\afd.sys
0x9D5F7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0x9D5E7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA432B000 \??\C:\WINDOWS\system32\drivers\lfxnt.sys
0x9C527000 \SystemRoot\system32\drivers\N360\0501000.01D\Ironx86.SYS
0x9D597000 \SystemRoot\system32\drivers\N360\0501000.01D\SRTSPX.SYS
0x9C505000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xA4323000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9C4DA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9C46A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CD1D000 \SystemRoot\System32\Drivers\Fips.SYS
0x9C40C000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9C3EE000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9C324000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys
0x9CCED000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9C249000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA6D70000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3C0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA3F6A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBF691000 \SystemRoot\System32\ATMFD.DLL
0x9C1CF000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0xA3A91000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0x9D5A7000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA758000 \SystemRoot\System32\Drivers\DLADResM.SYS
0x9C1B6000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xA56AC000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xB9923000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xA56A4000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xA569C000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0x9C1A0000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0x9C189000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xA1160000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C0FC000 \SystemRoot\system32\drivers\wdmaud.sys
0x9D607000 \SystemRoot\system32\drivers\sysaudio.sys
0x9C059000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9BFBB000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x9BDFB000 \SystemRoot\system32\DRIVERS\srv.sys
0x9B4AF000 \SystemRoot\System32\Drivers\N360\0501000.01D\SRTSP.SYS
0x9ADFD000 \SystemRoot\System32\Drivers\HTTP.sys
0x9A999000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9B9C3000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9A084000 \SystemRoot\system32\DRIVERS\serial.sys
0x9A8A1000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9A2AC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9BCF3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9C115000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB9937000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9A3FC000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xBF6D8000 \SystemRoot\System32\spool\DRIVERS\W32X86\2\ppbint.dll
0x973B6000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110626.002\NAVEX15.SYS
0x973A2000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110626.002\NAVENG.SYS
0x97348000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110624.050\IDSxpx86.sys
0x979AF000 \SystemRoot\System32\Drivers\btwusb.sys
0x9709D000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xBA478000 \SystemRoot\system32\DRIVERS\btwmodem.sys
0xA56D4000 \SystemRoot\System32\Drivers\Modem.SYS
0x9701C000 \SystemRoot\system32\drivers\btaudio.sys
0x96BB6000 \SystemRoot\system32\drivers\kmixer.sys
0x96F8C000 \??\C:\DOCUME~1\KMMiller\LOCALS~1\Temp\aswMBR.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 116):
0 System Idle Process
4 System
996 C:\WINDOWS\system32\smss.exe
1044 csrss.exe
1072 C:\WINDOWS\system32\winlogon.exe
1116 C:\WINDOWS\system32\services.exe
1128 C:\WINDOWS\system32\lsass.exe
1320 C:\Program Files\Fingerprint Sensor\AtService.exe
1340 C:\WINDOWS\system32\svchost.exe
1452 svchost.exe
1492 C:\WINDOWS\system32\svchost.exe
1536 C:\WINDOWS\system32\svchost.exe
1684 svchost.exe
1728 svchost.exe
1932 C:\WINDOWS\system32\WLTRYSVC.EXE
1944 C:\WINDOWS\system32\BCMWLTRY.EXE
1992 C:\WINDOWS\system32\BRSVC01A.EXE
2012 C:\WINDOWS\system32\lexbces.exe
2020 C:\WINDOWS\system32\BRSS01A.EXE
284 C:\WINDOWS\system32\spoolsv.exe
332 C:\drivers\audio\R213367\stacsv.exe
488 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
528 svchost.exe
900 C:\WINDOWS\system32\LFXGDIPO.EXE
260 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
1360 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1584 C:\Program Files\Bonjour\mDNSResponder.exe
1660 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
1852 C:\Program Files\Java\jre6\bin\jqs.exe
1888 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
652 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
668 C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
744 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
788 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
916 C:\WINDOWS\system32\svchost.exe
1020 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2124 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2172 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2248 C:\WINDOWS\system32\searchindexer.exe
2372 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
2404 C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
2420 C:\WINDOWS\system32\fxssvc.exe
2432 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2828 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2836 wmiprvse.exe
2856 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
3124 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3720 unsecapp.exe
2436 unsecapp.exe
2560 wmiprvse.exe
3452 alg.exe
1912 C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
2936 C:\WINDOWS\explorer.exe
3344 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3568 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
480 C:\Program Files\DellTPad\Apoint.exe
2748 C:\WINDOWS\system32\AESTFltr.exe
2960 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2988 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
3020 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
2708 C:\WINDOWS\system32\WLTRAY.EXE
3328 C:\WINDOWS\system32\svchost.exe
3040 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
388 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
4132 C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
4220 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
4244 C:\Program Files\Real\RealPlayer\realplay.exe
4268 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
4292 C:\Program Files\DellTPad\ApMsgFwd.exe
4372 C:\Program Files\Companion Suite Pro LL\MFPrintServer.exe
4408 C:\Program Files\DellTPad\ApntEx.exe
4452 C:\Program Files\DellTPad\hidfind.exe
4492 C:\Program Files\Companion Suite Pro LL\MFServices.exe
4756 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
4780 C:\WINDOWS\system32\wuauclt.exe
5100 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
5280 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
5516 C:\Program Files\iTunes\iTunesHelper.exe
5588 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5872 C:\WINDOWS\system32\hkcmd.exe
6020 C:\WINDOWS\system32\igfxpers.exe
6028 C:\WINDOWS\system32\igfxsrvc.exe
6104 C:\Program Files\IDT\WDM\sttray.exe
6128 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
2480 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
1264 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
3952 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
4188 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
4348 C:\WINDOWS\system32\ctfmon.exe
3572 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
5700 C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
5776 C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
5840 C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
3656 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
4248 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3516 C:\Program Files\iPod\bin\iPodService.exe
4172 C:\WINDOWS\system32\igfxext.exe
4592 C:\Documents and Settings\KMMiller\Application Data\Dropbox\bin\Dropbox.exe
5896 C:\Program Files\Real\RealPlayer\realplay.exe
3276 C:\Program Files\Real\RealPlayer\realplay.exe
8048 C:\Program Files\Real\RealPlayer\realplay.exe
6796 C:\Program Files\Real\RealPlayer\realplay.exe
2592 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
4152 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
6980 C:\Program Files\Real\RealPlayer\realplay.exe
6352 C:\Program Files\Real\RealPlayer\realplay.exe
6688 C:\WINDOWS\system32\searchprotocolhost.exe
7836 C:\Program Files\Real\RealPlayer\realplay.exe
7928 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
7416 C:\Program Files\Real\RealPlayer\realplay.exe
5552 C:\Program Files\Real\RealPlayer\realplay.exe
6520 C:\Program Files\Real\RealPlayer\realplay.exe
6932 C:\Program Files\Real\RealPlayer\realplay.exe
6660 C:\Program Files\Real\RealPlayer\realplay.exe
7668 searchfilterhost.exe
2144 C:\Documents and Settings\KMMiller\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04e71400 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS723216L9A362, Rev: FC2OC39F

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 AM

Posted 27 June 2011 - 05:26 PM

No problems there. Please run TDSSKiller just to be sure.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#7 KMMillerJD

KMMillerJD
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 27 June 2011 - 06:21 PM

Here is the report:

2011/06/27 19:18:42.0687 4736 TDSS rootkit removing tool 2.5.6.0 Jun 27 2011 15:22:52
2011/06/27 19:18:43.0265 4736 ================================================================================
2011/06/27 19:18:43.0265 4736 SystemInfo:
2011/06/27 19:18:43.0265 4736
2011/06/27 19:18:43.0265 4736 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/27 19:18:43.0265 4736 Product type: Workstation
2011/06/27 19:18:43.0265 4736 ComputerName: KMMILLERJD
2011/06/27 19:18:43.0265 4736 UserName: KMMiller
2011/06/27 19:18:43.0265 4736 Windows directory: C:\WINDOWS
2011/06/27 19:18:43.0265 4736 System windows directory: C:\WINDOWS
2011/06/27 19:18:43.0265 4736 Processor architecture: Intel x86
2011/06/27 19:18:43.0265 4736 Number of processors: 2
2011/06/27 19:18:43.0265 4736 Page size: 0x1000
2011/06/27 19:18:43.0265 4736 Boot type: Normal boot
2011/06/27 19:18:43.0265 4736 ================================================================================
2011/06/27 19:18:43.0640 4736 Initialize success
2011/06/27 19:18:51.0484 5992 ================================================================================
2011/06/27 19:18:51.0484 5992 Scan started
2011/06/27 19:18:51.0484 5992 Mode: Manual;
2011/06/27 19:18:51.0484 5992 ================================================================================
2011/06/27 19:18:52.0218 5992 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/06/27 19:18:52.0281 5992 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/27 19:18:52.0375 5992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/27 19:18:52.0421 5992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/27 19:18:52.0468 5992 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/27 19:18:52.0546 5992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/27 19:18:52.0625 5992 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/06/27 19:18:52.0671 5992 afcdp (4fa0ca536dab995baf48bd41b4e2ed00) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2011/06/27 19:18:52.0750 5992 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/27 19:18:52.0921 5992 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/27 19:18:52.0937 5992 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/27 19:18:52.0984 5992 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/27 19:18:53.0031 5992 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/27 19:18:53.0062 5992 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/27 19:18:53.0109 5992 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/27 19:18:53.0140 5992 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/27 19:18:53.0171 5992 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/27 19:18:53.0234 5992 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/27 19:18:53.0281 5992 ApfiltrService (22403504e15810e99a563782e9d45311) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/06/27 19:18:53.0328 5992 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/27 19:18:53.0390 5992 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/27 19:18:53.0531 5992 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/27 19:18:53.0609 5992 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/27 19:18:53.0703 5992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/27 19:18:53.0796 5992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/27 19:18:53.0875 5992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/27 19:18:53.0968 5992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/27 19:18:54.0046 5992 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/06/27 19:18:54.0296 5992 b57w2k (ea377a8e8e1000877210259750cbbf5f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/27 19:18:54.0437 5992 BCM43XX (5d4893633b7161fa25500eb7aeabec94) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/27 19:18:54.0640 5992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/27 19:18:54.0890 5992 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys
2011/06/27 19:18:55.0000 5992 Blfp (a341cdb0beb6880f11678944f292dd16) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
2011/06/27 19:18:55.0093 5992 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2011/06/27 19:18:55.0328 5992 btaudio (f688bbbe8e3e7e03e35caabd66616ddb) C:\WINDOWS\system32\drivers\btaudio.sys
2011/06/27 19:18:55.0359 5992 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/06/27 19:18:55.0468 5992 BTKRNL (38a3331e2f690d4cdc9de0604b9416e5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/06/27 19:18:55.0687 5992 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/06/27 19:18:55.0718 5992 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/06/27 19:18:55.0796 5992 BTWUSB (d5af663711660d32ec230c6aaf7b6b83) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/06/27 19:18:55.0890 5992 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/27 19:18:55.0937 5992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/27 19:18:56.0000 5992 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/27 19:18:56.0078 5992 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/27 19:18:56.0156 5992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/27 19:18:56.0250 5992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/27 19:18:56.0328 5992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/27 19:18:56.0578 5992 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/27 19:18:56.0640 5992 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/27 19:18:56.0703 5992 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/27 19:18:56.0796 5992 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/27 19:18:56.0843 5992 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/27 19:18:56.0906 5992 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/27 19:18:56.0984 5992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/27 19:18:57.0125 5992 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2011/06/27 19:18:57.0156 5992 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2011/06/27 19:18:57.0187 5992 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/27 19:18:57.0203 5992 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2011/06/27 19:18:57.0234 5992 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2011/06/27 19:18:57.0265 5992 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2011/06/27 19:18:57.0281 5992 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2011/06/27 19:18:57.0296 5992 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/06/27 19:18:57.0312 5992 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2011/06/27 19:18:57.0343 5992 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2011/06/27 19:18:57.0406 5992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/27 19:18:57.0437 5992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/06/27 19:18:57.0484 5992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/27 19:18:57.0546 5992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/27 19:18:57.0609 5992 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/27 19:18:57.0703 5992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/27 19:18:57.0781 5992 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/27 19:18:57.0828 5992 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/27 19:18:57.0921 5992 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/27 19:18:57.0968 5992 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/27 19:18:58.0078 5992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/27 19:18:58.0156 5992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/27 19:18:58.0203 5992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/27 19:18:58.0250 5992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/27 19:18:58.0421 5992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/27 19:18:58.0468 5992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/27 19:18:58.0531 5992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/27 19:18:58.0593 5992 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/27 19:18:58.0640 5992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/27 19:18:58.0734 5992 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/27 19:18:58.0828 5992 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/27 19:18:58.0906 5992 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/27 19:18:58.0968 5992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/27 19:18:59.0109 5992 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/27 19:18:59.0171 5992 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/27 19:18:59.0234 5992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/27 19:18:59.0546 5992 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/27 19:18:59.0781 5992 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/06/27 19:19:00.0031 5992 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110624.050\IDSxpx86.sys
2011/06/27 19:19:00.0109 5992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/27 19:19:00.0187 5992 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/27 19:19:00.0296 5992 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/06/27 19:19:00.0453 5992 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/27 19:19:00.0515 5992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/27 19:19:00.0578 5992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/27 19:19:00.0640 5992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/27 19:19:00.0687 5992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/27 19:19:00.0750 5992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/27 19:19:00.0812 5992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/27 19:19:00.0843 5992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/27 19:19:00.0906 5992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/27 19:19:00.0953 5992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/27 19:19:01.0031 5992 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/27 19:19:01.0109 5992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/27 19:19:01.0265 5992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/27 19:19:01.0375 5992 LFXACT (5d8b1e46da49c5963b7509815949e4c4) C:\WINDOWS\system32\Drivers\LFXACT.sys
2011/06/27 19:19:01.0500 5992 lfxnt (e9589446a69caa6fcb3e4464179ef27c) C:\WINDOWS\system32\drivers\lfxnt.sys
2011/06/27 19:19:01.0609 5992 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/27 19:19:01.0671 5992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/27 19:19:01.0718 5992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/27 19:19:01.0750 5992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/27 19:19:01.0828 5992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/27 19:19:01.0843 5992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/27 19:19:01.0875 5992 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/27 19:19:01.0906 5992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/27 19:19:02.0062 5992 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/27 19:19:02.0125 5992 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/06/27 19:19:02.0171 5992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/27 19:19:02.0218 5992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/27 19:19:02.0281 5992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/27 19:19:02.0312 5992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/27 19:19:02.0343 5992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/27 19:19:02.0406 5992 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/27 19:19:02.0453 5992 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
2011/06/27 19:19:02.0625 5992 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/27 19:19:02.0671 5992 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/27 19:19:02.0953 5992 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110627.004\NAVENG.SYS
2011/06/27 19:19:03.0046 5992 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110627.004\NAVEX15.SYS
2011/06/27 19:19:03.0234 5992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/27 19:19:03.0296 5992 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/27 19:19:03.0359 5992 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/27 19:19:03.0453 5992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/27 19:19:03.0484 5992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/27 19:19:03.0562 5992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/27 19:19:03.0593 5992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/27 19:19:03.0671 5992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/27 19:19:03.0781 5992 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/27 19:19:03.0921 5992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/27 19:19:04.0031 5992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/27 19:19:04.0125 5992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/27 19:19:04.0187 5992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/27 19:19:04.0234 5992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/27 19:19:04.0250 5992 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/27 19:19:04.0296 5992 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/06/27 19:19:04.0343 5992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/27 19:19:04.0578 5992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/27 19:19:04.0609 5992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/27 19:19:04.0656 5992 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
2011/06/27 19:19:04.0718 5992 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/06/27 19:19:04.0734 5992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/27 19:19:04.0828 5992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/27 19:19:04.0843 5992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/27 19:19:04.0921 5992 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/27 19:19:04.0953 5992 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/27 19:19:05.0015 5992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/27 19:19:05.0156 5992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/27 19:19:05.0187 5992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/27 19:19:05.0265 5992 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/27 19:19:05.0343 5992 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/27 19:19:05.0421 5992 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/27 19:19:05.0468 5992 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/27 19:19:05.0531 5992 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/27 19:19:05.0609 5992 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/27 19:19:05.0671 5992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/27 19:19:05.0750 5992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/27 19:19:05.0890 5992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/27 19:19:05.0921 5992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/27 19:19:06.0000 5992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/27 19:19:06.0046 5992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/27 19:19:06.0093 5992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/27 19:19:06.0156 5992 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/27 19:19:06.0218 5992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/27 19:19:06.0265 5992 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/06/27 19:19:06.0421 5992 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/27 19:19:06.0468 5992 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/27 19:19:06.0609 5992 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/27 19:19:06.0687 5992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/27 19:19:06.0750 5992 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/27 19:19:06.0812 5992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/27 19:19:06.0906 5992 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/06/27 19:19:06.0953 5992 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/06/27 19:19:07.0046 5992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/27 19:19:07.0140 5992 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/27 19:19:07.0171 5992 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/27 19:19:07.0375 5992 snapman (4f7ed0c2f594f1b8e9cafab21eb86126) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/06/27 19:19:07.0468 5992 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/27 19:19:07.0562 5992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/27 19:19:07.0609 5992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/27 19:19:07.0671 5992 SRS_PremiumSound_Service (584477fdfa731af4635f5875c6b52531) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
2011/06/27 19:19:07.0781 5992 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
2011/06/27 19:19:07.0937 5992 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
2011/06/27 19:19:08.0015 5992 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/27 19:19:08.0156 5992 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/27 19:19:08.0359 5992 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/27 19:19:08.0468 5992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/27 19:19:08.0546 5992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/27 19:19:08.0609 5992 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/27 19:19:08.0656 5992 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/27 19:19:08.0750 5992 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
2011/06/27 19:19:08.0937 5992 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
2011/06/27 19:19:09.0031 5992 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/06/27 19:19:09.0062 5992 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
2011/06/27 19:19:09.0171 5992 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS
2011/06/27 19:19:09.0234 5992 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/27 19:19:09.0390 5992 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/27 19:19:09.0484 5992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/27 19:19:09.0578 5992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/27 19:19:09.0703 5992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/27 19:19:09.0796 5992 tdrpman258 (8de3e45000ba8c9ebb16737d3f83e216) C:\WINDOWS\system32\DRIVERS\tdrpm258.sys
2011/06/27 19:19:09.0968 5992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/27 19:19:10.0031 5992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/27 19:19:10.0109 5992 timounter (3e06987fedbcdfbff8e85ef8108565f9) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/06/27 19:19:10.0171 5992 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/27 19:19:10.0250 5992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/27 19:19:10.0312 5992 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/27 19:19:10.0375 5992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/27 19:19:10.0437 5992 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/27 19:19:10.0609 5992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/27 19:19:10.0671 5992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/27 19:19:10.0718 5992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/27 19:19:10.0781 5992 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/27 19:19:10.0890 5992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/27 19:19:10.0937 5992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/27 19:19:11.0000 5992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/27 19:19:11.0062 5992 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/27 19:19:11.0109 5992 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/27 19:19:11.0171 5992 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
2011/06/27 19:19:11.0343 5992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/27 19:19:11.0421 5992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/27 19:19:11.0484 5992 WavxDMgr (81f117b7834fa0b78c2354208d185528) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
2011/06/27 19:19:11.0578 5992 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/06/27 19:19:11.0640 5992 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/27 19:19:11.0812 5992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/27 19:19:11.0968 5992 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/27 19:19:12.0156 5992 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/27 19:19:12.0265 5992 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/27 19:19:12.0375 5992 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/27 19:19:12.0437 5992 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/27 19:19:12.0562 5992 XMLDIUSB (4f59ecace6c600fe9054dc95c19fa659) C:\WINDOWS\system32\Drivers\XMLDIUSB.sys
2011/06/27 19:19:12.0656 5992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/27 19:19:12.0859 5992 Boot (0x1200) (5c5d0bbb54c0fbd83c9cfb3287da12e4) \Device\Harddisk0\DR0\Partition0
2011/06/27 19:19:12.0875 5992 ================================================================================
2011/06/27 19:19:12.0875 5992 Scan finished
2011/06/27 19:19:12.0875 5992 ================================================================================
2011/06/27 19:19:12.0906 3092 Detected object count: 0
2011/06/27 19:19:12.0906 3092 Actual detected object count: 0
2011/06/27 19:19:32.0218 3164 Deinitialize success

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 AM

Posted 27 June 2011 - 07:41 PM

Not looking like an MBR infection now.

Please run MBAM and SAS and let's see if there's any sign of malware. The Stop error also points to system problems but we need to be sure

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#9 KMMillerJD

KMMillerJD
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 28 June 2011 - 01:51 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6964

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/28/2011 8:35:56 AM
mbam-log-2011-06-28 (08-35-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 410286
Time elapsed: 4 hour(s), 41 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoundEdit Pro (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\soundeditpro\UNWISE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.

~~~~~~

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/28/2011 at 02:38 PM

Application Version : 4.54.1000

Core Rules Database Version : 7263
Trace Rules Database Version: 5075

Scan type : Complete Scan
Total Scan Time : 04:22:40

Memory items scanned : 850
Memory threats detected : 0
Registry items scanned : 8879
Registry threats detected : 0
File items scanned : 215989
File threats detected : 202

Adware.Tracking Cookie
C:\Documents and Settings\KMMiller\Cookies\kmmiller@media6degrees[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@a1.interclick[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@www.googleadservices[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@invitemedia[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@www.peoplefinders[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@mm.chitika[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@clickfuse[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@ad.wsod[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@species.wikimedia[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@findlaw[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@media.adfrontiers[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@lucidmedia[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@peoplefinders[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@segment-pixel.invitemedia[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@media2.legacy[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@account.live[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@findacase[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@pointroll[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@meta.wikimedia[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@interclick[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@imrworldwide[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@ads.undertone[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@fairfieldcountyonline[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@ads.pubmatic[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@commons.wikimedia[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@collective-media[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@beacon.dmsinsights[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@mediabrandsww[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@atdmt.combing[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@tacoda.at.atwola[2].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@adxpose[1].txt
C:\Documents and Settings\KMMiller\Cookies\kmmiller@eyewonder[1].txt
ds.serving-sys.com [ C:\Documents and Settings\KMMiller\Application Data\Macromedia\Flash Player\#SharedObjects\66U7Z2HP ]
ia.media-imdb.com [ C:\Documents and Settings\KMMiller\Application Data\Macromedia\Flash Player\#SharedObjects\66U7Z2HP ]
.imrworldwide.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.marthastewart.122.2o7.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
segment-pixel.invitemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
beacon.dmsinsights.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
beacon.dmsinsights.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.r1-ads.ace.advertising.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediabrandsww.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.hearst.112.2o7.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.foreignministryse.112.2o7.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clickfuse.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clickfuse.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clickfuse.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clickfuse.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clickfuse.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clickfuse.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clickfuse.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.sparknetworks.112.2o7.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
citi.bridgetrack.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.boostmobile.112.2o7.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\KMMiller\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 AM

Posted 28 June 2011 - 02:49 PM

A trace of a trojan called FakeAlert. Has that helped the stop error?

Visit ESET next and scan the machine

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 AM

Posted 30 June 2011 - 07:30 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#12 KMMillerJD

KMMillerJD
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 30 June 2011 - 08:46 PM

Hi: Sorry. My ESET scan was interrupted and I haven't had a chance to rerun it. I will re-run the scan tonight and post both logs tomorrow. Thanks, Kent

#13 KMMillerJD

KMMillerJD
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 01 July 2011 - 05:24 AM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6964

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/28/2011 8:35:56 AM
mbam-log-2011-06-28 (08-35-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 410286
Time elapsed: 4 hour(s), 41 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoundEdit Pro (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\soundeditpro\UNWISE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.

~~~~~~


C:\Documents and Settings\KMMiller\Application Data\Sun\Java\Deployment\cache\6.0\16\488e63d0-7800b74d Java/Exploit.CVE-2010-3562.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\KMMiller\Application Data\Sun\Java\Deployment\cache\6.0\61\7ae6b8bd-6e94be34 a variant of Java/Exploit.CVE-2009-2843.B trojan deleted - quarantined
C:\Documents and Settings\KMMiller\Application Data\Sun\Java\Deployment\cache\6.0\63\25097d3f-6648acf5 Java/Exploit.CVE-2009-2843.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\KMMiller\My Documents\My Downloads\CuteComp.exe Win32/Adware.WhenU.SaveNow application deleted - quarantined

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:03 AM

Posted 01 July 2011 - 04:54 PM

How's the PC running now?
Posted Image
m0le is a proud member of UNITE

#15 KMMillerJD

KMMillerJD
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 03 July 2011 - 01:26 PM

I haven't restarted the PC, other than as directed, but I have not gotten another Stop Error. However, my hard drive keeps flashing at regular intervals, and I can't tell what is accessing it. I've tried unsuccessfully following the instructions for turning off windows indexing, but I'm also still concerned that it's something else. The system seems to stall while I'm working in MS Word or using Internet Explorer. In other words, sometimes when I am typing it takes a while for the characters to appear on the screen -- sort of like the system is having a hiccup, if that makes sense. Any other ideas? Thanks, Kent




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users