Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacker: Tubby


  • Please log in to reply
6 replies to this topic

#1 nickvlad

nickvlad

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 04 February 2012 - 02:29 PM

Recently, people on my contact list have been receiving random emails from my yahoo email account. I have the free version avast running on my computer. I also have super anti-spyware malware mal-bytes running. When I ran SAS, it told me i had the browser hijacker:tubby but that was it. I told it to remove the hijacker, but emails continue to go out occasionally. Any thoughts?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:41 PM

Posted 04 February 2012 - 02:38 PM

Hello, I moved this to the Am I Infected forum.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

Please also do these and let me know.
Post your MBAM and SAS los for review.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 nickvlad

nickvlad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 05 February 2012 - 10:59 AM

Yes, I am on a router.

Not sure what you mean by redirecting. I did run virus scans on all of the computers and only one showed hijacker:tubby.

Yes, we use Firefox. We also use Chrome and IE. One computer uses Vista and the others use XP.

MBAM log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Morgan :: FDFXGFGF-84D294 [administrator]

1/27/2012 4:26:34 PM
mbam-log-2012-01-27 (16-26-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174880
Time elapsed: 30 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SAS log - didn't have an original log, so I ran a new one today.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/05/2012 at 10:44 AM

Application Version : 5.0.1144

Core Rules Database Version : 8203
Trace Rules Database Version: 6015

Scan type : Quick Scan
Total Scan Time : 00:34:58

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 501
Memory threats detected : 0
Registry items scanned : 29377
Registry threats detected : 0
File items scanned : 10742
File threats detected : 173

Adware.Tracking Cookie
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.gamersmedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.gamersmedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.gamersmedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.spartzmedia.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Documents and Settings\Morgan\Cookies\JRJHNFW3.txt [ /media6degrees.com ]
C:\Documents and Settings\Morgan\Cookies\STET438D.txt [ /questionmarket.com ]
C:\Documents and Settings\Morgan\Cookies\92UDC577.txt [ /zedo.com ]
C:\Documents and Settings\Morgan\Cookies\FZLG9WHL.txt [ /a1.interclick.com ]
C:\Documents and Settings\Morgan\Cookies\S1AD0WDM.txt [ /pro-market.net ]
C:\Documents and Settings\Morgan\Cookies\X46VKZQH.txt [ /advertising.com ]
C:\Documents and Settings\Morgan\Cookies\2CIQ4JAG.txt [ /invitemedia.com ]
C:\Documents and Settings\Morgan\Cookies\URL3LRZ9.txt [ /mediaplex.com ]
C:\Documents and Settings\Morgan\Cookies\G5IBLC0J.txt [ /insightexpressai.com ]
C:\Documents and Settings\Morgan\Cookies\YW0E22X5.txt [ /casalemedia.com ]
C:\Documents and Settings\Morgan\Cookies\SJTDFF0V.txt [ /revsci.net ]
C:\Documents and Settings\Morgan\Cookies\5ZWLFHTW.txt [ /ehg-reddoorinteractive.hitbox.com ]
C:\Documents and Settings\Morgan\Cookies\6TYBOEW3.txt [ /akamai.interclickproxy.com ]
C:\Documents and Settings\Morgan\Cookies\T7PW2EMN.txt [ /doubleclick.net ]
C:\Documents and Settings\Morgan\Cookies\NJCNIXRL.txt [ /ad.wsod.com ]
C:\Documents and Settings\Morgan\Cookies\0MNW4R05.txt [ /nextag.com ]
C:\Documents and Settings\Morgan\Cookies\FBBQRHKE.txt [ /interchangecorporation.122.2o7.net ]
C:\Documents and Settings\Morgan\Cookies\DBJ1KK56.txt [ /in.getclicky.com ]
C:\Documents and Settings\Morgan\Cookies\1LMDCW2Z.txt [ /sales.liveperson.net ]
C:\Documents and Settings\Morgan\Cookies\FSOEFIB7.txt [ /ads.saymedia.com ]
C:\Documents and Settings\Morgan\Cookies\LFIW7PSB.txt [ /yieldmanager.net ]
C:\Documents and Settings\Morgan\Cookies\N3CBPFYS.txt [ /hitbox.com ]
C:\Documents and Settings\Morgan\Cookies\UH2VOEJ0.txt [ /adbrite.com ]
C:\Documents and Settings\Morgan\Cookies\I74T1KD2.txt [ /lucidmedia.com ]
C:\Documents and Settings\Morgan\Cookies\6TAELZLS.txt [ /trafficmp.com ]
C:\Documents and Settings\Morgan\Cookies\9EWSWE2Z.txt [ /realmedia.com ]
C:\Documents and Settings\Morgan\Cookies\X2DLLUA8.txt [ /kontera.com ]
C:\Documents and Settings\Morgan\Cookies\TB6H2UUM.txt [ /atwola.com ]
C:\Documents and Settings\Morgan\Cookies\XYN2IHS5.txt [ /media2.legacy.com ]
C:\Documents and Settings\Morgan\Cookies\NN0S0AZJ.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\Morgan\Cookies\I2W0HUXD.txt [ /c.atdmt.com ]
C:\Documents and Settings\Morgan\Cookies\2II4W438.txt [ /ads.nba.com ]
C:\Documents and Settings\Morgan\Cookies\I0M5DQDI.txt [ /clickbooth.com ]
C:\Documents and Settings\Morgan\Cookies\DM6N3QKG.txt [ /traveladvertising.com ]
C:\Documents and Settings\Morgan\Cookies\27FBGQG6.txt [ /2o7.net ]
C:\Documents and Settings\Morgan\Cookies\62DUEIDW.txt [ /pointroll.com ]
C:\Documents and Settings\Morgan\Cookies\OMWBYP2H.txt [ /nintendo.112.2o7.net ]
C:\Documents and Settings\Morgan\Cookies\AJYDW7SI.txt [ /liveperson.net ]
C:\Documents and Settings\Morgan\Cookies\NXP4V4TW.txt [ /lfstmedia.com ]
C:\Documents and Settings\Morgan\Cookies\AFOC9ZB0.txt [ /imrworldwide.com ]
C:\Documents and Settings\Morgan\Cookies\5UTPS9UK.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\Morgan\Cookies\F0RX6DV9.txt [ /andomedia.com ]
C:\Documents and Settings\Morgan\Cookies\NUQMDC58.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Morgan\Cookies\ETVOCLVN.txt [ /statcounter.com ]
C:\Documents and Settings\Morgan\Cookies\SK9G3Y37.txt [ /c.gigcount.com ]
C:\Documents and Settings\Morgan\Cookies\0JHV37SD.txt [ /specificclick.net ]
C:\Documents and Settings\Morgan\Cookies\6G2JEJGD.txt [ /brownshoe.112.2o7.net ]
C:\Documents and Settings\Morgan\Cookies\1O1TQWXI.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Morgan\Cookies\O2JWVVOZ.txt [ /collective-media.net ]
C:\Documents and Settings\Morgan\Cookies\V8IHW0NE.txt [ /ar.atwola.com ]
C:\Documents and Settings\Morgan\Cookies\7S0VQQ38.txt [ /serving-sys.com ]
C:\Documents and Settings\Morgan\Cookies\8R9046VK.txt [ /warnerbros.112.2o7.net ]
C:\Documents and Settings\Morgan\Cookies\K95MJTGX.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Morgan\Cookies\PQM7EJZP.txt [ /r1-ads.ace.advertising.com ]
C:\Documents and Settings\Morgan\Cookies\813YVEHT.txt [ /fastclick.net ]
C:\Documents and Settings\Morgan\Cookies\99F2F60A.txt [ /www.burstnet.com ]
C:\Documents and Settings\Morgan\Cookies\916JQKS0.txt [ /apmebf.com ]
C:\Documents and Settings\Morgan\Cookies\KH6O3THZ.txt [ /at.atwola.com ]
C:\Documents and Settings\Morgan\Cookies\03KAW80T.txt [ /atdmt.com ]
C:\Documents and Settings\Morgan\Cookies\E6NCWNS0.txt [ /adinterax.com ]
C:\Documents and Settings\Morgan\Cookies\0HJESSS2.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Morgan\Cookies\7WBNUECP.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\Morgan\Cookies\M5KKNL61.txt [ /adxpose.com ]
C:\Documents and Settings\Morgan\Cookies\NQLVDSXN.txt [ /cdn.at.atwola.com ]
C:\Documents and Settings\Morgan\Cookies\FAXGH2W5.txt [ /liveperson.net ]
C:\Documents and Settings\Morgan\Cookies\BVLBCEYF.txt [ /ru4.com ]
C:\Documents and Settings\Morgan\Cookies\FEUX448Z.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Morgan\Cookies\UF5RF6W0.txt [ /tribalfusion.com ]
C:\Documents and Settings\Morgan\Cookies\FSW41ZOF.txt [ /legolas-media.com ]
C:\Documents and Settings\Morgan\Cookies\FFR6G3HL.txt [ /interclick.com ]
C:\Documents and Settings\Morgan\Cookies\3HKJSIYU.txt [ /ads.undertone.com ]
C:\Documents and Settings\Morgan\Cookies\MS9RC3VR.txt [ /dmtracker.com ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\HLGWR9E7.txt [ Cookie:morgan@adsonar.com/adserving ]

TDSSKiller log:

09:49:57.0692 0200 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
09:49:58.0020 0200 ============================================================
09:49:58.0020 0200 Current date / time: 2012/02/05 09:49:58.0020
09:49:58.0020 0200 SystemInfo:
09:49:58.0036 0200
09:49:58.0036 0200 OS Version: 5.1.2600 ServicePack: 3.0
09:49:58.0036 0200 Product type: Workstation
09:49:58.0036 0200 ComputerName: FDFXGFGF-84D294
09:49:58.0036 0200 UserName: Morgan
09:49:58.0036 0200 Windows directory: C:\WINDOWS
09:49:58.0036 0200 System windows directory: C:\WINDOWS
09:49:58.0036 0200 Processor architecture: Intel x86
09:49:58.0036 0200 Number of processors: 1
09:49:58.0036 0200 Page size: 0x1000
09:49:58.0036 0200 Boot type: Normal boot
09:49:58.0036 0200 ============================================================
09:50:03.0692 0200 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:50:03.0739 0200 Drive \Device\Harddisk1\DR2 - Size: 0x1DF80000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:50:03.0739 0200 \Device\Harddisk0\DR0:
09:50:03.0786 0200 MBR used
09:50:03.0786 0200 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
09:50:03.0786 0200 \Device\Harddisk1\DR2:
09:50:03.0786 0200 MBR used
09:50:03.0786 0200 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0xEFBE0
09:50:04.0317 0200 Initialize success
09:50:04.0317 0200 ============================================================
09:50:20.0239 3392 ============================================================
09:50:20.0239 3392 Scan started
09:50:20.0239 3392 Mode: Manual;
09:50:20.0239 3392 ============================================================
09:50:20.0926 3392 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
09:50:20.0942 3392 Aavmker4 - ok
09:50:21.0364 3392 Abiosdsk - ok
09:50:21.0614 3392 abp480n5 - ok
09:50:22.0004 3392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:50:22.0067 3392 ACPI - ok
09:50:22.0520 3392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:50:22.0520 3392 ACPIEC - ok
09:50:22.0786 3392 adpu160m - ok
09:50:23.0411 3392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:50:23.0458 3392 aec - ok
09:50:23.0754 3392 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:50:23.0770 3392 AegisP - ok
09:50:24.0192 3392 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:50:24.0223 3392 AFD - ok
09:50:24.0645 3392 Aha154x - ok
09:50:24.0895 3392 aic78u2 - ok
09:50:25.0145 3392 aic78xx - ok
09:50:25.0411 3392 AliIde - ok
09:50:25.0833 3392 amsint - ok
09:50:26.0083 3392 asc - ok
09:50:26.0348 3392 asc3350p - ok
09:50:26.0754 3392 asc3550 - ok
09:50:27.0051 3392 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:50:27.0051 3392 aswFsBlk - ok
09:50:27.0395 3392 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
09:50:27.0395 3392 aswMon2 - ok
09:50:27.0833 3392 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
09:50:27.0848 3392 aswRdr - ok
09:50:28.0317 3392 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
09:50:28.0317 3392 aswSnx - ok
09:50:29.0067 3392 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
09:50:29.0067 3392 aswSP - ok
09:50:29.0504 3392 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
09:50:29.0504 3392 aswTdi - ok
09:50:29.0833 3392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:50:29.0833 3392 AsyncMac - ok
09:50:30.0348 3392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:50:30.0348 3392 atapi - ok
09:50:30.0598 3392 Atdisk - ok
09:50:30.0926 3392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:50:30.0926 3392 Atmarpc - ok
09:50:31.0411 3392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:50:31.0411 3392 audstub - ok
09:50:31.0801 3392 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:50:31.0833 3392 b57w2k - ok
09:50:32.0161 3392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:50:32.0161 3392 Beep - ok
09:50:32.0614 3392 BlackBox - ok
09:50:32.0942 3392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:50:32.0942 3392 cbidf2k - ok
09:50:33.0364 3392 cd20xrnt - ok
09:50:33.0661 3392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:50:33.0676 3392 Cdaudio - ok
09:50:34.0067 3392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:50:34.0083 3392 Cdfs - ok
09:50:34.0598 3392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:50:34.0614 3392 Cdrom - ok
09:50:34.0879 3392 cerc6 - ok
09:50:35.0129 3392 Changer - ok
09:50:35.0614 3392 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:50:35.0614 3392 CmBatt - ok
09:50:35.0864 3392 CmdIde - ok
09:50:36.0161 3392 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:50:36.0161 3392 Compbatt - ok
09:50:36.0426 3392 Cpqarray - ok
09:50:36.0848 3392 dac2w2k - ok
09:50:37.0114 3392 dac960nt - ok
09:50:37.0395 3392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:50:37.0411 3392 Disk - ok
09:50:38.0208 3392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:50:38.0536 3392 dmboot - ok
09:50:39.0083 3392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:50:39.0129 3392 dmio - ok
09:50:39.0395 3392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:50:39.0395 3392 dmload - ok
09:50:39.0739 3392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:50:39.0739 3392 DMusic - ok
09:50:40.0176 3392 dpti2o - ok
09:50:40.0489 3392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:50:40.0489 3392 drmkaud - ok
09:50:40.0895 3392 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:50:40.0895 3392 drvmcdb - ok
09:50:41.0348 3392 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
09:50:41.0364 3392 drvnddm - ok
09:50:41.0739 3392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:50:41.0786 3392 Fastfat - ok
09:50:42.0083 3392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:50:42.0083 3392 Fdc - ok
09:50:42.0692 3392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:50:42.0692 3392 Fips - ok
09:50:42.0958 3392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:50:42.0973 3392 Flpydisk - ok
09:50:43.0723 3392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:50:43.0754 3392 FltMgr - ok
09:50:44.0083 3392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:50:44.0083 3392 Fs_Rec - ok
09:50:44.0583 3392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:50:44.0614 3392 Ftdisk - ok
09:50:44.0911 3392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:50:44.0989 3392 Gpc - ok
09:50:45.0520 3392 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
09:50:45.0536 3392 GTIPCI21 - ok
09:50:45.0879 3392 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:50:45.0879 3392 HidUsb - ok
09:50:46.0145 3392 hpn - ok
09:50:46.0692 3392 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
09:50:46.0754 3392 HSFHWICH - ok
09:50:47.0645 3392 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:50:48.0114 3392 HSF_DP - ok
09:50:48.0926 3392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:50:49.0051 3392 HTTP - ok
09:50:49.0301 3392 i2omgmt - ok
09:50:49.0567 3392 i2omp - ok
09:50:50.0083 3392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:50:50.0114 3392 i8042prt - ok
09:50:51.0036 3392 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:50:51.0411 3392 ialm - ok
09:50:51.0833 3392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:50:51.0864 3392 Imapi - ok
09:50:52.0286 3392 ini910u - ok
09:50:52.0583 3392 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:50:52.0583 3392 IntelIde - ok
09:50:52.0911 3392 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:50:52.0958 3392 intelppm - ok
09:50:53.0442 3392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:50:53.0458 3392 Ip6Fw - ok
09:50:53.0754 3392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:50:53.0770 3392 IpFilterDriver - ok
09:50:54.0051 3392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:50:54.0067 3392 IpInIp - ok
09:50:54.0598 3392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:50:54.0661 3392 IpNat - ok
09:50:54.0958 3392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:50:55.0004 3392 IPSec - ok
09:50:55.0379 3392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:50:55.0395 3392 IRENUM - ok
09:50:55.0895 3392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:50:55.0926 3392 isapnp - ok
09:50:56.0364 3392 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
09:50:56.0364 3392 IWCA - ok
09:50:56.0973 3392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:50:56.0989 3392 Kbdclass - ok
09:50:57.0364 3392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:50:57.0442 3392 kmixer - ok
09:50:57.0942 3392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:50:57.0989 3392 KSecDD - ok
09:50:58.0254 3392 lbrtfdc - ok
09:50:58.0598 3392 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:50:58.0614 3392 mdmxsdk - ok
09:50:59.0176 3392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:50:59.0176 3392 mnmdd - ok
09:50:59.0489 3392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:50:59.0504 3392 Modem - ok
09:50:59.0801 3392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:50:59.0817 3392 Mouclass - ok
09:51:00.0333 3392 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:51:00.0411 3392 mouhid - ok
09:51:00.0754 3392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:51:00.0786 3392 MountMgr - ok
09:51:01.0036 3392 mraid35x - ok
09:51:01.0536 3392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:51:01.0629 3392 MRxDAV - ok
09:51:02.0301 3392 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:51:02.0676 3392 MRxSmb - ok
09:51:03.0004 3392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:51:03.0020 3392 Msfs - ok
09:51:03.0317 3392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:51:03.0317 3392 MSKSSRV - ok
09:51:03.0754 3392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:51:03.0770 3392 MSPCLOCK - ok
09:51:04.0036 3392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:51:04.0051 3392 MSPQM - ok
09:51:04.0333 3392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:51:04.0348 3392 mssmbios - ok
09:51:04.0848 3392 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:51:04.0911 3392 Mup - ok
09:51:05.0317 3392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:51:05.0395 3392 NDIS - ok
09:51:05.0864 3392 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:51:05.0879 3392 NdisTapi - ok
09:51:06.0176 3392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:51:06.0223 3392 Ndisuio - ok
09:51:06.0598 3392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:51:06.0645 3392 NdisWan - ok
09:51:07.0129 3392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:51:07.0176 3392 NDProxy - ok
09:51:07.0458 3392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:51:07.0473 3392 NetBIOS - ok
09:51:07.0833 3392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:51:07.0895 3392 NetBT - ok
09:51:08.0379 3392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:51:08.0395 3392 Npfs - ok
09:51:08.0942 3392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:51:09.0411 3392 Ntfs - ok
09:51:09.0817 3392 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
09:51:09.0833 3392 NuidFltr - ok
09:51:10.0129 3392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:51:10.0145 3392 Null - ok
09:51:10.0629 3392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:51:10.0645 3392 NwlnkFlt - ok
09:51:10.0942 3392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:51:10.0973 3392 NwlnkFwd - ok
09:51:11.0286 3392 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
09:51:11.0286 3392 OMCI - ok
09:51:11.0801 3392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:51:11.0879 3392 Parport - ok
09:51:12.0161 3392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:51:12.0176 3392 PartMgr - ok
09:51:12.0458 3392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:51:12.0473 3392 ParVdm - ok
09:51:12.0942 3392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:51:12.0973 3392 PCI - ok
09:51:13.0239 3392 PCIDump - ok
09:51:13.0504 3392 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:51:13.0504 3392 PCIIde - ok
09:51:14.0004 3392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:51:14.0067 3392 Pcmcia - ok
09:51:14.0333 3392 PDCOMP - ok
09:51:14.0583 3392 PDFRAME - ok
09:51:14.0833 3392 PDRELI - ok
09:51:15.0270 3392 PDRFRAME - ok
09:51:15.0520 3392 perc2 - ok
09:51:15.0786 3392 perc2hib - ok
09:51:16.0270 3392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:51:16.0301 3392 PptpMiniport - ok
09:51:16.0598 3392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:51:16.0645 3392 PSched - ok
09:51:16.0911 3392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:51:16.0926 3392 Ptilink - ok
09:51:17.0395 3392 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:51:17.0411 3392 PxHelp20 - ok
09:51:17.0661 3392 ql1080 - ok
09:51:17.0926 3392 Ql10wnt - ok
09:51:18.0176 3392 ql12160 - ok
09:51:18.0598 3392 ql1240 - ok
09:51:18.0864 3392 ql1280 - ok
09:51:19.0161 3392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:51:19.0161 3392 RasAcd - ok
09:51:19.0692 3392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:51:19.0723 3392 Rasl2tp - ok
09:51:20.0051 3392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:51:20.0083 3392 RasPppoe - ok
09:51:20.0379 3392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:51:20.0379 3392 Raspti - ok
09:51:20.0926 3392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:51:21.0020 3392 Rdbss - ok
09:51:21.0301 3392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:51:21.0301 3392 RDPCDD - ok
09:51:21.0833 3392 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:51:21.0926 3392 rdpdr - ok
09:51:22.0333 3392 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:51:22.0395 3392 RDPWD - ok
09:51:22.0676 3392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:51:22.0723 3392 redbook - ok
09:51:23.0223 3392 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:51:23.0286 3392 s24trans - ok
09:51:23.0583 3392 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:51:23.0583 3392 SASDIFSV - ok
09:51:23.0661 3392 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:51:23.0661 3392 SASKUTIL - ok
09:51:24.0192 3392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:51:24.0208 3392 Secdrv - ok
09:51:24.0567 3392 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:51:24.0614 3392 serenum - ok
09:51:24.0942 3392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:51:25.0145 3392 Serial - ok
09:51:25.0504 3392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:51:25.0504 3392 Sfloppy - ok
09:51:25.0786 3392 Simbad - ok
09:51:26.0051 3392 Sparrow - ok
09:51:26.0520 3392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:51:26.0567 3392 splitter - ok
09:51:26.0911 3392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:51:26.0942 3392 sr - ok
09:51:27.0692 3392 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:51:27.0864 3392 Srv - ok
09:51:28.0145 3392 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:51:28.0145 3392 sscdbhk5 - ok
09:51:28.0629 3392 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
09:51:28.0645 3392 ssrtln - ok
09:51:29.0098 3392 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
09:51:29.0239 3392 STAC97 - ok
09:51:29.0692 3392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:51:29.0708 3392 swenum - ok
09:51:30.0004 3392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:51:30.0036 3392 swmidi - ok
09:51:30.0301 3392 symc810 - ok
09:51:30.0551 3392 symc8xx - ok
09:51:30.0989 3392 sym_hi - ok
09:51:31.0239 3392 sym_u3 - ok
09:51:31.0551 3392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:51:31.0598 3392 sysaudio - ok
09:51:32.0270 3392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:51:32.0442 3392 Tcpip - ok
09:51:33.0129 3392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:51:33.0145 3392 TDPIPE - ok
09:51:33.0411 3392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:51:33.0458 3392 TDTCP - ok
09:51:33.0864 3392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:51:33.0895 3392 TermDD - ok
09:51:34.0364 3392 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
09:51:34.0379 3392 tfsnboio - ok
09:51:34.0645 3392 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
09:51:34.0661 3392 tfsncofs - ok
09:51:34.0911 3392 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
09:51:34.0911 3392 tfsndrct - ok
09:51:35.0364 3392 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
09:51:35.0379 3392 tfsndres - ok
09:51:35.0739 3392 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
09:51:35.0786 3392 tfsnifs - ok
09:51:36.0036 3392 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
09:51:36.0051 3392 tfsnopio - ok
09:51:36.0458 3392 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
09:51:36.0473 3392 tfsnpool - ok
09:51:36.0770 3392 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
09:51:36.0817 3392 tfsnudf - ok
09:51:37.0098 3392 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:51:37.0145 3392 tfsnudfa - ok
09:51:37.0411 3392 TosIde - ok
09:51:37.0911 3392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:51:37.0958 3392 Udfs - ok
09:51:38.0208 3392 UIUSys - ok
09:51:38.0458 3392 ultra - ok
09:51:39.0145 3392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:51:39.0333 3392 Update - ok
09:51:39.0676 3392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:51:39.0692 3392 usbccgp - ok
09:51:40.0192 3392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:51:40.0208 3392 usbehci - ok
09:51:40.0629 3392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:51:40.0661 3392 usbhub - ok
09:51:41.0161 3392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:51:41.0208 3392 USBSTOR - ok
09:51:41.0504 3392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:51:41.0536 3392 usbuhci - ok
09:51:41.0848 3392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:51:41.0864 3392 VgaSave - ok
09:51:42.0286 3392 ViaIde - ok
09:51:42.0614 3392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:51:42.0645 3392 VolSnap - ok
09:51:44.0926 3392 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
09:51:46.0708 3392 w29n51 - ok
09:51:47.0192 3392 wacmoumonitor (8724531219ae3f9e3729012b61dce527) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
09:51:47.0192 3392 wacmoumonitor - ok
09:51:47.0551 3392 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
09:51:47.0551 3392 wacommousefilter - ok
09:51:48.0036 3392 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
09:51:48.0036 3392 wacomvhid - ok
09:51:48.0364 3392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:51:48.0379 3392 Wanarp - ok
09:51:49.0411 3392 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:51:49.0645 3392 Wdf01000 - ok
09:51:50.0083 3392 WDICA - ok
09:51:50.0442 3392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:51:50.0489 3392 wdmaud - ok
09:51:51.0239 3392 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:51:51.0536 3392 winachsf - ok
09:51:51.0942 3392 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:51:51.0958 3392 WpdUsb - ok
09:51:52.0676 3392 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:51:52.0723 3392 WudfPf - ok
09:51:53.0051 3392 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:51:53.0286 3392 WudfRd - ok
09:51:53.0364 3392 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:51:54.0333 3392 \Device\Harddisk0\DR0 - ok
09:51:54.0348 3392 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
09:51:56.0286 3392 \Device\Harddisk1\DR2 - ok
09:51:56.0348 3392 Boot (0x1200) (ebbf3a731dc906a1ad702f9988102163) \Device\Harddisk0\DR0\Partition0
09:51:56.0536 3392 \Device\Harddisk0\DR0\Partition0 - ok
09:51:56.0551 3392 Boot (0x1200) (5704a54fb914d427349b14ae7dcbbf17) \Device\Harddisk1\DR2\Partition0
09:51:56.0551 3392 \Device\Harddisk1\DR2\Partition0 - ok
09:51:56.0551 3392 ============================================================
09:51:56.0551 3392 Scan finished
09:51:56.0551 3392 ============================================================
09:51:56.0583 1752 Detected object count: 0
09:51:56.0583 1752 Actual detected object count: 0
09:52:55.0504 0184 Deinitialize success

Mini Toolbox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Morgan (administrator) on 05-02-2012 at 09:55:47
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : fdfxgfgf-84d294

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-13-CE-2E-29-8D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.94.156.1

68.94.157.1

Lease Obtained. . . . . . . . . . : Sunday, February 05, 2012 9:42:44 AM

Lease Expires . . . . . . . . . . : Monday, February 06, 2012 9:42:44 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-12-3F-FA-3B-7C

Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: google.com
Addresses: 74.125.225.112, 74.125.225.113, 74.125.225.114, 74.125.225.115
74.125.225.116



Pinging google.com [74.125.225.19] with 32 bytes of data:



Reply from 74.125.225.19: bytes=32 time=17ms TTL=55

Reply from 74.125.225.19: bytes=32 time=17ms TTL=55



Ping statistics for 74.125.225.19:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 17ms, Average = 17ms

Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=95ms TTL=45

Reply from 98.139.180.149: bytes=32 time=346ms TTL=47



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 95ms, Maximum = 346ms, Average = 220ms

Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 ce 2e 29 8d ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
0x3 ...00 12 3f fa 3b 7c ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.105 192.168.1.105 25
192.168.1.105 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.105 192.168.1.105 25
224.0.0.0 240.0.0.0 192.168.1.105 192.168.1.105 25
255.255.255.255 255.255.255.255 192.168.1.105 3 1
255.255.255.255 255.255.255.255 192.168.1.105 192.168.1.105 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/02/2012 04:03:58 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.2.45, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/02/2012 11:30:46 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/02/2012 11:30:34 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/31/2012 02:48:14 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/31/2012 11:30:10 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/27/2012 03:04:20 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/27/2012 03:04:20 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/27/2012 03:04:18 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/27/2012 03:02:58 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/20/2012 09:31:10 AM) (Source: JavaQuickStarterService) (User: )
Description: System exception 0xc0000006 at 0x7c36554f


System errors:
=============
Error: (02/05/2012 09:00:24 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/04/2012 00:18:54 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/03/2012 11:31:33 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/30/2012 01:17:03 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WTouchService service.

Error: (01/30/2012 01:16:36 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/30/2012 07:24:51 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/29/2012 04:37:58 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.106 for the Network Card with network address 0013CE2E298D has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/29/2012 09:26:15 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (01/29/2012 09:26:15 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (01/29/2012 09:26:08 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (02/02/2012 04:03:58 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe10.1.2.45hungapp0.0.0.000000000

Error: (02/02/2012 11:30:46 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/02/2012 11:30:34 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/31/2012 02:48:14 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.1917000067978

Error: (01/31/2012 11:30:10 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/27/2012 03:04:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/27/2012 03:04:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/27/2012 03:04:18 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/27/2012 03:02:58 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.1917000067978

Error: (01/20/2012 09:31:10 AM) (Source: JavaQuickStarterService)(User: )
Description: System exception 0xc0000006 at 0x7c36554f


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AIM 7
avast! Free Antivirus (Version: 6.0.1367.0)
ペイントツールSAI Ver.1
Bamboo
Broadcom Gigabit Integrated Controller (Version: 7.53.02)
C-Major Audio (Version: 42xx)
CCleaner (Version: 3.15)
Conexant D110 MDC V.9x Modem
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell ResourceCD
Download Updater (AOL LLC)
Foxit Reader (Version: 4.3.1.323)
Gimp 2.6.2 Debug
Google Chrome (Version: 16.0.912.77)
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software (Version: 9.00.0000)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
mCore (Version: 1.19.0000)
mDriver (Version: 1.19.0000)
mDrWiFi (Version: 1.19.0000)
mHlpDell (Version: 1.19.0000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIWA (Version: 1.19.0000)
mIWCA (Version: 1.19.0000)
mLogView (Version: 1.19.0000)
mMHouse (Version: 1.19.0000)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
mPfMgr (Version: 1.19.0000)
mPfWiz (Version: 1.19.0000)
mProSafe (Version: 9.00.0000)
mSSO (Version: 1.19.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mToolkit (Version: 1.19.0000)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 1.19.0000)
mZConfig (Version: 1.19.0000)
Octoshape Streaming Services
Paint.NET v3.5.8 (Version: 3.58.0)
PESTERCHUM
PowerDVD 5.1
Sonic DLA (Version: 4.95)
Sonic RecordNow! Plus (Version: 7.3)
Sonic Update Manager (Version: 2.9)
SUPERAntiSpyware (Version: 5.0.1142)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.01.0001)
TI_Inst (Version: 1.01.0001)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! BrowserPlus 2.9.8

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 1015.36 MB
Available physical RAM: 618.45 MB
Total Pagefile: 2443.53 MB
Available Pagefile: 2038.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.8 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.53 GB) (Free:50.1 GB) NTFS
4 Drive e: (SecureGuard) (Removable) (Total:0.47 GB) (Free:0.26 GB) FAT

========================= Users: ========================================

User accounts for \\FDFXGFGF-84D294

Administrator Guest HelpAssistant
Morgan SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:41 PM

Posted 05 February 2012 - 01:00 PM

Hello again,
Not sure what you mean by redirecting.
when you open a page in a breowser it jumps to a different page not at all what you were after.

I did run virus scans on all of the computers and only one showed hijacker:tubby.
Was that on this PC?


Do you kknow what this is under Installed Programs ペイントツールSAI Ver.1

Change your Email password.

Run this and let me know how it's doing.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 nickvlad

nickvlad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 05 February 2012 - 03:53 PM

No, it does not redirect. Only appears to be sending out emails.

That program name is for a japanese art program. The odd text is a bad Windows translation.

Eset text file:

C:\Documents and Settings\Morgan\Local Settings\Temp\ICReinstall\ImageViewerSetup.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined
C:\Documents and Settings\Morgan\Local Settings\Temp\is887590510\zgInstaller.exe Win32/Toolbar.Zugo application deleted - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:41 PM

Posted 06 February 2012 - 05:11 PM

Ok ,cool on the App as it looked wierd.. Looks good here now.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smrg蚶bord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 nickvlad

nickvlad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 06 February 2012 - 05:19 PM

Created a new restore point. Hopefully, it's fully removed.

Thanks for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users