Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Recovery Virus


  • Please log in to reply
8 replies to this topic

#1 ajordanxi

ajordanxi

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 28 November 2011 - 06:58 PM

Hi,

I recently encountered the Windows Recovery virus. I have Windows Vista Basic and followed the tutorials and used all the anti-virus/malware/spyware etc programs to remove the virus. Things seem to be good now.

My next step was to use unHide to make my files visible again. It did not work for all files but I was able to find the file folder(s) the virus placed them in and all is good.

This leads to my current problem. I have continued to run all programs to ensure the virus is gone, and they all come back clean. But, Windows is now running very slow and clicking on programs, opening programs, right-clicking on items all seem to be an issue. All files and such open up, but it takes a very long time. So long that it makes me think the virus is still lurking somewhere.

Can someone please help? Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 AM

Posted 28 November 2011 - 09:28 PM

Hello and welcome. Perhaps it is not the only malware on here.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the [COLOR=blue]SUPERAntiSpyware Portable Scanner
instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ajordanxi

ajordanxi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 29 November 2011 - 10:24 AM

Hi, I ran MiniToolBox as requested, here is the results:


MiniToolBox by Farbar
Ran by Steve (administrator) on 29-11-2011 at 10:19:38
Windows Vista ™ Home Basic Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 58000
"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 activate.adobe.com

========================= IP Configuration: ================================

Dell Wireless 1395 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
PdaNet Broadband Adapter = PdaNet Broadband Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Steve-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ri.cox.net

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : PdaNet Broadband Adapter
Physical Address. . . . . . . . . : 00-26-37-BD-39-42
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : ri.cox.net
Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-24-2B-A6-36-E6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4004:880a:e84a:d52a%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.148(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, November 29, 2011 9:41:52 AM
Lease Expires . . . . . . . . . . : Wednesday, November 30, 2011 9:41:51 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201335851
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-31-2F-D7-00-23-AE-15-F1-C9
DNS Servers . . . . . . . . . . . : 68.105.28.11
68.105.29.11
68.105.28.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-23-AE-15-F1-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5E1F4AEC-F23B-4964-8F4B-1D6591EA8EFF}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3088967F-F65E-4DA5-AB7F-EB723A7A36C1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5E1F4AEC-F23B-4964-8F4B-1D6591EA8EFF}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 28:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5E1F4AEC-F23B-4964-8F4B-1D6591EA8EFF}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ri.cox.net
Description . . . . . . . . . . . : isatap.ri.cox.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com
Addresses: 173.194.64.104
173.194.64.105
173.194.64.106
173.194.64.147
173.194.64.99
173.194.64.103



Pinging google.com [173.194.64.147] with 32 bytes of data:

Reply from 173.194.64.147: bytes=32 time=486ms TTL=45

Reply from 173.194.64.147: bytes=32 time=62ms TTL=45



Ping statistics for 173.194.64.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 486ms, Average = 274ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=178ms TTL=54

Reply from 209.191.122.70: bytes=32 time=70ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 70ms, Maximum = 178ms, Average = 124ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
24 ...00 26 37 bd 39 42 ...... PdaNet Broadband Adapter
12 ...00 24 2b a6 36 e6 ...... Dell Wireless 1395 WLAN Mini-Card
11 ...00 23 ae 15 f1 c9 ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1 ........................... Software Loopback Interface 1
32 ...00 00 00 00 00 00 00 e0 isatap.{5E1F4AEC-F23B-4964-8F4B-1D6591EA8EFF}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
34 ...00 00 00 00 00 00 00 e0 isatap.{3088967F-F65E-4DA5-AB7F-EB723A7A36C1}
16 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
18 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
33 ...00 00 00 00 00 00 00 e0 isatap.{5E1F4AEC-F23B-4964-8F4B-1D6591EA8EFF}
35 ...00 00 00 00 00 00 00 e0 isatap.{5E1F4AEC-F23B-4964-8F4B-1D6591EA8EFF}
36 ...00 00 00 00 00 00 00 e0 isatap.ri.cox.net
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.148 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.148 281
192.168.1.148 255.255.255.255 On-link 192.168.1.148 281
192.168.1.255 255.255.255.255 On-link 192.168.1.148 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.148 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.148 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::4004:880a:e84a:d52a/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 08 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 48 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/29/2011 09:42:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2011 06:03:33 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (11/28/2011 03:09:27 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Bloodhound.MalPE in File: C:\Avenger\2zbarsvc.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (11/28/2011 03:01:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2011 09:02:03 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4d334d98, faulting module iexplore.exe, version 0.0.0.0, time stamp 0x4d334d98, exception code 0x40000015, fault offset 0x0008cb40,
process id 0x3d4, application start time 0xiexplore.exe0.

Error: (11/28/2011 09:00:01 AM) (Source: Symantec AntiVirus) (User: Steve)Steve
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\Program Files\PC Tools\PC Tools Security\pcttFixTool.exe (PID 5012)
Time: Monday, November 28, 2011 9:00:01 AM

Error: (11/28/2011 09:00:01 AM) (Source: Symantec AntiVirus) (User: Steve)Steve
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info: Write Memory
Action Taken: Logged
Actor Process: C:\Program Files\PC Tools\PC Tools Security\pcttFixTool.exe (PID 5012)
Time: Monday, November 28, 2011 9:00:01 AM

Error: (11/28/2011 09:00:01 AM) (Source: Symantec AntiVirus) (User: Steve)Steve
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info: Allocation Memory
Action Taken: Logged
Actor Process: C:\Program Files\PC Tools\PC Tools Security\pcttFixTool.exe (PID 5012)
Time: Monday, November 28, 2011 9:00:01 AM

Error: (11/28/2011 08:28:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2011 01:22:01 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan Horse in File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQBDDF.TMP708B9C67 by: Auto-Protect scan. Action: Access denied. Action Description:


System errors:
=============
Error: (11/29/2011 09:54:53 AM) (Source: Service Control Manager) (User: )
Description: Windows Mobile-2003-based device connectivity

Error: (11/29/2011 09:53:47 AM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (11/29/2011 09:53:47 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (11/29/2011 09:45:23 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (11/29/2011 09:44:48 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/29/2011 09:42:58 AM) (Source: Service Control Manager) (User: )
Description: SPCA1528 Video Camera Service%%2

Error: (11/29/2011 09:42:58 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (11/28/2011 11:08:57 PM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (11/28/2011 10:30:41 PM) (Source: netbt) (User: )
Description: The name "HEATHER-PC :0" could not be registered on the interface with IP address 192.168.1.148.
The computer with the IP address 192.168.1.101 did not allow the name to be claimed by
this computer.

Error: (11/28/2011 07:55:28 PM) (Source: netbt) (User: )
Description: The name "HEATHER-PC :0" could not be registered on the interface with IP address 192.168.1.148.
The computer with the IP address 192.168.1.101 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.5)
ACID Pro 7.0 (Version: 7.0.713)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Community Help (Version: 3.4.980)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS3 (Version: 9.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe InDesign CS5 (Version: 7.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Player (Version: 1.8)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Reader 9 (Version: 9.0.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL (Version: 2.10)
Audacity 1.2.6
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Banctec Service Agreement (Version: 2.0.0)
Bejeweled 2 Deluxe 1.0
Big Money Deluxe
Bluetooth by hp 6.0.1.5000 (Version: 6.0.1.5000)
Bonjour (Version: 2.0.5.0)
BufferChm (Version: 110.0.180.000)
C5500 (Version: 110.0.209.000)
C5500_Help (Version: 110.0.209.000)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conduit Engine (Version: )
Conexant HDA D330 MDC V.92 Modem (Version: 7.74.00)
Coupon Printer for Windows (Version: 5.0.0.0)
CustomerResearchQFolder (Version: 1.00.0000)
CuteFTP 8 Professional (Version: 8.0.7)
D3DX10 (Version: 15.4.2368.0902)
Dell-eBay (Version: 1.00.0000)
Dell DataSafe Online (Version: 1.1.0023)
Dell Dock (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Remote Access (Version: 1.0.0.0)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Touchpad (Version: 7.1.103.4)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
DELL0604 (Version: 1.0.0)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Line Detect (Version: 1.21)
DivX Setup (Version: 2.1.2.2)
DocProc (Version: 11.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Download Updater (AOL LLC)
EarthLink Setup Files (Version: 2008.1.18.0)
EDocs
eFax Messenger (Version: 4.4.0.514)
EOS 20D WIA Driver (Version: 6.0.0.4)
eSupportQFolder (Version: 1.00.0000)
Eye Candy 4000
FL Studio 10
Free Mp3 Wma Converter V 1.8.0
G-Tones (Version: 4.2)
Garmin City Navigator North America NT 2009 Update (Version: 10.0.0.0)
Garmin Communicator Plugin (Version: 2.9.1)
Garmin USB Drivers (Version: 2.3.0.0)
Genuine Fractals 6.0.5 Professional Edition (Version: 6.0.5)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
GoToAssist 8.0.0.514
GPBaseService (Version: 110.0.180.000)
Hide IP Platinum 2.6
HP Customer Participation Program 11.0 (Version: 11.0)
HP Imaging Device Functions 11.0 (Version: 11.0)
HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4 (Version: 11.0)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Photosmart Essential 3.0 (Version: 3.0)
HP Smart Web Printing (Version: 4.0)
HP Solution Center 11.0 (Version: 11.0)
HP Update (Version: 4.000.009.002)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.03.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.03.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.03.0000)
hpphotosmartdisclabelplugin (Version: 2.03.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)
HPProductAssistant (Version: 110.0.180.000)
HTC Driver Installer (Version: 2.0.7.016)
HTC Sync (Version: 2.0.31)
IL Download Manager
Intel® Control Center (Version: 1.2.1.1007)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Java™ 6 Update 3 (Version: 1.6.0.30)
Junk Mail filter update (Version: 15.4.3502.0922)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Magic Uneraser 3.1
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 110.0.180.000)
MediaDirect (Version: 3.5)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.4.0)
Modem Diagnostic Tool (Version: 1.0.24.0)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.53)
OCR Software by I.R.I.S. 11.0 (Version: 11.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OutlookAddinSetup (Version: 1.0.0)
PanoStandAlone (Version: 110.0.180.000)
PC Tools Spyware Doctor 9.0 (Version: 9.0)
PdaNet for Android 2.45
PDF Settings (Version: 1.0)
PDF Settings CS5 (Version: 10.0)
Photodex Presenter
Pidgin (Version: 2.10.0)
PS_AIO_04_C5500_ProductContext (Version: 110.0.209.000)
PS_AIO_04_C5500_Software (Version: 110.0.209.000)
PS_AIO_04_C5500_Software_Min (Version: 110.0.209.000)
PSSWCORE (Version: 2.03.0000)
QuickSet (Version: 8.2.20)
QuickTime (Version: 7.69.80.9)
RTC Client API v1.2 (Version: 1.2.0000)
Scan (Version: 11.0.0.0)
Segoe UI (Version: 15.4.2271.0615)
Skype™ 5.5 (Version: 5.5.124)
SmartWebPrinting (Version: 110.0.182.000)
SolutionCenter (Version: 110.0.180.000)
SPCA1528 PC Driver (Version: 2.2.2.0)
Stamps.com
Stamps.com (Version: 9.0.1.2201)
Status (Version: 110.0.180.000)
Symantec Endpoint Protection (Version: 11.0.6100.645)
Toolbox (Version: 110.0.180.000)
TrayApp (Version: 110.0.180.000)
Uninstall AOL Emergency Connect Utility 1.0
UnloadSupport (Version: 11.0.0)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VideoToolkit01 (Version: 110.0.171.000)
Viewpoint Media Player
VirtualDJ PRO Full (Version: 7.0.3)
VoiceOver Kit (Version: 1.30.128.0)
Vuze (Version: 4.7)
Vuze Remote Toolbar (Version: 6.3.3.3)
WebReg (Version: 110.0.180.000)
WildTangent Games (Version: 1.0.0.62)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinRAR archiver
WinSCP 4.2.3 beta (Version: 4.2.3 beta)

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 3061.31 MB
Available physical RAM: 1713.43 MB
Total Pagefile: 6324.89 MB
Available Pagefile: 4737.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.75 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:215.7 GB) (Free:33.56 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.04 GB) NTFS

========================= Users: ========================================

User accounts for \\STEVE-PC

Administrator Guest Steve

========================= Minidump Files ==================================


**** End of log ****



I will now move forward with the other steps you have outlined. Please advise. Thanks.

#4 ajordanxi

ajordanxi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 29 November 2011 - 10:30 AM

I finished running the TDSSKiller, here is the report:


10:28:01.0117 4880 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
10:28:01.0503 4880 ============================================================
10:28:01.0503 4880 Current date / time: 2011/11/29 10:28:01.0503
10:28:01.0503 4880 SystemInfo:
10:28:01.0503 4880
10:28:01.0503 4880 OS Version: 6.0.6002 ServicePack: 2.0
10:28:01.0503 4880 Product type: Workstation
10:28:01.0504 4880 ComputerName: STEVE-PC
10:28:01.0504 4880 UserName: Steve
10:28:01.0504 4880 Windows directory: C:\Windows
10:28:01.0504 4880 System windows directory: C:\Windows
10:28:01.0504 4880 Processor architecture: Intel x86
10:28:01.0504 4880 Number of processors: 2
10:28:01.0504 4880 Page size: 0x1000
10:28:01.0504 4880 Boot type: Normal boot
10:28:01.0504 4880 ============================================================
10:28:04.0350 4880 Initialize success
10:28:41.0822 5196 ============================================================
10:28:41.0822 5196 Scan started
10:28:41.0822 5196 Mode: Manual;
10:28:41.0822 5196 ============================================================
10:28:45.0195 5196 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:28:45.0264 5196 ACPI - ok
10:28:45.0339 5196 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:28:45.0376 5196 adp94xx - ok
10:28:45.0432 5196 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:28:45.0439 5196 adpahci - ok
10:28:45.0476 5196 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:28:45.0480 5196 adpu160m - ok
10:28:45.0517 5196 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:28:45.0522 5196 adpu320 - ok
10:28:45.0641 5196 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
10:28:45.0667 5196 Afc - ok
10:28:45.0745 5196 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:28:45.0789 5196 AFD - ok
10:28:45.0867 5196 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:28:45.0891 5196 agp440 - ok
10:28:45.0934 5196 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:28:45.0961 5196 aic78xx - ok
10:28:45.0993 5196 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:28:45.0995 5196 aliide - ok
10:28:46.0022 5196 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:28:46.0024 5196 amdagp - ok
10:28:46.0053 5196 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:28:46.0055 5196 amdide - ok
10:28:46.0078 5196 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:28:46.0081 5196 AmdK7 - ok
10:28:46.0125 5196 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:28:46.0127 5196 AmdK8 - ok
10:28:46.0210 5196 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:28:46.0237 5196 ApfiltrService - ok
10:28:46.0279 5196 aqeghpnx - ok
10:28:46.0313 5196 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:28:46.0316 5196 arc - ok
10:28:46.0362 5196 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:28:46.0396 5196 arcsas - ok
10:28:46.0443 5196 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:28:46.0445 5196 AsyncMac - ok
10:28:46.0508 5196 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:28:46.0510 5196 atapi - ok
10:28:46.0548 5196 ATE_PROCMON - ok
10:28:46.0626 5196 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
10:28:46.0629 5196 BCM42RLY - ok
10:28:46.0709 5196 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:28:46.0765 5196 BCM43XX - ok
10:28:46.0903 5196 bdtnfrjt - ok
10:28:46.0983 5196 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:28:47.0014 5196 Beep - ok
10:28:47.0115 5196 bhccrfbk - ok
10:28:47.0157 5196 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:28:47.0161 5196 blbdrive - ok
10:28:47.0173 5196 bmwglcjh - ok
10:28:47.0200 5196 bmxvdhkp - ok
10:28:47.0263 5196 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:28:47.0314 5196 bowser - ok
10:28:47.0367 5196 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:28:47.0391 5196 BrFiltLo - ok
10:28:47.0427 5196 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:28:47.0430 5196 BrFiltUp - ok
10:28:47.0468 5196 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:28:47.0473 5196 Brserid - ok
10:28:47.0527 5196 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:28:47.0553 5196 BrSerWdm - ok
10:28:47.0606 5196 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:28:47.0609 5196 BrUsbMdm - ok
10:28:47.0671 5196 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:28:47.0674 5196 BrUsbSer - ok
10:28:47.0770 5196 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:28:47.0773 5196 BthEnum - ok
10:28:47.0835 5196 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
10:28:47.0876 5196 BTHMODEM - ok
10:28:47.0917 5196 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:28:47.0921 5196 BthPan - ok
10:28:48.0008 5196 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:28:48.0061 5196 BTHPORT - ok
10:28:48.0165 5196 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:28:48.0180 5196 BTHUSB - ok
10:28:48.0209 5196 BTKRNL - ok
10:28:48.0281 5196 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
10:28:48.0298 5196 btwaudio - ok
10:28:48.0361 5196 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
10:28:48.0384 5196 btwavdt - ok
10:28:48.0420 5196 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
10:28:48.0438 5196 btwrchid - ok
10:28:48.0448 5196 btxmjell - ok
10:28:48.0462 5196 Bulk1528 - ok
10:28:48.0517 5196 Ca1528av - ok
10:28:48.0621 5196 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:28:48.0624 5196 cdfs - ok
10:28:48.0679 5196 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:28:48.0704 5196 cdrom - ok
10:28:48.0740 5196 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:28:48.0743 5196 circlass - ok
10:28:48.0796 5196 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:28:48.0802 5196 CLFS - ok
10:28:48.0813 5196 clqcetnr - ok
10:28:48.0918 5196 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:28:48.0920 5196 CmBatt - ok
10:28:48.0949 5196 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:28:48.0952 5196 cmdide - ok
10:28:49.0033 5196 COH_Mon (a02dc932f3806d29b39ef3114ce00405) C:\Windows\system32\Drivers\COH_Mon.sys
10:28:49.0035 5196 COH_Mon - ok
10:28:49.0055 5196 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:28:49.0057 5196 Compbatt - ok
10:28:49.0088 5196 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:28:49.0091 5196 crcdisk - ok
10:28:49.0112 5196 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:28:49.0114 5196 Crusoe - ok
10:28:49.0177 5196 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:28:49.0180 5196 DfsC - ok
10:28:49.0239 5196 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:28:49.0262 5196 disk - ok
10:28:49.0321 5196 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:28:49.0326 5196 Dot4 - ok
10:28:49.0394 5196 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:28:49.0397 5196 Dot4Print - ok
10:28:49.0447 5196 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:28:49.0490 5196 dot4usb - ok
10:28:49.0523 5196 dqqjxqdt - ok
10:28:49.0616 5196 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:28:49.0637 5196 drmkaud - ok
10:28:49.0756 5196 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:28:49.0821 5196 DXGKrnl - ok
10:28:49.0904 5196 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
10:28:49.0922 5196 e1express - ok
10:28:49.0962 5196 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:28:49.0967 5196 E1G60 - ok
10:28:50.0038 5196 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:28:50.0076 5196 Ecache - ok
10:28:50.0233 5196 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:28:50.0268 5196 eeCtrl - ok
10:28:50.0278 5196 eifvlegc - ok
10:28:50.0369 5196 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:28:50.0379 5196 elxstor - ok
10:28:50.0455 5196 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:28:50.0459 5196 EraserUtilRebootDrv - ok
10:28:50.0486 5196 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:28:50.0489 5196 ErrDev - ok
10:28:50.0595 5196 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:28:50.0630 5196 exfat - ok
10:28:50.0641 5196 exrmbvho - ok
10:28:50.0681 5196 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:28:50.0695 5196 fastfat - ok
10:28:50.0730 5196 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:28:50.0744 5196 fdc - ok
10:28:50.0807 5196 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:28:50.0809 5196 FileInfo - ok
10:28:50.0839 5196 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:28:50.0842 5196 Filetrace - ok
10:28:50.0883 5196 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:28:50.0886 5196 flpydisk - ok
10:28:50.0949 5196 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:28:50.0955 5196 FltMgr - ok
10:28:51.0036 5196 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
10:28:51.0095 5196 fssfltr - ok
10:28:51.0142 5196 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:28:51.0144 5196 Fs_Rec - ok
10:28:51.0177 5196 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:28:51.0180 5196 gagp30kx - ok
10:28:51.0228 5196 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:28:51.0237 5196 GEARAspiWDM - ok
10:28:51.0370 5196 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:28:51.0391 5196 HDAudBus - ok
10:28:51.0429 5196 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:28:51.0432 5196 HidBth - ok
10:28:51.0496 5196 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:28:51.0498 5196 HidIr - ok
10:28:51.0562 5196 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:28:51.0588 5196 HidUsb - ok
10:28:51.0647 5196 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:28:51.0650 5196 HpCISSs - ok
10:28:51.0756 5196 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
10:28:51.0789 5196 HSF_DPV - ok
10:28:51.0848 5196 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
10:28:51.0864 5196 HSXHWAZL - ok
10:28:52.0007 5196 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
10:28:52.0031 5196 HTCAND32 - ok
10:28:52.0100 5196 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
10:28:52.0109 5196 HTTP - ok
10:28:52.0153 5196 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:28:52.0182 5196 i2omp - ok
10:28:52.0237 5196 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:28:52.0241 5196 i8042prt - ok
10:28:52.0302 5196 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\drivers\iastor.sys
10:28:52.0306 5196 iaStor - ok
10:28:52.0380 5196 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:28:52.0386 5196 iaStorV - ok
10:28:52.0512 5196 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:28:52.0599 5196 igfx - ok
10:28:52.0631 5196 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:28:52.0634 5196 iirsp - ok
10:28:52.0731 5196 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
10:28:52.0736 5196 IntcHdmiAddService - ok
10:28:52.0769 5196 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
10:28:52.0800 5196 intelide - ok
10:28:52.0864 5196 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:28:52.0866 5196 intelppm - ok
10:28:52.0910 5196 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:28:52.0912 5196 IpFilterDriver - ok
10:28:52.0928 5196 IpInIp - ok
10:28:52.0958 5196 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:28:52.0961 5196 IPMIDRV - ok
10:28:52.0986 5196 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:28:52.0989 5196 IPNAT - ok
10:28:53.0040 5196 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:28:53.0042 5196 IRENUM - ok
10:28:53.0063 5196 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:28:53.0065 5196 isapnp - ok
10:28:53.0125 5196 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:28:53.0129 5196 iScsiPrt - ok
10:28:53.0157 5196 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:28:53.0159 5196 iteatapi - ok
10:28:53.0218 5196 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:28:53.0221 5196 iteraid - ok
10:28:53.0231 5196 iwjhqewb - ok
10:28:53.0245 5196 jucjmdsy - ok
10:28:53.0280 5196 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:28:53.0283 5196 kbdclass - ok
10:28:53.0325 5196 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
10:28:53.0328 5196 kbdhid - ok
10:28:53.0343 5196 kmhicnua - ok
10:28:53.0357 5196 knocomsb - ok
10:28:53.0419 5196 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:28:53.0449 5196 KSecDD - ok
10:28:53.0569 5196 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:28:53.0572 5196 lltdio - ok
10:28:53.0650 5196 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:28:53.0654 5196 LSI_FC - ok
10:28:53.0708 5196 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:28:53.0713 5196 LSI_SAS - ok
10:28:53.0778 5196 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:28:53.0783 5196 LSI_SCSI - ok
10:28:53.0824 5196 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:28:53.0828 5196 luafv - ok
10:28:53.0891 5196 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
10:28:53.0940 5196 MBAMProtector - ok
10:28:54.0015 5196 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:28:54.0018 5196 mdmxsdk - ok
10:28:54.0068 5196 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:28:54.0071 5196 megasas - ok
10:28:54.0107 5196 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:28:54.0127 5196 MegaSR - ok
10:28:54.0249 5196 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
10:28:54.0272 5196 mfeavfk - ok
10:28:54.0302 5196 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
10:28:54.0347 5196 mfebopk - ok
10:28:54.0441 5196 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
10:28:54.0448 5196 mfehidk - ok
10:28:54.0512 5196 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
10:28:54.0558 5196 mferkdk - ok
10:28:54.0605 5196 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
10:28:54.0631 5196 mfesmfk - ok
10:28:54.0725 5196 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:28:54.0728 5196 Modem - ok
10:28:54.0877 5196 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:28:54.0879 5196 monitor - ok
10:28:54.0891 5196 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:28:54.0894 5196 mouclass - ok
10:28:54.0921 5196 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:28:54.0923 5196 mouhid - ok
10:28:54.0949 5196 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:28:54.0951 5196 MountMgr - ok
10:28:55.0023 5196 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
10:28:55.0027 5196 MpFilter - ok
10:28:55.0060 5196 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:28:55.0064 5196 mpio - ok
10:28:55.0192 5196 MpKsl12f8502f - ok
10:28:55.0202 5196 MpKsl237f3bc2 - ok
10:28:55.0268 5196 MpKsl240e3b05 - ok
10:28:55.0276 5196 MpKsl25901d3a - ok
10:28:55.0287 5196 MpKsl494f88fd - ok
10:28:55.0399 5196 MpKsl49abbd05 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{056DB983-01E5-4367-8360-40AC4366B60B}\MpKsl49abbd05.sys
10:28:55.0418 5196 MpKsl49abbd05 - ok
10:28:55.0423 5196 MpKsl57c77299 - ok
10:28:55.0431 5196 MpKsl621cf344 - ok
10:28:55.0482 5196 MpKsl6b1f89d3 - ok
10:28:55.0490 5196 MpKsl6d0b3628 - ok
10:28:55.0560 5196 MpKsl73446b41 - ok
10:28:55.0573 5196 MpKsl8759028f - ok
10:28:55.0585 5196 MpKsl9f0972f4 - ok
10:28:55.0683 5196 MpKslccaecd6f (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{056DB983-01E5-4367-8360-40AC4366B60B}\MpKslccaecd6f.sys
10:28:55.0685 5196 MpKslccaecd6f - ok
10:28:55.0817 5196 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:28:55.0819 5196 MpNWMon - ok
10:28:55.0875 5196 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:28:55.0878 5196 mpsdrv - ok
10:28:55.0941 5196 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:28:55.0943 5196 Mraid35x - ok
10:28:56.0009 5196 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:28:56.0013 5196 MRxDAV - ok
10:28:56.0072 5196 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:28:56.0098 5196 mrxsmb - ok
10:28:56.0144 5196 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:28:56.0150 5196 mrxsmb10 - ok
10:28:56.0190 5196 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:28:56.0221 5196 mrxsmb20 - ok
10:28:56.0248 5196 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
10:28:56.0254 5196 msahci - ok
10:28:56.0289 5196 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:28:56.0293 5196 msdsm - ok
10:28:56.0351 5196 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:28:56.0353 5196 Msfs - ok
10:28:56.0382 5196 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:28:56.0384 5196 msisadrv - ok
10:28:56.0420 5196 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:28:56.0422 5196 MSKSSRV - ok
10:28:56.0450 5196 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:28:56.0506 5196 MSPCLOCK - ok
10:28:56.0537 5196 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:28:56.0539 5196 MSPQM - ok
10:28:56.0599 5196 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:28:56.0604 5196 MsRPC - ok
10:28:56.0644 5196 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:28:56.0646 5196 mssmbios - ok
10:28:56.0668 5196 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:28:56.0671 5196 MSTEE - ok
10:28:56.0683 5196 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:28:56.0704 5196 Mup - ok
10:28:56.0715 5196 mwygtnap - ok
10:28:56.0791 5196 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:28:56.0796 5196 NativeWifiP - ok
10:28:56.0985 5196 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111128.002\NAVENG.SYS
10:28:56.0990 5196 NAVENG - ok
10:28:57.0054 5196 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111128.002\NAVEX15.SYS
10:28:57.0111 5196 NAVEX15 - ok
10:28:57.0194 5196 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:28:57.0217 5196 NDIS - ok
10:28:57.0308 5196 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:28:57.0311 5196 NdisTapi - ok
10:28:57.0362 5196 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:28:57.0388 5196 Ndisuio - ok
10:28:57.0439 5196 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:28:57.0466 5196 NdisWan - ok
10:28:57.0535 5196 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:28:57.0538 5196 NDProxy - ok
10:28:57.0583 5196 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:28:57.0585 5196 NetBIOS - ok
10:28:57.0641 5196 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:28:57.0664 5196 netbt - ok
10:28:57.0720 5196 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:28:57.0740 5196 nfrd960 - ok
10:28:57.0786 5196 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:28:57.0789 5196 NisDrv - ok
10:28:57.0873 5196 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:28:57.0909 5196 Npfs - ok
10:28:57.0946 5196 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:28:57.0948 5196 nsiproxy - ok
10:28:58.0039 5196 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:28:58.0073 5196 Ntfs - ok
10:28:58.0109 5196 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:28:58.0112 5196 ntrigdigi - ok
10:28:58.0145 5196 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:28:58.0147 5196 Null - ok
10:28:58.0307 5196 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:28:58.0312 5196 nvraid - ok
10:28:58.0336 5196 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:28:58.0340 5196 nvstor - ok
10:28:58.0381 5196 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:28:58.0410 5196 nv_agp - ok
10:28:58.0423 5196 NwlnkFlt - ok
10:28:58.0439 5196 NwlnkFwd - ok
10:28:58.0531 5196 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:28:58.0551 5196 ohci1394 - ok
10:28:58.0638 5196 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys
10:28:58.0641 5196 Packet - ok
10:28:58.0660 5196 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:28:58.0665 5196 Parport - ok
10:28:58.0716 5196 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:28:58.0719 5196 partmgr - ok
10:28:58.0746 5196 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:28:58.0749 5196 Parvdm - ok
10:28:58.0816 5196 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:28:58.0821 5196 pci - ok
10:28:58.0838 5196 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:28:58.0841 5196 pciide - ok
10:28:58.0873 5196 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:28:58.0880 5196 pcmcia - ok
10:28:58.0934 5196 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
10:28:58.0941 5196 PCTCore - ok
10:28:58.0995 5196 pctDS (af08ec0f2093867ab955e24121ee7002) C:\Windows\system32\drivers\pctDS.sys
10:28:59.0033 5196 pctDS - ok
10:28:59.0082 5196 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\Windows\system32\drivers\pctEFA.sys
10:28:59.0128 5196 pctEFA - ok
10:28:59.0233 5196 pctgntdi (44fd6a1042c766df69bc6ba55780019d) C:\Windows\System32\drivers\pctgntdi.sys
10:28:59.0326 5196 pctgntdi - ok
10:28:59.0384 5196 pctplsg (b5d22f79943e156bf8fabf1e4888820c) C:\Windows\System32\drivers\pctplsg.sys
10:28:59.0388 5196 pctplsg - ok
10:28:59.0446 5196 PCTSD (86b9af53e46d0618d230608aed82622f) C:\Windows\system32\Drivers\PCTSD.sys
10:28:59.0450 5196 PCTSD - ok
10:28:59.0522 5196 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:28:59.0558 5196 PEAUTH - ok
10:28:59.0710 5196 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\Windows\system32\DRIVERS\pneteth.sys
10:28:59.0739 5196 pneteth - ok
10:28:59.0797 5196 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:28:59.0801 5196 PptpMiniport - ok
10:28:59.0834 5196 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:28:59.0838 5196 Processor - ok
10:28:59.0895 5196 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:28:59.0901 5196 PSched - ok
10:28:59.0971 5196 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
10:28:59.0994 5196 PxHelp20 - ok
10:29:00.0113 5196 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:29:00.0267 5196 ql2300 - ok
10:29:00.0447 5196 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:29:00.0453 5196 ql40xx - ok
10:29:00.0491 5196 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:29:00.0493 5196 QWAVEdrv - ok
10:29:00.0607 5196 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
10:29:00.0664 5196 R300 - ok
10:29:00.0730 5196 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:29:00.0732 5196 RasAcd - ok
10:29:00.0769 5196 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:29:00.0773 5196 Rasl2tp - ok
10:29:00.0849 5196 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:29:00.0852 5196 RasPppoe - ok
10:29:00.0888 5196 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:29:00.0913 5196 RasSstp - ok
10:29:01.0002 5196 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:29:01.0007 5196 rdbss - ok
10:29:01.0103 5196 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:29:01.0105 5196 RDPCDD - ok
10:29:01.0150 5196 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:29:01.0157 5196 rdpdr - ok
10:29:01.0169 5196 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:29:01.0174 5196 RDPENCDD - ok
10:29:01.0249 5196 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:29:01.0262 5196 RDPWD - ok
10:29:01.0330 5196 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:29:01.0335 5196 RFCOMM - ok
10:29:01.0414 5196 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
10:29:01.0449 5196 rimmptsk - ok
10:29:01.0487 5196 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
10:29:01.0499 5196 rimsptsk - ok
10:29:01.0531 5196 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
10:29:01.0534 5196 rismxdp - ok
10:29:01.0597 5196 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:29:01.0600 5196 rspndr - ok
10:29:01.0634 5196 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:29:01.0637 5196 sbp2port - ok
10:29:01.0707 5196 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
10:29:01.0711 5196 sdbus - ok
10:29:01.0766 5196 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:29:01.0768 5196 secdrv - ok
10:29:01.0804 5196 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:29:01.0806 5196 Serenum - ok
10:29:01.0833 5196 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:29:01.0836 5196 Serial - ok
10:29:01.0861 5196 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:29:01.0863 5196 sermouse - ok
10:29:01.0918 5196 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
10:29:01.0920 5196 sffdisk - ok
10:29:01.0997 5196 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:29:02.0000 5196 sffp_mmc - ok
10:29:02.0057 5196 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:29:02.0115 5196 sffp_sd - ok
10:29:02.0158 5196 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:29:02.0161 5196 sfloppy - ok
10:29:02.0209 5196 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:29:02.0224 5196 sisagp - ok
10:29:02.0274 5196 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:29:02.0277 5196 SiSRaid2 - ok
10:29:02.0304 5196 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:29:02.0308 5196 SiSRaid4 - ok
10:29:02.0390 5196 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:29:02.0439 5196 Smb - ok
10:29:02.0793 5196 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
10:29:02.0803 5196 SPBBCDrv - ok
10:29:03.0122 5196 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:29:03.0125 5196 spldr - ok
10:29:03.0275 5196 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
10:29:03.0281 5196 SRTSP - ok
10:29:03.0379 5196 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
10:29:03.0389 5196 SRTSPL - ok
10:29:03.0503 5196 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
10:29:03.0532 5196 SRTSPX - ok
10:29:03.0582 5196 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:29:03.0591 5196 srv - ok
10:29:03.0672 5196 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:29:03.0719 5196 srv2 - ok
10:29:03.0784 5196 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:29:03.0833 5196 srvnet - ok
10:29:03.0915 5196 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
10:29:03.0924 5196 STHDA - ok
10:29:03.0991 5196 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:29:04.0015 5196 swenum - ok
10:29:04.0130 5196 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:29:04.0134 5196 Symc8xx - ok
10:29:04.0209 5196 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\Windows\system32\Drivers\SYMEVENT.SYS
10:29:04.0227 5196 SymEvent - ok
10:29:04.0344 5196 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
10:29:04.0533 5196 SYMREDRV - ok
10:29:04.0703 5196 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
10:29:04.0733 5196 SYMTDI - ok
10:29:04.0813 5196 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:29:04.0816 5196 Sym_hi - ok
10:29:04.0853 5196 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:29:04.0857 5196 Sym_u3 - ok
10:29:04.0939 5196 SysPlant (8adc033c77b2b006ea59beb2c8c6a38b) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
10:29:04.0943 5196 SysPlant - ok
10:29:05.0059 5196 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
10:29:05.0126 5196 Tcpip - ok
10:29:05.0176 5196 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
10:29:05.0186 5196 Tcpip6 - ok
10:29:05.0269 5196 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
10:29:05.0272 5196 tcpipreg - ok
10:29:05.0352 5196 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:29:05.0355 5196 TDPIPE - ok
10:29:05.0390 5196 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:29:05.0394 5196 TDTCP - ok
10:29:05.0460 5196 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:29:05.0464 5196 tdx - ok
10:29:05.0572 5196 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\Windows\system32\DRIVERS\teefer2.sys
10:29:05.0576 5196 Teefer2 - ok
10:29:05.0649 5196 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:29:05.0656 5196 TermDD - ok
10:29:05.0773 5196 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:29:05.0776 5196 tssecsrv - ok
10:29:05.0847 5196 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:29:05.0850 5196 tunmp - ok
10:29:05.0920 5196 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:29:05.0947 5196 tunnel - ok
10:29:05.0997 5196 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:29:06.0001 5196 uagp35 - ok
10:29:06.0064 5196 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:29:06.0072 5196 udfs - ok
10:29:06.0145 5196 ugxdemgf - ok
10:29:06.0199 5196 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:29:06.0203 5196 uliagpkx - ok
10:29:06.0253 5196 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:29:06.0261 5196 uliahci - ok
10:29:06.0304 5196 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:29:06.0308 5196 UlSata - ok
10:29:06.0377 5196 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:29:06.0381 5196 ulsata2 - ok
10:29:06.0454 5196 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:29:06.0457 5196 umbus - ok
10:29:06.0608 5196 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:29:06.0628 5196 USBAAPL - ok
10:29:06.0704 5196 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
10:29:06.0724 5196 usbaudio - ok
10:29:06.0794 5196 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:29:06.0798 5196 usbccgp - ok
10:29:06.0841 5196 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:29:06.0845 5196 usbcir - ok
10:29:06.0916 5196 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:29:06.0919 5196 usbehci - ok
10:29:06.0976 5196 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:29:06.0982 5196 usbhub - ok
10:29:07.0019 5196 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:29:07.0046 5196 usbohci - ok
10:29:07.0103 5196 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:29:07.0106 5196 usbprint - ok
10:29:07.0171 5196 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:29:07.0175 5196 usbscan - ok
10:29:07.0223 5196 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:29:07.0224 5196 USBSTOR - ok
10:29:07.0273 5196 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:29:07.0276 5196 usbuhci - ok
10:29:07.0356 5196 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
10:29:07.0401 5196 usb_rndisx - ok
10:29:07.0433 5196 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:29:07.0453 5196 vga - ok
10:29:07.0485 5196 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:29:07.0487 5196 VgaSave - ok
10:29:07.0521 5196 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:29:07.0524 5196 viaagp - ok
10:29:07.0569 5196 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:29:07.0572 5196 ViaC7 - ok
10:29:07.0593 5196 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:29:07.0595 5196 viaide - ok
10:29:07.0629 5196 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:29:07.0632 5196 volmgr - ok
10:29:07.0695 5196 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:29:07.0702 5196 volmgrx - ok
10:29:07.0744 5196 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:29:07.0751 5196 volsnap - ok
10:29:07.0791 5196 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:29:07.0811 5196 vsmraid - ok
10:29:07.0889 5196 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:29:07.0891 5196 WacomPen - ok
10:29:07.0916 5196 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:29:07.0918 5196 Wanarp - ok
10:29:07.0923 5196 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:29:07.0925 5196 Wanarpv6 - ok
10:29:08.0002 5196 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
10:29:08.0021 5196 wanatw - ok
10:29:08.0062 5196 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:29:08.0064 5196 Wd - ok
10:29:08.0098 5196 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:29:08.0119 5196 Wdf01000 - ok
10:29:08.0206 5196 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:29:08.0229 5196 winachsf - ok
10:29:08.0314 5196 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
10:29:08.0317 5196 winusb - ok
10:29:08.0361 5196 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:29:08.0364 5196 WmiAcpi - ok
10:29:08.0439 5196 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:29:08.0462 5196 WpdUsb - ok
10:29:08.0532 5196 WPS (d48d0b1b5fdc074373c624af3b573412) C:\Windows\system32\drivers\wpsdrvnt.sys
10:29:08.0534 5196 WPS - ok
10:29:08.0597 5196 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
10:29:08.0602 5196 WpsHelper - ok
10:29:08.0654 5196 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:29:08.0659 5196 ws2ifsl - ok
10:29:08.0709 5196 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:29:08.0714 5196 WUDFRd - ok
10:29:08.0819 5196 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
10:29:08.0822 5196 XAudio - ok
10:29:08.0864 5196 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
10:29:08.0871 5196 yukonwlh - ok
10:29:08.0967 5196 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
10:29:08.0993 5196 \Device\Harddisk0\DR0 - ok
10:29:09.0006 5196 Boot (0x1200) (c65ebb53ad6ab8ce1915d4348cce8aee) \Device\Harddisk0\DR0\Partition0
10:29:09.0008 5196 \Device\Harddisk0\DR0\Partition0 - ok
10:29:09.0013 5196 Boot (0x1200) (e6843beafbec1fbbf311901df45eb867) \Device\Harddisk0\DR0\Partition1
10:29:09.0015 5196 \Device\Harddisk0\DR0\Partition1 - ok
10:29:09.0019 5196 ============================================================
10:29:09.0019 5196 Scan finished
10:29:09.0019 5196 ============================================================
10:29:09.0037 5788 Detected object count: 0
10:29:09.0037 5788 Actual detected object count: 0

#5 ajordanxi

ajordanxi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 29 November 2011 - 11:26 AM

Here are the results from SAS:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/29/2011 at 10:57 AM

Application Version : 5.0.1136

Core Rules Database Version : 7996
Trace Rules Database Version: 5808

Scan type : Quick Scan
Total Scan Time : 00:20:14

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 880
Memory threats detected : 0
Registry items scanned : 31127
Registry threats detected : 10
File items scanned : 11630
File threats detected : 181

Adware.MyWebSearch/FunWebProducts
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version

Adware.Tracking Cookie
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\steve@atdmt[2].txt [ /atdmt ]
.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.akamai.interclickproxy.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
discoveraaa.advertserve.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\27Q2NSZP.txt [ /doubleclick.net ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\IS8MQUO0.txt [ Cookie:steve@mediabrandsww.com/ ]
a.intentmedia.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1YLHZ5S.txt [ Cookie:steve@adsonar.com/adserving ]
a.intentmedia.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\JJMBFKO2.txt [ Cookie:steve@e-2dj6wfkicmd5seo.stats.esomniture.com/ ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9TMIFPKG.txt [ Cookie:steve@legolas-media.com/ ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\37CNO47Q.txt [ Cookie:steve@adxpose.com/ ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\steve@secure-niketown.nike[1].txt [ Cookie:steve@secure-niketown.nike.com/niketown/account/ ]
.traffichaus.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
www.pornhub.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
www.pornhub.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
ads.trafficjunky.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.delivery.trafficjunky.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.exoclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\01TOL3E4.txt [ Cookie:steve@doubleclick.net/ ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MRVAZEV.txt [ Cookie:steve@interclick.com/ ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SW1DS5I0.txt [ Cookie:steve@invitemedia.com/ ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YT91PPW6.txt [ Cookie:steve@e-2dj6wjliwndpwbp.stats.esomniture.com/ ]
.adxpose.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkycnazcao.stats.esomniture.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\I9AGQAJF.txt [ Cookie:steve@media6degrees.com/ ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\15OZVSHR.txt [ Cookie:steve@a1.interclick.com/ ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2PG1WYX8.txt [ Cookie:steve@g.blogads.com/ ]
.clickfuse.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\T6R4FXLK.txt [ Cookie:steve@imrworldwide.com/cgi-bin ]
.media.adfrontiers.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQ0J5Q37.txt [ Cookie:steve@lucidmedia.com/ ]
www.googleadservices.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UYFO9T3T.txt [ Cookie:steve@akamai.interclickproxy.com/ ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUJDVU50.txt [ Cookie:steve@atdmt.com/ ]
.adinterax.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YVBSY3C0.txt [ Cookie:steve@pointroll.com/ ]
C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8GIRBH5C.txt [ Cookie:steve@dc.tremormedia.com/ ]
eas.apm.emediate.eu [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\Cookies\27Q2NSZP.txt [ Cookie:steve@doubleclick.net/ ]
.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
C:\USERS\STEVE\Cookies\steve@atdmt[2].txt [ Cookie:steve@atdmt.com/ ]
.h.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.accountonline.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.accountonline.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
counters.gigya.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.media2.legacy.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
pubads.g.doubleclick.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.gsimedia.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
media.gsimedia.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
oneclickmoviez.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.oneclickmoviez.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.oneclickmoviez.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.oneclickmoviez.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
oneclickmoviez.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.redorbit.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.redorbit.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.redorbit.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.redorbit.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
www.redorbit.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.redorbit.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.asrvstatsmanager.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.asrvstatsmanager.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
pubads.g.doubleclick.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
f.blogads.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
f.blogads.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
f.blogads.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.cdn.complexmedianetwork.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.cdn.complexmedianetwork.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.cdn.complexmedianetwork.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.viewablemedia.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
adsintermedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
origin-tracking.trulia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BX1VIRJI.DEFAULT\COOKIES.SQLITE ]

Adware.CouponBar
C:\USERS\STEVE\APPDATA\LOCAL\TEMP\CPNPRT2.CID

I have now done all of the above as per your request. Please advise. Thanks.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 AM

Posted 29 November 2011 - 01:07 PM

Hello, A few things... You are nearing the 15% (32.25/your drive) free space.. Drive c: (OS) (Fixed) (Total:215.7 GB) (Free:33.56 GB) NTFS. This is an area where some slowness will develop as the machine is becoming too full for such things as the Swap or Page File. if you can find some old Apps or things to remove do so.


I'd like toi do an Online scan and be sure nothing is left,then Update to Java and and Adobe Reader X or 10.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

Edited by boopme, 29 November 2011 - 01:12 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 ajordanxi

ajordanxi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 30 November 2011 - 10:05 AM

Here is the results from the ESETScan:

C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\bx1virji.default\extensions\{eced4789-231b-43f2-acba-55656b9a29c7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\bx1virji.default\extensions\{eced4789-231b-43f2-acba-55656b9a29c7}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Users\Steve\Downloads\SONY PRODUCTS MULTI KEYGEN DIGITAL INSANITY VERSION 1.8\SONY PRODUCTS MULTI KEYGEN DIGITAL INSANITY VERSION 1.8.rar a variant of Win32/Keygen.AR application deleted - quarantined
C:\Users\Steve\Programs\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Users\Steve\Programs\fl10\flstudio_10.0.exe Win32/OpenCandy application deleted - quarantined

#8 ajordanxi

ajordanxi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 30 November 2011 - 11:06 AM

I have successfully updated Java and Adobe Reader please advise. Thanks.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 AM

Posted 30 November 2011 - 01:20 PM

You are infected by the use of Keygens..
Looks clean but I cannot promise you'll stay that way.

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!

I feel we have cleaned it but if they remain you will be reinfected.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users