Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Several Issues including search redirecting


  • Please log in to reply
18 replies to this topic

#1 Jim_from_Mich

Jim_from_Mich

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 29 September 2011 - 12:15 PM

I have really picked up a bad virus or malware along the way. The PC has two user logins. One user has lost all access to desktop, programs, and files. The files are all still on the hard drive, but they can not be accessed from the first account. The second account is functioning at about 90%. There is a loss of access to some programs in the start menu because the shortcuts have been deleted and IE 8 has the following issues: search redirects, closes for no reason, and audio playing in the background without any additional applications appearing in the task manager.

I have run my antivirus in full scan mode with no luck. Where should I start to clean up this mess?

BC AdBot (Login to Remove)

 


#2 Spartacus1

Spartacus1

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 29 September 2011 - 12:58 PM

Try running RKill (http://www.bleepingcomputer.com/download/anti-virus/rkill), SUPERAntiSpyware (http://www.superantispyware.com/)(UPDATING BEFORE SCANNING), and MalwareBytes (http://www.malwarebytes.org/)(UPDATE BEFORE SCANNING) in this order.
Hope this works!
May thou virus bow at thy mercy when you come to me...

#3 Jim_from_Mich

Jim_from_Mich
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 02 October 2011 - 08:46 AM

I have ran all three applictions above. They did find and remove soem items. However, I still have the same issues.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 PM

Posted 02 October 2011 - 12:27 PM

Hello ,did you run RKill and then Malwarebytes and SAS immediately after?

Please post the logs.


Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Jim_from_Mich

Jim_from_Mich
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 02 October 2011 - 01:53 PM

Yes, I ran Rkill, then the other two applications immediately after.

Here is the log from SAS:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/29/2011 at 08:00 PM

Application Version : 5.0.1128

Core Rules Database Version : 7737
Trace Rules Database Version: 5549

Scan type : Complete Scan
Total Scan Time : 02:55:30

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 629
Memory threats detected : 0
Registry items scanned : 41882
Registry threats detected : 15
File items scanned : 74098
File threats detected : 230

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version

Adware.Tracking Cookie
C:\Documents and Settings\Robyn\Cookies\ZV0U2T7F.txt [ /revsci.net ]
C:\Documents and Settings\Robyn\Cookies\FVKF4LIA.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\Robyn\Cookies\XDU6XY46.txt [ /mediaplex.com ]
C:\Documents and Settings\Robyn\Cookies\AAY3RZ6Y.txt [ /mediabrandsww.com ]
C:\Documents and Settings\Robyn\Cookies\WAN3EEYZ.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\Robyn\Cookies\1QBRQGOK.txt [ /synacorwideopenwest.112.2o7.net ]
C:\Documents and Settings\Robyn\Cookies\EX7040H6.txt [ /apmebf.com ]
C:\Documents and Settings\Robyn\Cookies\553RQVP7.txt [ /adbrite.com ]
C:\Documents and Settings\Robyn\Cookies\O2F638BZ.txt [ /advertising.com ]
C:\Documents and Settings\Robyn\Cookies\91D4L34I.txt [ /liveperson.net ]
C:\Documents and Settings\Robyn\Cookies\OR313JTG.txt [ /clicks.thespecialsearch.com ]
C:\Documents and Settings\Robyn\Cookies\VOGN3RPO.txt [ /interclick.com ]
C:\Documents and Settings\Robyn\Cookies\ERFVTFTQ.txt [ /server.iad.liveperson.net ]
C:\Documents and Settings\Robyn\Cookies\14M59T25.txt [ /legolas-media.com ]
C:\Documents and Settings\Robyn\Cookies\UCSWM0S1.txt [ /ads.lycos.com ]
C:\Documents and Settings\Robyn\Cookies\8P8G35EU.txt [ /r1-ads.ace.advertising.com ]
C:\Documents and Settings\Robyn\Cookies\Q2SR0JK3.txt [ /eyewonder.com ]
C:\Documents and Settings\Robyn\Cookies\TFDJAOZZ.txt [ /burstnet.com ]
C:\Documents and Settings\Robyn\Cookies\Z5DWTWSB.txt [ /ru4.com ]
C:\Documents and Settings\Robyn\Cookies\6M0IUL6L.txt [ /realmedia.com ]
C:\Documents and Settings\Robyn\Cookies\L996L1QB.txt [ /ero-advertising.com ]
C:\Documents and Settings\Robyn\Cookies\W4CEGQCE.txt [ /r.udtracker.net ]
C:\Documents and Settings\Robyn\Cookies\R4JU1JNH.txt [ /anrtx.tacoda.net ]
C:\Documents and Settings\Robyn\Cookies\6LS9D4KD.txt [ /ar.atwola.com ]
C:\Documents and Settings\Robyn\Cookies\DCO5BJQL.txt [ /xiti.com ]
C:\Documents and Settings\Robyn\Cookies\C6ZZJDN0.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\Robyn\Cookies\N72TONXY.txt [ /imrworldwide.com ]
C:\Documents and Settings\Robyn\Cookies\QFEWYFWY.txt [ /twavemedia.com ]
C:\Documents and Settings\Robyn\Cookies\9U3D0TO4.txt [ /yieldmanager.net ]
C:\Documents and Settings\Robyn\Cookies\WTNOWY9L.txt [ /questionmarket.com ]
C:\Documents and Settings\Robyn\Cookies\WT1GP45B.txt [ /specificclick.net ]
C:\Documents and Settings\Robyn\Cookies\3J7K79XN.txt [ /pointroll.com ]
C:\Documents and Settings\Robyn\Cookies\62BF6I7S.txt [ /media6degrees.com ]
C:\Documents and Settings\Robyn\Cookies\K0JKFPTS.txt [ /lfstmedia.com ]
C:\Documents and Settings\Robyn\Cookies\RN6SWD9H.txt [ /ad.wsod.com ]
C:\Documents and Settings\Robyn\Cookies\IYDZ616Z.txt [ /invitemedia.com ]
C:\Documents and Settings\Robyn\Cookies\N4U3MOA3.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\Robyn\Cookies\H2ISW3L3.txt [ /exoclick.com ]
C:\Documents and Settings\Robyn\Cookies\YHEDIXWY.txt [ /mm.chitika.net ]
C:\Documents and Settings\Robyn\Cookies\3H0ECPB4.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Robyn\Cookies\0MDQ1R7P.txt [ /casalemedia.com ]
C:\Documents and Settings\Robyn\Cookies\EM8L6OEC.txt [ /atdmt.com ]
C:\Documents and Settings\Robyn\Cookies\FFZ4UZQS.txt [ /serving-sys.com ]
C:\Documents and Settings\Robyn\Cookies\A1IN59RY.txt [ /lucidmedia.com ]
C:\Documents and Settings\Robyn\Cookies\L1HGFAC7.txt [ /content.yieldmanager.com ]
C:\Documents and Settings\Robyn\Cookies\RV5MR6L8.txt [ /www.burstnet.com ]
C:\Documents and Settings\Robyn\Cookies\VBQRDNN5.txt [ /kontera.com ]
C:\Documents and Settings\Robyn\Cookies\R32YB6K8.txt [ /adinterax.com ]
C:\Documents and Settings\Robyn\Cookies\3IMN79I8.txt [ /media.adfrontiers.com ]
C:\Documents and Settings\Robyn\Cookies\WVSKN7I7.txt [ /ads.dothads.com ]
C:\Documents and Settings\Robyn\Cookies\T5NFHFAC.txt [ /accounts.google.com ]
C:\Documents and Settings\Robyn\Cookies\Y81U01V4.txt [ /doubleclick.net ]
C:\Documents and Settings\Robyn\Cookies\NP9VF1MQ.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Robyn\Cookies\OEIQSG2U.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Robyn\Cookies\ZK0FMO6X.txt [ /ads.fling.com ]
C:\Documents and Settings\Robyn\Cookies\I99J8GCN.txt [ /ad.360yield.com ]
C:\Documents and Settings\Robyn\Cookies\ERUELQ2B.txt [ /insightexpressai.com ]
C:\Documents and Settings\Robyn\Cookies\OK03QFF4.txt [ /shopica.com ]
C:\Documents and Settings\Robyn\Cookies\E6HQT0A5.txt [ /network.realmedia.com ]
C:\Documents and Settings\Robyn\Cookies\FD0ROSFV.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Robyn\Cookies\BH5G109M.txt [ /adxpose.com ]
C:\Documents and Settings\Robyn\Cookies\JYWPV2ZE.txt [ /ads.crakmedia.com ]
C:\Documents and Settings\Robyn\Cookies\9DMT0W6S.txt [ /collective-media.net ]
C:\Documents and Settings\Robyn\Cookies\Z76UJ54J.txt [ /fastclick.net ]
C:\Documents and Settings\Robyn\Cookies\ZKU11M36.txt [ /trafficmp.com ]
C:\Documents and Settings\Robyn\Cookies\GJ9BUN14.txt [ /liveperson.net ]
C:\Documents and Settings\Robyn\Cookies\01IE5TEO.txt [ /content.yieldmanager.com ]
C:\Documents and Settings\Robyn\Cookies\Q0J6P071.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Robyn\Cookies\PLIHVW50.txt [ /advertise.com ]
C:\Documents and Settings\Robyn\Cookies\967FLGIZ.txt [ /ads.undertone.com ]
C:\Documents and Settings\Robyn\Cookies\F6L6F4NO.txt [ /tribalfusion.com ]
C:\Documents and Settings\Robyn\Cookies\Z0GL1R3G.txt [ /at.atwola.com ]
C:\Documents and Settings\Robyn\Cookies\XQZB1BMJ.txt [ /clickkick.net ]
C:\Documents and Settings\Robyn\Cookies\Q5GV0LL3.txt [ /youporn.com ]
C:\Documents and Settings\Robyn\Cookies\TYP8H4YI.txt [ /www.pornhub.com ]
C:\Documents and Settings\Robyn\Cookies\UUGF7MMP.txt [ /www.adultrevads.com ]
C:\Documents and Settings\Robyn\Cookies\UURT4YUJ.txt [ /pornhub.com ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\G4LT52HR.txt [ Cookie:jim@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@richmedia.yahoo[2].txt [ Cookie:jim@richmedia.yahoo.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\86W49ZHN.txt [ Cookie:jim@anrtx.tacoda.net/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\3JAD259X.txt [ Cookie:jim@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\753DYFCA.txt [ Cookie:jim@youporn.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@pornografish[2].txt [ Cookie:jim@pornografish.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\S3D3JI0F.txt [ Cookie:jim@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@myspicyclips[2].txt [ Cookie:jim@myspicyclips.com/view/4152/pregnant-wife-sex/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@stats.townnews[2].txt [ Cookie:jim@stats.townnews.com/macombdaily.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\MENSF4LJ.txt [ Cookie:jim@legolas-media.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\N00A8ETA.txt [ Cookie:jim@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\93T4XO4I.txt [ Cookie:jim@adinterax.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@track.gridlockparadise[1].txt [ Cookie:jim@track.gridlockparadise.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\HPXHYLWI.txt [ Cookie:jim@r1-ads.ace.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@femaleswrestlingclips[1].txt [ Cookie:jim@femaleswrestlingclips.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@www.xxxbombtube[1].txt [ Cookie:jim@www.xxxbombtube.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@www.dacbsa[2].txt [ Cookie:jim@www.dacbsa.org/__media__/js/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@galleries2.adult-empire[1].txt [ Cookie:jim@galleries2.adult-empire.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@xpornz[1].txt [ Cookie:jim@xpornz.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@viacom.adbureau[2].txt [ Cookie:jim@viacom.adbureau.net/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@hornymummy[1].txt [ Cookie:jim@hornymummy.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@freeadultmedia[1].txt [ Cookie:jim@freeadultmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@counter4.sextracker[1].txt [ Cookie:jim@counter4.sextracker.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\8TAYAQR6.txt [ Cookie:jim@coedmediagroup.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@kontera[1].txt [ Cookie:jim@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\72EV0R2M.txt [ Cookie:jim@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\A20SPX20.txt [ Cookie:jim@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@alphaporno[3].txt [ Cookie:jim@alphaporno.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\68U813AG.txt [ Cookie:jim@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\10K7CP19.txt [ Cookie:jim@adultadworld.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@imrworldwide[2].txt [ Cookie:jim@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@counters.gigya[1].txt [ Cookie:jim@counters.gigya.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\RJ7PUHML.txt [ Cookie:jim@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@journalregistercompany.122.2o7[1].txt [ Cookie:jim@journalregistercompany.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@fameporn[1].txt [ Cookie:jim@fameporn.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\VTOY3ACV.txt [ Cookie:jim@adxpansion.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\VLG45FES.txt [ Cookie:jim@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\2WS617H5.txt [ Cookie:jim@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\LR3YTZFI.txt [ Cookie:jim@ads.crakmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\75V4KTKR.txt [ Cookie:jim@exoclick.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\9BHGGQ6A.txt [ Cookie:jim@trafficholder.com/cgi-bin/traffic/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@newwaveporn[1].txt [ Cookie:jim@newwaveporn.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\2HVZ6353.txt [ Cookie:jim@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\XGST7QG1.txt [ Cookie:jim@www.freecamsexposed.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@www.adultrevads[2].txt [ Cookie:jim@www.adultrevads.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\7WLYU39W.txt [ Cookie:jim@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@www.hardsextube[2].txt [ Cookie:jim@www.hardsextube.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\9WP3DO02.txt [ Cookie:jim@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\IVHGGRT4.txt [ Cookie:jim@ads.ventivmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@www.freeadultmedia[2].txt [ Cookie:jim@www.freeadultmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@imagevenue.advertserve[2].txt [ Cookie:jim@imagevenue.advertserve.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@pregnant-sex-video[2].txt [ Cookie:jim@pregnant-sex-video.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\IQY9ETIQ.txt [ Cookie:jim@intermundomedia.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@z.blogads[1].txt [ Cookie:jim@z.blogads.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@www.pornbb[1].txt [ Cookie:jim@www.pornbb.org/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\ODP8MAMB.txt [ Cookie:jim@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@pornars[2].txt [ Cookie:jim@pornars.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@xiti[1].txt [ Cookie:jim@xiti.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@adnetxchange[2].txt [ Cookie:jim@adnetxchange.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@pornbb[2].txt [ Cookie:jim@pornbb.org/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\9T2ZFJG6.txt [ Cookie:jim@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\6U0AOSAH.txt [ Cookie:jim@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@newwavepornchat[2].txt [ Cookie:jim@newwavepornchat.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@ads2.zeusclicks[1].txt [ Cookie:jim@ads2.zeusclicks.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@adxpose[1].txt [ Cookie:jim@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\TY5WQ0VU.txt [ Cookie:jim@ero-advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\JES2VCA4.txt [ Cookie:jim@adultfriendfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@c.gigcount[1].txt [ Cookie:jim@c.gigcount.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\YLEJDBU9.txt [ Cookie:jim@burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\TFWI0IP9.txt [ Cookie:jim@www.bleepgrowthscience.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@www.sodahead[2].txt [ Cookie:jim@www.sodahead.com/entertainment/anne-hathaway-catsuit-photo-released-who-is-the-sexiest-catwoman-ever/question-2060233/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\6IOL4HO7.txt [ Cookie:jim@www.pornbanana.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\3LWBU6EP.txt [ Cookie:jim@www.googleadservices.com/pagead/conversion/1062956124/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\HGY6B7TE.txt [ Cookie:jim@content.yieldmanager.com/ak/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@mtvn.112.2o7[1].txt [ Cookie:jim@mtvn.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@banners.sexfinder[2].txt [ Cookie:jim@banners.sexfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\6BNHJPC2.txt [ Cookie:jim@delivery.trafficbroker.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@adserver.adtechus[1].txt [ Cookie:jim@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@click.payserve[1].txt [ Cookie:jim@click.payserve.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\I098L8TO.txt [ Cookie:jim@www.porntubefeed.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\D0JY2YIG.txt [ Cookie:jim@publishers.clickbooth.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\Q3AN3WUV.txt [ Cookie:jim@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\Y70TBZZC.txt [ Cookie:jim@ads.zeusclicks.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@search.mylife[2].txt [ Cookie:jim@search.mylife.com/people/find/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\4V03MQPP.txt [ Cookie:jim@pornbanana.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\V51KXM72.txt [ Cookie:jim@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\YB6MNV4T.txt [ Cookie:jim@altaporn.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\2IWY0E8G.txt [ Cookie:jim@www.bleep1.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@google[5].txt [ Cookie:jim@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\49Q3RPRN.txt [ Cookie:jim@us99country.radio.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\HA53EUBE.txt [ Cookie:jim@www.pornhub.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\LOL1UKUI.txt [ Cookie:jim@xxxmatch.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@eyewonder[2].txt [ Cookie:jim@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\jim@cougarsexclub[1].txt [ Cookie:jim@cougarsexclub.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\YX7HO5NC.txt [ Cookie:jim@waterfrontmedia.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\B9EVYQ81.txt [ Cookie:jim@wt.xxxmatch.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\4GVIPCS9.txt [ Cookie:jim@gr.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\VVTX45JJ.txt [ Cookie:jim@clickboothlnk.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\KLARZ3YE.txt [ Cookie:jim@www.xxxmatch.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\1BVXJNDB.txt [ Cookie:jim@ox-d.coedmediagroup.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\FT100051.txt [ Cookie:jim@www.homemadebleepvideos.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\NY69PSZA.txt [ Cookie:jim@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\APBK6MXC.txt [ Cookie:jim@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\JIM\Cookies\ZTPAPB34.txt [ Cookie:jim@homemadebleepvideos.com/ ]
C:\DOCUMENTS AND SETTINGS\ROBYN\Cookies\7JINAU8P.txt [ Cookie:robyn@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\ROBYN\Cookies\P4M64GBY.txt [ Cookie:robyn@google.com/accounts/recovery/ ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\ADMIN\COOKIES\ADMIN@2O7[1].TXT [ /2O7 ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\ADMIN\COOKIES\ADMIN@ATDMT[2].TXT [ /ATDMT ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\ADMIN\COOKIES\ADMIN@EHG-KODAK.HITBOX[2].TXT [ /EHG-KODAK.HITBOX ]
macromedia.com [ C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JJUUUS2U ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@ADREVOLVER[1].TXT [ /ADREVOLVER ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@ADREVOLVER[3].TXT [ /ADREVOLVER ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@ADVERTISING[1].TXT [ /ADVERTISING ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@ATDMT[2].TXT [ /ATDMT ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@EHG-KODAK.HITBOX[2].TXT [ /EHG-KODAK.HITBOX ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@FASTCLICK[1].TXT [ /FASTCLICK ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@TACODA[1].TXT [ /TACODA ]
C:\COMPUTER USERS - MY DOCUMENTS\KIDS COMPUTER\KIDS\COOKIES\KIDS@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\JIM\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
assets.porn.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
cdn1.static.pornhub.phncdn.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
cdn1.static1.pornrabbit.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
media1.shufuni.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
stat.easydate.biz [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
static.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
thumbs.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
vidii.hardsextube.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
www.alphaporno.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
www.dormroomsexvideos.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
wwwstatic.megaporn.com [ C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XEVKLJWP ]
C:\DOCUMENTS AND SETTINGS\JIM\COOKIES\JIM@AD.AMATEURMATCH[1].TXT [ /AD.AMATEURMATCH ]
C:\DOCUMENTS AND SETTINGS\JIM\COOKIES\JIM@ADSERVER.HARDSEXTUBE[1].TXT [ /ADSERVER.HARDSEXTUBE ]
C:\DOCUMENTS AND SETTINGS\JIM\COOKIES\JIM@CLICKSOR[2].TXT [ /CLICKSOR ]
C:\DOCUMENTS AND SETTINGS\JIM\COOKIES\JIM@DORMROOMSEXVIDEOS[2].TXT [ /DORMROOMSEXVIDEOS ]
C:\DOCUMENTS AND SETTINGS\JIM\COOKIES\JIM@HARDSEXTUBE[2].TXT [ /HARDSEXTUBE ]
C:\DOCUMENTS AND SETTINGS\JIM\COOKIES\JIM@bleepENLARGEMENTSURGERYINFO[2].TXT [ /bleepENLARGEMENTSURGERYINFO ]
C:\DOCUMENTS AND SETTINGS\JIM\COOKIES\JIM@PREGNANTSEXVIDS[1].TXT [ /PREGNANTSEXVIDS ]
C:\DOCUMENTS AND SETTINGS\JIM\COOKIES\JIM@PORNRABBIT[1].TXT [ /PORNRABBIT ]
C:\DOCUMENTS AND SETTINGS\JIM\COOKIES\JIM@YADRO[1].TXT [ /YADRO ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ROBYN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9RJBZB6 ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\ROBYN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9RJBZB6 ]
files.youporn.com [ C:\DOCUMENTS AND SETTINGS\ROBYN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9RJBZB6 ]
media.kyte.tv [ C:\DOCUMENTS AND SETTINGS\ROBYN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9RJBZB6 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\ROBYN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9RJBZB6 ]
www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\ROBYN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9RJBZB6 ]





Here is the log from MW:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7830

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/30/2011 6:54:11 AM
mbam-log-2011-09-30 (06-54-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 381562
Time elapsed: 4 hour(s), 33 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP2326\A0174443.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP2326\A0174452.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
c:\computer users - my documents\Jim\backup - july 2010\pdf converter elite 2009 v1.0\Keygen.exe (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\computer users - my documents\Jim\Download\yahoo messanger\ymsgrie.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.





I do run Firefox once in a while. It is not my default browser.




Here is the log from MiniToolBox:
MiniToolBox by Farbar
Ran by Robyn (administrator) on 02-10-2011 at 14:36:49
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DELL-2006

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : wowway.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : wowway.com

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

Physical Address. . . . . . . . . : 00-13-72-0E-D9-66

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 64.233.217.3

64.233.217.5

Lease Obtained. . . . . . . . . . : Sunday, October 02, 2011 10:04:06 AM

Lease Expires . . . . . . . . . . : Monday, October 03, 2011 10:04:06 AM

Server: try11-dns2.try.wideopenwest.com
Address: 64.233.217.3

Name: google.com
Addresses: 74.125.226.145, 74.125.226.146, 74.125.226.147, 74.125.226.148
74.125.226.144



Pinging google.com [74.125.226.144] with 32 bytes of data:



Reply from 74.125.226.144: bytes=32 time=25ms TTL=57

Reply from 74.125.226.144: bytes=32 time=25ms TTL=57



Ping statistics for 74.125.226.144:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 25ms, Average = 25ms

Server: try11-dns2.try.wideopenwest.com
Address: 64.233.217.3

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 67.195.160.76
72.30.2.43



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=66ms TTL=47

Reply from 72.30.2.43: bytes=32 time=67ms TTL=47



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 66ms, Maximum = 67ms, Average = 66ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 0e d9 66 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 20
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 20
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 20
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/02/2011 00:46:01 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19120, fault address 0x0022b9cc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (10/01/2011 00:22:05 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/30/2011 01:39:59 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003729b.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/29/2011 01:31:34 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19120, fault address 0x000d6e77.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/29/2011 01:06:53 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/28/2011 09:08:30 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/28/2011 00:41:48 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19120, fault address 0x000def5b.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/28/2011 00:03:43 AM) (Source: Application Error) (User: )
Description: Faulting application dlbxmon.exe, version 1.206.0.0, faulting module unknown, version 0.0.0.0, fault address 0x0013fb8c.
Processing media-specific event for [dlbxmon.exe!ws!]

Error: (09/27/2011 08:35:45 PM) (Source: Application Error) (User: )
Description: Faulting application dlbxmon.exe, version 1.206.0.0, faulting module unknown, version 0.0.0.0, fault address 0x0013fb8f.
Processing media-specific event for [dlbxmon.exe!ws!]

Error: (09/27/2011 08:30:49 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.
Processing media-specific event for [iexplore.exe!ws!]


System errors:
=============
Error: (10/01/2011 06:31:40 PM) (Source: DCOM) (User: Jim)
Description: The server {D0AAD3D6-EB93-4363-A24E-2C3D80CDBAC7} did not register with DCOM within the required timeout.

Error: (10/01/2011 10:06:55 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

Error: (10/01/2011 10:06:55 AM) (Source: Service Control Manager) (User: )
Description: The Fax service hung on starting.

Error: (10/01/2011 10:04:24 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume Technology Drivers service terminated with the following error:
%%203

Error: (10/01/2011 10:04:20 AM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2

Error: (10/01/2011 10:04:04 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.102 for the Network Card with network address 0013720ED966 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (09/30/2011 06:59:46 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

Error: (09/30/2011 06:59:46 AM) (Source: Service Control Manager) (User: )
Description: The Fax service hung on starting.

Error: (09/30/2011 06:57:18 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume Technology Drivers service terminated with the following error:
%%203

Error: (09/30/2011 06:57:16 AM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (10/02/2011 00:46:01 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.191200022b9cc

Error: (10/01/2011 00:22:05 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.605500029f07

Error: (09/30/2011 01:39:59 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.60550003729b

Error: (09/29/2011 01:31:34 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.19120000d6e77

Error: (09/29/2011 01:06:53 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.605500029f07

Error: (09/28/2011 09:08:30 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/28/2011 00:41:48 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.19120000def5b

Error: (09/28/2011 00:03:43 AM) (Source: Application Error)(User: )
Description: dlbxmon.exe1.206.0.0unknown0.0.0.00013fb8c

Error: (09/27/2011 08:35:45 PM) (Source: Application Error)(User: )
Description: dlbxmon.exe1.206.0.0unknown0.0.0.00013fb8f

Error: (09/27/2011 08:30:49 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.605500029f07


=========================== Installed Programs ============================

AAC Decoder (Version: 7.1.0)
ABBYY FineReader 6.0 Sprint Plus (Version: 6.00.1224.4165)
Action Replay Code Manager
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Shockwave Player 11 (Version: 11)
AnyDVD (Version: 6.8.6.0)
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Audacity 1.2.6
AutoUpdate (Version: 1.1)
Canon Camera Access Library (Version: 8.3.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.5.0.8)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities Digital Photo Professional 3.0 (Version: 3.0.2.6)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities PhotoStitch (Version: 3.1.19.43)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
Classroom Jeopardy! Editor 1.05 (Version: 1.05)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CyberView X - SF v1.06 (Version: 1.06.000)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Photo AIO Printer 962
Dell Support Center (Version: 3.1.5830.17)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Content Portal (Version: 1.00.0000)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.0.0)
DivX Player (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.0.0.19)
DivX Web Player (Version: 1.4.2)
DVD Shrink 3.2
DVD Suite (Version: 5.0.1319)
EarthLink setup files (Version: 2005.1.47.0)
EducateU (Version: 1.00.0000)
ELIcon (Version: 1.00.0000)
FLV Player (Version: 2.0 )
Google (Version: 1.00.0000)
Google Earth (Version: 4.2.198.2451)
Google Update Helper (Version: 1.3.21.69)
Google Video Player
H.264 Decoder (Version: 1.0.0)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel Matrix Storage Manager
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.30.0000)
Intel® Quick Resume Technology Drivers (Version: 1.0.0.1093)
Intel® Viiv™ (Version: 1.0.1.2012)
iTunes (Version: 10.1.2.17)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Jasc Paint Shop Photo Album (Version: 4.0.4)
Jasc Paint Shop Pro 8 Dell Edition (Version: 8.10.0000)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 21 (Version: 6.0.210)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)
LimeWire PRO 4.8.1 (Version: 4.8.1)
Logitech Camera Driver
Logitech QuickCam (Version: 11.10.2030)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (UPWARDSQL) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Windows XP Video Decoder Checkup Utility
MKV Splitter (Version: 1.0.0)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
Mozilla Firefox (3.6.13) (Version: 3.6.13 (en-US))
MSN
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
Musicmatch® Jukebox (Version: 10.10.1061)
neroxml (Version: 1.0.0)
NVIDIA Drivers
Pdf995
Photo Viewer (Version: 1.15.0000)
Pinnacle Hollywood FX 5
PowerDVD (Version: 7.0.2414.0)
Print to Fax (Version: 1.00)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Roxio DLA (Version: 5.2.0)
Roxio Easy Media Creator 7 Basic DVD Edition (Version: 7.1.0.95)
Roxio MyDVD LE (Version: 6.1.6)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
Saitek SST Programming Software
SecurDisc Viewer (Version: 7.02.8511)
Sonic Activation Module (Version: 1.0)
Sonic CinePlayer DVD Pack (Version: 2.3.1)
Sonic Encoders (Version: 1.00)
SonicAC3Encoder (Version: 1.00.0000)
SonicMPEGEncoder (Version: 1.00.0000)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
SST Programming Software
Studio 9 (Version: 9.0)
SUPERAntiSpyware (Version: 5.0.1128)
Time Zone Data Update Tool for Microsoft Office Outlook (Version: 12.0.4518.1029)
Titanium Internet Security (Version: 5.0)
Topo USA 4.0
Topo USA 4.0 Region 3 Data
Trend Micro Titanium (Version: 5.00)
Update Rollup 2 for Windows XP Media Center Edition 2005
Upward League Manager (Version: 2010.3.0.0)
URL Assistant
Utherverse 3D Client (Version: 1.9.495)
WebFldrs XP (Version: 9.50.7523)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0 (Version: 1.3.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 2046.09 MB
Available physical RAM: 1262.44 MB
Total Pagefile: 3938.01 MB
Available Pagefile: 2999.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.82 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:228.14 GB) (Free:43.88 GB) NTFS

========================= Users: ========================================

User accounts for \\DELL-2006

Administrator Guest HelpAssistant
Jim Robyn SUPPORT_388945a0

========================= Minidump Files ==================================


**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 PM

Posted 02 October 2011 - 02:44 PM

Thank you. We have a few things to do.
First you were mosy likely infected thru a cracked software and it may contiue to reinfect you as long as it stays here. That is eht they want you to use them.

We need to update some things after we stop the redirect.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

>>> Let's see if they stop after this.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Jim_from_Mich

Jim_from_Mich
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 02 October 2011 - 03:37 PM

Yes, I am using a router and the other machine is working properly.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 PM

Posted 02 October 2011 - 03:42 PM

Did you run the last scan? If not doo that now.

Edited by boopme, 02 October 2011 - 03:42 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Jim_from_Mich

Jim_from_Mich
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 02 October 2011 - 05:24 PM

It is not allowing me to run the program. I even renamed it during the download to abc.com. A popup window asks if I want to run it. I click on yes, the hourglass is displayed for a few seconds and then nothing. I wven tried it after a reboot.

I do have Firefox, but rarely use it. My default is IE8.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 PM

Posted 02 October 2011 - 08:15 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Jim_from_Mich

Jim_from_Mich
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 02 October 2011 - 10:46 PM

The results were:

***Infected MBR detected

I did NOT click on the repair button, since you did not indicate to do so. I clicked the close button. If you want me to click on the repair button, I will re-run it.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 PM

Posted 03 October 2011 - 07:30 PM

Yes rerun it and repair
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Jim_from_Mich

Jim_from_Mich
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 03 October 2011 - 09:39 PM

I turned off the Restore Points and re-ran the FixTDSS program. This time it came back with:

Backdoor.Tidserv has not been found on your computer.

#14 Jim_from_Mich

Jim_from_Mich
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 03 October 2011 - 10:07 PM

It did let me run TDSSkiller.

Here is the log:

22:41:35.0796 2964 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
22:41:36.0031 2964 ============================================================
22:41:36.0031 2964 Current date / time: 2011/10/03 22:41:36.0031
22:41:36.0031 2964 SystemInfo:
22:41:36.0031 2964
22:41:36.0031 2964 OS Version: 5.1.2600 ServicePack: 3.0
22:41:36.0031 2964 Product type: Workstation
22:41:36.0031 2964 ComputerName: DELL-2006
22:41:36.0046 2964 UserName: Robyn
22:41:36.0046 2964 Windows directory: C:\WINDOWS
22:41:36.0046 2964 System windows directory: C:\WINDOWS
22:41:36.0046 2964 Processor architecture: Intel x86
22:41:36.0046 2964 Number of processors: 2
22:41:36.0046 2964 Page size: 0x1000
22:41:36.0046 2964 Boot type: Normal boot
22:41:36.0046 2964 ============================================================
22:41:36.0453 2964 Initialize success
22:41:45.0796 5788 ============================================================
22:41:45.0796 5788 Scan started
22:41:45.0796 5788 Mode: Manual;
22:41:45.0796 5788 ============================================================
22:41:46.0187 5788 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
22:41:46.0187 5788 61883 - ok
22:41:46.0234 5788 Abiosdsk - ok
22:41:46.0312 5788 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:41:46.0312 5788 abp480n5 - ok
22:41:46.0375 5788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:41:46.0375 5788 ACPI - ok
22:41:46.0437 5788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:41:46.0437 5788 ACPIEC - ok
22:41:46.0453 5788 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:41:46.0453 5788 adpu160m - ok
22:41:46.0500 5788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:41:46.0500 5788 aec - ok
22:41:46.0546 5788 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
22:41:46.0546 5788 AFD - ok
22:41:46.0609 5788 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:41:46.0609 5788 agp440 - ok
22:41:46.0609 5788 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:41:46.0625 5788 agpCPQ - ok
22:41:46.0640 5788 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:41:46.0640 5788 Aha154x - ok
22:41:46.0656 5788 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:41:46.0656 5788 aic78u2 - ok
22:41:46.0703 5788 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:41:46.0703 5788 aic78xx - ok
22:41:46.0718 5788 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:41:46.0718 5788 AliIde - ok
22:41:46.0765 5788 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:41:46.0765 5788 alim1541 - ok
22:41:46.0796 5788 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:41:46.0796 5788 amdagp - ok
22:41:46.0812 5788 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:41:46.0812 5788 amsint - ok
22:41:46.0859 5788 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\WINDOWS\system32\Drivers\AnyDVD.sys
22:41:46.0859 5788 AnyDVD - ok
22:41:46.0906 5788 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:41:46.0921 5788 Arp1394 - ok
22:41:46.0937 5788 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
22:41:46.0937 5788 ASAPIW2k - ok
22:41:46.0984 5788 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:41:46.0984 5788 asc - ok
22:41:47.0000 5788 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:41:47.0000 5788 asc3350p - ok
22:41:47.0015 5788 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:41:47.0015 5788 asc3550 - ok
22:41:47.0093 5788 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
22:41:47.0093 5788 Aspi32 - ok
22:41:47.0140 5788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:41:47.0140 5788 AsyncMac - ok
22:41:47.0187 5788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:41:47.0187 5788 atapi - ok
22:41:47.0203 5788 Atdisk - ok
22:41:47.0281 5788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:41:47.0296 5788 Atmarpc - ok
22:41:47.0343 5788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:41:47.0343 5788 audstub - ok
22:41:47.0375 5788 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
22:41:47.0375 5788 Avc - ok
22:41:47.0421 5788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:41:47.0421 5788 Beep - ok
22:41:47.0437 5788 bvrp_pci - ok
22:41:47.0562 5788 catchme - ok
22:41:47.0593 5788 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:41:47.0593 5788 cbidf - ok
22:41:47.0609 5788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:41:47.0609 5788 cbidf2k - ok
22:41:47.0671 5788 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:41:47.0671 5788 CCDECODE - ok
22:41:47.0687 5788 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:41:47.0687 5788 cd20xrnt - ok
22:41:47.0718 5788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:41:47.0718 5788 Cdaudio - ok
22:41:47.0734 5788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:41:47.0734 5788 Cdfs - ok
22:41:47.0765 5788 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
22:41:47.0765 5788 Cdr4_xp - ok
22:41:47.0781 5788 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
22:41:47.0781 5788 Cdralw2k - ok
22:41:47.0796 5788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:41:47.0796 5788 Cdrom - ok
22:41:47.0828 5788 cdudf_xp (40c1cb3e65709aec17ca3ce66a4873e0) C:\WINDOWS\system32\drivers\cdudf_xp.sys
22:41:47.0843 5788 cdudf_xp - ok
22:41:47.0843 5788 Changer - ok
22:41:47.0906 5788 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:41:47.0906 5788 CmdIde - ok
22:41:47.0921 5788 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:41:47.0921 5788 Cpqarray - ok
22:41:47.0953 5788 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:41:47.0953 5788 dac2w2k - ok
22:41:47.0968 5788 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:41:47.0968 5788 dac960nt - ok
22:41:48.0015 5788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:41:48.0015 5788 Disk - ok
22:41:48.0062 5788 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:41:48.0078 5788 DLABOIOM - ok
22:41:48.0140 5788 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:41:48.0140 5788 DLACDBHM - ok
22:41:48.0171 5788 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:41:48.0171 5788 DLADResN - ok
22:41:48.0187 5788 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:41:48.0187 5788 DLAIFS_M - ok
22:41:48.0234 5788 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:41:48.0234 5788 DLAOPIOM - ok
22:41:48.0250 5788 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:41:48.0250 5788 DLAPoolM - ok
22:41:48.0250 5788 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:41:48.0265 5788 DLARTL_N - ok
22:41:48.0265 5788 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:41:48.0265 5788 DLAUDFAM - ok
22:41:48.0281 5788 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:41:48.0281 5788 DLAUDF_M - ok
22:41:48.0343 5788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:41:48.0359 5788 dmboot - ok
22:41:48.0390 5788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:41:48.0390 5788 dmio - ok
22:41:48.0406 5788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:41:48.0406 5788 dmload - ok
22:41:48.0437 5788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:41:48.0437 5788 DMusic - ok
22:41:48.0484 5788 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:41:48.0500 5788 dpti2o - ok
22:41:48.0546 5788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:41:48.0546 5788 drmkaud - ok
22:41:48.0546 5788 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:41:48.0546 5788 DRVMCDB - ok
22:41:48.0562 5788 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:41:48.0562 5788 DRVNDDM - ok
22:41:48.0718 5788 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
22:41:48.0718 5788 DSproct - ok
22:41:48.0765 5788 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
22:41:48.0765 5788 dsunidrv - ok
22:41:48.0812 5788 DVDVRRdr_xp (485050f9bdca4c914fa1917dcbb7fe3c) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
22:41:48.0812 5788 DVDVRRdr_xp - ok
22:41:48.0828 5788 dvd_2K (00b1291369857416c873b70db96e8126) C:\WINDOWS\system32\drivers\dvd_2K.sys
22:41:48.0828 5788 dvd_2K - ok
22:41:48.0875 5788 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:41:48.0875 5788 E100B - ok
22:41:48.0937 5788 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:41:48.0937 5788 e1express - ok
22:41:48.0984 5788 ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
22:41:48.0984 5788 ELacpi - ok
22:41:49.0031 5788 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
22:41:49.0031 5788 ElbyCDIO - ok
22:41:49.0156 5788 ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
22:41:49.0156 5788 ELhid - ok
22:41:49.0187 5788 ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
22:41:49.0187 5788 ELkbd - ok
22:41:49.0187 5788 ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
22:41:49.0203 5788 ELmon - ok
22:41:49.0203 5788 ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
22:41:49.0203 5788 ELmou - ok
22:41:49.0265 5788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:41:49.0265 5788 Fastfat - ok
22:41:49.0281 5788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:41:49.0281 5788 Fdc - ok
22:41:49.0328 5788 FilterService (52cd33f70a70fa71e051d6f9276c4702) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
22:41:49.0328 5788 FilterService - ok
22:41:49.0359 5788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:41:49.0359 5788 Fips - ok
22:41:49.0375 5788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:41:49.0375 5788 Flpydisk - ok
22:41:49.0406 5788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:41:49.0406 5788 FltMgr - ok
22:41:49.0421 5788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:41:49.0421 5788 Fs_Rec - ok
22:41:49.0453 5788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:41:49.0453 5788 Ftdisk - ok
22:41:49.0515 5788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:41:49.0515 5788 GEARAspiWDM - ok
22:41:49.0546 5788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:41:49.0546 5788 Gpc - ok
22:41:49.0578 5788 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:41:49.0578 5788 HDAudBus - ok
22:41:49.0593 5788 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:41:49.0609 5788 HidUsb - ok
22:41:49.0656 5788 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:41:49.0656 5788 hpn - ok
22:41:49.0718 5788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:41:49.0718 5788 HTTP - ok
22:41:49.0734 5788 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:41:49.0734 5788 i2omgmt - ok
22:41:49.0765 5788 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:41:49.0765 5788 i2omp - ok
22:41:49.0781 5788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:41:49.0781 5788 i8042prt - ok
22:41:49.0859 5788 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
22:41:49.0859 5788 iastor - ok
22:41:49.0875 5788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:41:49.0890 5788 Imapi - ok
22:41:49.0921 5788 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:41:49.0921 5788 ini910u - ok
22:41:50.0000 5788 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
22:41:50.0046 5788 IntelC51 - ok
22:41:50.0062 5788 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
22:41:50.0078 5788 IntelC52 - ok
22:41:50.0109 5788 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
22:41:50.0109 5788 IntelC53 - ok
22:41:50.0250 5788 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:41:50.0250 5788 IntelIde - ok
22:41:50.0312 5788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:41:50.0312 5788 intelppm - ok
22:41:50.0343 5788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:41:50.0343 5788 Ip6Fw - ok
22:41:50.0390 5788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:41:50.0406 5788 IpFilterDriver - ok
22:41:50.0437 5788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:41:50.0437 5788 IpInIp - ok
22:41:50.0468 5788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:41:50.0468 5788 IpNat - ok
22:41:50.0500 5788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:41:50.0500 5788 IPSec - ok
22:41:50.0546 5788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:41:50.0562 5788 IRENUM - ok
22:41:50.0562 5788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:41:50.0562 5788 isapnp - ok
22:41:50.0609 5788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:41:50.0609 5788 Kbdclass - ok
22:41:50.0656 5788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:41:50.0656 5788 kbdhid - ok
22:41:50.0671 5788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:41:50.0671 5788 kmixer - ok
22:41:50.0703 5788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:41:50.0703 5788 KSecDD - ok
22:41:50.0718 5788 lbrtfdc - ok
22:41:50.0812 5788 Lvckap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
22:41:50.0921 5788 Lvckap - ok
22:41:51.0046 5788 lvmvdrv (fe3fb994f8702d9e37648927819b74b8) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
22:41:51.0125 5788 lvmvdrv - ok
22:41:51.0234 5788 lvpopflt (b0456b8a332135c1216ff2374b584161) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
22:41:51.0296 5788 lvpopflt - ok
22:41:51.0359 5788 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
22:41:51.0359 5788 LVPr2Mon - ok
22:41:51.0468 5788 LVPrcMon (0354c6a753360ca5e1fe1eba81cb1a35) C:\WINDOWS\system32\drivers\LVPrcMon.sys
22:41:51.0468 5788 LVPrcMon - ok
22:41:51.0546 5788 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\WINDOWS\system32\drivers\LVUSBSta.sys
22:41:51.0546 5788 LVUSBSta - ok
22:41:51.0687 5788 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
22:41:51.0781 5788 LVUVC - ok
22:41:51.0828 5788 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
22:41:51.0828 5788 MBAMProtector - ok
22:41:51.0843 5788 MBAMSwissArmy - ok
22:41:51.0906 5788 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:41:51.0906 5788 MHNDRV - ok
22:41:51.0953 5788 mmc_2K (55f0ab2736235479a8ff1f1d5a0b27ae) C:\WINDOWS\system32\drivers\mmc_2K.sys
22:41:51.0953 5788 mmc_2K - ok
22:41:52.0000 5788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:41:52.0000 5788 mnmdd - ok
22:41:52.0046 5788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:41:52.0046 5788 Modem - ok
22:41:52.0046 5788 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:41:52.0062 5788 MODEMCSA - ok
22:41:52.0125 5788 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
22:41:52.0125 5788 mohfilt - ok
22:41:52.0171 5788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:41:52.0171 5788 Mouclass - ok
22:41:52.0234 5788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:41:52.0234 5788 mouhid - ok
22:41:52.0250 5788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:41:52.0250 5788 MountMgr - ok
22:41:52.0312 5788 mr7910 (e3274b2b7bbd44391e84d244e8bcc555) C:\WINDOWS\system32\DRIVERS\mr7910.sys
22:41:52.0312 5788 mr7910 - ok
22:41:52.0343 5788 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:41:52.0343 5788 mraid35x - ok
22:41:52.0390 5788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:41:52.0390 5788 MRxDAV - ok
22:41:52.0453 5788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:41:52.0468 5788 MRxSmb - ok
22:41:52.0625 5788 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
22:41:52.0625 5788 MSDV - ok
22:41:52.0640 5788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:41:52.0640 5788 Msfs - ok
22:41:52.0703 5788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:41:52.0703 5788 MSKSSRV - ok
22:41:52.0718 5788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:41:52.0718 5788 MSPCLOCK - ok
22:41:52.0765 5788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:41:52.0765 5788 MSPQM - ok
22:41:52.0781 5788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:41:52.0781 5788 mssmbios - ok
22:41:52.0812 5788 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:41:52.0812 5788 MSTEE - ok
22:41:52.0859 5788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:41:52.0859 5788 Mup - ok
22:41:52.0906 5788 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:41:52.0906 5788 NABTSFEC - ok
22:41:52.0953 5788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:41:52.0953 5788 NDIS - ok
22:41:53.0000 5788 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:41:53.0000 5788 NdisIP - ok
22:41:53.0046 5788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:41:53.0062 5788 NdisTapi - ok
22:41:53.0062 5788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:41:53.0062 5788 Ndisuio - ok
22:41:53.0078 5788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:41:53.0078 5788 NdisWan - ok
22:41:53.0109 5788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:41:53.0109 5788 NDProxy - ok
22:41:53.0125 5788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:41:53.0125 5788 NetBIOS - ok
22:41:53.0187 5788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:41:53.0187 5788 NetBT - ok
22:41:53.0234 5788 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:41:53.0250 5788 NIC1394 - ok
22:41:53.0265 5788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:41:53.0265 5788 Npfs - ok
22:41:53.0312 5788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:41:53.0312 5788 Ntfs - ok
22:41:53.0390 5788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:41:53.0390 5788 Null - ok
22:41:53.0500 5788 nv (0a83977b8909fda12e45112575a59ba7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:41:53.0578 5788 nv - ok
22:41:53.0625 5788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:41:53.0625 5788 NwlnkFlt - ok
22:41:53.0640 5788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:41:53.0640 5788 NwlnkFwd - ok
22:41:53.0656 5788 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:41:53.0656 5788 ohci1394 - ok
22:41:53.0671 5788 PalmUSBD - ok
22:41:53.0703 5788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:41:53.0703 5788 Parport - ok
22:41:53.0703 5788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:41:53.0703 5788 PartMgr - ok
22:41:53.0734 5788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:41:53.0734 5788 ParVdm - ok
22:41:53.0828 5788 PcdrNdisuio - ok
22:41:53.0953 5788 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
22:41:53.0953 5788 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
22:41:53.0968 5788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:41:53.0968 5788 PCI - ok
22:41:53.0968 5788 PCIDump - ok
22:41:54.0015 5788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:41:54.0015 5788 PCIIde - ok
22:41:54.0046 5788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:41:54.0046 5788 Pcmcia - ok
22:41:54.0046 5788 Pcouffin - ok
22:41:54.0062 5788 PDCOMP - ok
22:41:54.0078 5788 PDFRAME - ok
22:41:54.0078 5788 PDRELI - ok
22:41:54.0093 5788 PDRFRAME - ok
22:41:54.0125 5788 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:41:54.0125 5788 perc2 - ok
22:41:54.0156 5788 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:41:54.0156 5788 perc2hib - ok
22:41:54.0218 5788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:41:54.0218 5788 PptpMiniport - ok
22:41:54.0234 5788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:41:54.0234 5788 PSched - ok
22:41:54.0281 5788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:41:54.0281 5788 Ptilink - ok
22:41:54.0328 5788 pwd_2k (b2e95bb13acad56138671a1aae7f9ed9) C:\WINDOWS\system32\drivers\pwd_2k.sys
22:41:54.0328 5788 pwd_2k - ok
22:41:54.0359 5788 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:41:54.0359 5788 PxHelp20 - ok
22:41:54.0406 5788 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:41:54.0406 5788 ql1080 - ok
22:41:54.0406 5788 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:41:54.0421 5788 Ql10wnt - ok
22:41:54.0421 5788 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:41:54.0437 5788 ql12160 - ok
22:41:54.0437 5788 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:41:54.0437 5788 ql1240 - ok
22:41:54.0453 5788 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:41:54.0453 5788 ql1280 - ok
22:41:54.0500 5788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:41:54.0500 5788 RasAcd - ok
22:41:54.0531 5788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:41:54.0531 5788 Rasl2tp - ok
22:41:54.0562 5788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:41:54.0562 5788 RasPppoe - ok
22:41:54.0562 5788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:41:54.0562 5788 Raspti - ok
22:41:54.0609 5788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:41:54.0609 5788 Rdbss - ok
22:41:54.0625 5788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:41:54.0625 5788 RDPCDD - ok
22:41:54.0640 5788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:41:54.0656 5788 rdpdr - ok
22:41:54.0703 5788 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:41:54.0703 5788 RDPWD - ok
22:41:54.0750 5788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:41:54.0750 5788 redbook - ok
22:41:54.0828 5788 SaiH040B (d0fc51b194c70b597f9e4cd46055c1fd) C:\WINDOWS\system32\DRIVERS\SaiH040B.sys
22:41:54.0828 5788 SaiH040B - ok
22:41:54.0968 5788 SaiMini (bfd889d6612fa9d2d468eba1cfb27b66) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
22:41:54.0968 5788 SaiMini - ok
22:41:54.0984 5788 SaiNtBus (1b05d547c4f0bd111be0c3cec0fe87b1) C:\WINDOWS\system32\drivers\SaiNtBus.sys
22:41:55.0000 5788 SaiNtBus - ok
22:41:55.0031 5788 SaiU040B (cbf3a7eb96f3b5b2ff8eb67062058804) C:\WINDOWS\system32\DRIVERS\SaiU040B.sys
22:41:55.0031 5788 SaiU040B - ok
22:41:55.0140 5788 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:41:55.0140 5788 SASDIFSV - ok
22:41:55.0140 5788 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:41:55.0140 5788 SASKUTIL - ok
22:41:55.0296 5788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:41:55.0296 5788 Secdrv - ok
22:41:55.0375 5788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:41:55.0375 5788 serenum - ok
22:41:55.0437 5788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:41:55.0437 5788 Serial - ok
22:41:55.0500 5788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:41:55.0500 5788 Sfloppy - ok
22:41:55.0515 5788 Simbad - ok
22:41:55.0546 5788 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:41:55.0546 5788 sisagp - ok
22:41:55.0578 5788 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:41:55.0578 5788 SLIP - ok
22:41:55.0609 5788 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:41:55.0609 5788 Sparrow - ok
22:41:55.0656 5788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:41:55.0656 5788 splitter - ok
22:41:55.0687 5788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:41:55.0687 5788 sr - ok
22:41:55.0734 5788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:41:55.0750 5788 Srv - ok
22:41:55.0843 5788 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
22:41:55.0875 5788 STHDA - ok
22:41:55.0968 5788 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:41:55.0968 5788 streamip - ok
22:41:56.0000 5788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:41:56.0000 5788 swenum - ok
22:41:56.0062 5788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:41:56.0062 5788 swmidi - ok
22:41:56.0109 5788 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:41:56.0109 5788 symc810 - ok
22:41:56.0234 5788 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:41:56.0234 5788 symc8xx - ok
22:41:56.0265 5788 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:41:56.0265 5788 sym_hi - ok
22:41:56.0281 5788 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:41:56.0281 5788 sym_u3 - ok
22:41:56.0328 5788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:41:56.0343 5788 sysaudio - ok
22:41:56.0406 5788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:41:56.0421 5788 Tcpip - ok
22:41:56.0453 5788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:41:56.0453 5788 TDPIPE - ok
22:41:56.0515 5788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:41:56.0515 5788 TDTCP - ok
22:41:56.0562 5788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:41:56.0562 5788 TermDD - ok
22:41:56.0609 5788 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
22:41:56.0609 5788 tmactmon - ok
22:41:56.0656 5788 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
22:41:56.0656 5788 tmcomm - ok
22:41:56.0703 5788 tmeext (12755ab9039a91bf170c537d0c16a51b) C:\WINDOWS\system32\DRIVERS\tmeext.sys
22:41:56.0703 5788 tmeext - ok
22:41:56.0718 5788 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
22:41:56.0718 5788 tmevtmgr - ok
22:41:56.0765 5788 tmnciesc (2e078184034a179c47787f87f238d5ba) C:\WINDOWS\system32\DRIVERS\tmnciesc.sys
22:41:56.0765 5788 tmnciesc - ok
22:41:56.0781 5788 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
22:41:56.0781 5788 tmtdi - ok
22:41:56.0828 5788 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:41:56.0828 5788 TosIde - ok
22:41:56.0890 5788 UDFReadr (ac93dd5792310b57b03816d7f8d957fc) C:\WINDOWS\system32\drivers\UDFReadr.sys
22:41:56.0890 5788 UDFReadr - ok
22:41:56.0921 5788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:41:56.0921 5788 Udfs - ok
22:41:56.0953 5788 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:41:56.0953 5788 ultra - ok
22:41:57.0015 5788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:41:57.0031 5788 Update - ok
22:41:57.0109 5788 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:41:57.0109 5788 usbaudio - ok
22:41:57.0203 5788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:41:57.0203 5788 usbccgp - ok
22:41:57.0265 5788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:41:57.0281 5788 usbehci - ok
22:41:57.0343 5788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:41:57.0359 5788 usbhub - ok
22:41:57.0406 5788 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
22:41:57.0406 5788 USBIO - ok
22:41:57.0453 5788 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:41:57.0453 5788 usbprint - ok
22:41:57.0484 5788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:41:57.0500 5788 usbscan - ok
22:41:57.0531 5788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:41:57.0531 5788 USBSTOR - ok
22:41:57.0546 5788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:41:57.0546 5788 usbuhci - ok
22:41:57.0562 5788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:41:57.0562 5788 VgaSave - ok
22:41:57.0625 5788 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:41:57.0625 5788 viaagp - ok
22:41:57.0671 5788 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:41:57.0687 5788 ViaIde - ok
22:41:57.0718 5788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:41:57.0718 5788 VolSnap - ok
22:41:57.0765 5788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:41:57.0765 5788 Wanarp - ok
22:41:57.0765 5788 wanatw - ok
22:41:57.0781 5788 WDICA - ok
22:41:57.0828 5788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:41:57.0828 5788 wdmaud - ok
22:41:57.0906 5788 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:41:57.0906 5788 WpdUsb - ok
22:41:57.0921 5788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:41:57.0921 5788 WS2IFSL - ok
22:41:57.0984 5788 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:41:57.0984 5788 WSTCODEC - ok
22:41:58.0015 5788 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:41:58.0031 5788 WudfPf - ok
22:41:58.0062 5788 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:41:58.0062 5788 WudfRd - ok
22:41:58.0093 5788 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
22:41:58.0093 5788 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
22:41:58.0093 5788 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
22:41:58.0093 5788 Boot (0x1200) (1e017e3641827fcd4fd9e7cc459d9905) \Device\Harddisk0\DR0\Partition0
22:41:58.0093 5788 \Device\Harddisk0\DR0\Partition0 - ok
22:41:58.0109 5788 ============================================================
22:41:58.0109 5788 Scan finished
22:41:58.0109 5788 ============================================================
22:41:58.0109 3036 Detected object count: 1
22:41:58.0109 3036 Actual detected object count: 1
22:42:12.0781 3036 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
22:42:12.0781 3036 \Device\Harddisk0\DR0 - ok
22:42:12.0781 3036 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
22:42:18.0843 2584 Deinitialize success

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 PM

Posted 04 October 2011 - 02:28 PM

OK, I would not have removed the restore points till we were done in case we needed one.

lets check for and confirm the MBR (Master Boot Record) rootkit is gone.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users