Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart Fortress 2012 Infection


  • Please log in to reply
11 replies to this topic

#1 Brinleigh217

Brinleigh217

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 11 April 2012 - 07:41 PM

My laptop is infected with Smart Fortress 2012. I followed Bleeping's Remove Smart Fortress Uninstall Guide, and restarted after MBAM step. Got on the internet, and it redirected me to an Ad website. I need help to take further steps to remove this rogue antivirus. Any help is appreciated!
I am running Win XP.
Thanks,
Leigh

Edited by Brinleigh217, 11 April 2012 - 07:43 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:28 AM

Posted 11 April 2012 - 08:04 PM

Hello,, may I see the MBAM log
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>>

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Brinleigh217

Brinleigh217
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 11 April 2012 - 11:36 PM

Thank you for helping me!

TDSSKiller Log:

20:26:29.0863 1228 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:26:30.0425 1228 ============================================================
20:26:30.0425 1228 Current date / time: 2012/04/11 20:26:30.0425
20:26:30.0425 1228 SystemInfo:
20:26:30.0425 1228
20:26:30.0425 1228 OS Version: 5.1.2600 ServicePack: 3.0
20:26:30.0425 1228 Product type: Workstation
20:26:30.0425 1228 ComputerName: EECMOBIL1
20:26:30.0425 1228 UserName: bcrider
20:26:30.0425 1228 Windows directory: C:\WINDOWS
20:26:30.0425 1228 System windows directory: C:\WINDOWS
20:26:30.0425 1228 Processor architecture: Intel x86
20:26:30.0425 1228 Number of processors: 2
20:26:30.0425 1228 Page size: 0x1000
20:26:30.0425 1228 Boot type: Normal boot
20:26:30.0425 1228 ============================================================
20:26:34.0691 1228 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:26:34.0691 1228 Drive \Device\Harddisk1\DR4 - Size: 0x3C500000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:26:34.0691 1228 \Device\Harddisk0\DR0:
20:26:34.0691 1228 MBR used
20:26:34.0691 1228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
20:26:34.0691 1228 \Device\Harddisk1\DR4:
20:26:34.0691 1228 MBR used
20:26:34.0691 1228 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E27E0
20:26:34.0691 1228 Initialize success
20:26:34.0691 1228 ============================================================
20:26:50.0473 0696 ============================================================
20:26:50.0473 0696 Scan started
20:26:50.0473 0696 Mode: Manual; TDLFS;
20:26:50.0473 0696 ============================================================
20:26:51.0566 0696 Abiosdsk - ok
20:26:51.0582 0696 abp480n5 - ok
20:26:51.0645 0696 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:26:51.0660 0696 ACPI - ok
20:26:51.0691 0696 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:26:51.0691 0696 ACPIEC - ok
20:26:51.0707 0696 adpu160m - ok
20:26:51.0754 0696 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:26:51.0754 0696 aec - ok
20:26:51.0816 0696 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:26:51.0816 0696 AFD - ok
20:26:51.0832 0696 agp440 - ok
20:26:51.0848 0696 Aha154x - ok
20:26:51.0863 0696 aic78u2 - ok
20:26:51.0895 0696 aic78xx - ok
20:26:51.0957 0696 aksfridge (fb054e270d825a0ef262041577d6afd2) C:\WINDOWS\system32\DRIVERS\aksfridge.sys
20:26:51.0973 0696 aksfridge - ok
20:26:52.0066 0696 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys
20:26:52.0082 0696 akshasp - ok
20:26:52.0113 0696 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\WINDOWS\system32\DRIVERS\akshhl.sys
20:26:52.0129 0696 akshhl - ok
20:26:52.0145 0696 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\WINDOWS\system32\DRIVERS\aksusb.sys
20:26:52.0145 0696 aksusb - ok
20:26:52.0176 0696 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:26:52.0176 0696 Alerter - ok
20:26:52.0207 0696 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:26:52.0207 0696 ALG - ok
20:26:52.0254 0696 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:26:52.0254 0696 AliIde - ok
20:26:52.0316 0696 AmFSM (6a99ab54701e6c3959bda27ecbbb6c66) C:\WINDOWS\system32\DRIVERS\amm8651.sys
20:26:52.0316 0696 AmFSM - ok
20:26:52.0332 0696 amsint - ok
20:26:52.0379 0696 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:26:52.0395 0696 AppMgmt - ok
20:26:52.0441 0696 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:26:52.0441 0696 Arp1394 - ok
20:26:52.0457 0696 asc - ok
20:26:52.0473 0696 asc3350p - ok
20:26:52.0488 0696 asc3550 - ok
20:26:52.0613 0696 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:26:52.0660 0696 aspnet_state - ok
20:26:52.0738 0696 Asset Management Daemon (bea048b34091838bf719fafce0fb3520) C:\Program Files\Portrait Displays\HP Display Assistant\dtsslsrv.exe
20:26:52.0738 0696 Asset Management Daemon - ok
20:26:52.0910 0696 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:26:52.0926 0696 AsyncMac - ok
20:26:52.0973 0696 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:26:52.0973 0696 atapi - ok
20:26:52.0988 0696 Atdisk - ok
20:26:53.0051 0696 Ati HotKey Poller (d01bd16acab7d7744f8c397eaebb8798) C:\WINDOWS\system32\Ati2evxx.exe
20:26:53.0066 0696 Ati HotKey Poller - ok
20:26:53.0129 0696 ati2mtag (aae41c74db4dd34e8e97cb3a7a92c0b6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:26:53.0160 0696 ati2mtag - ok
20:26:53.0207 0696 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:26:53.0207 0696 Atmarpc - ok
20:26:53.0270 0696 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:26:53.0270 0696 AudioSrv - ok
20:26:53.0316 0696 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:26:53.0332 0696 audstub - ok
20:26:53.0426 0696 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
20:26:53.0426 0696 Autodesk Content Service - ok
20:26:53.0520 0696 Autodesk Licensing Service (df687ee356b7f80a6442ae4d2c3ee3b4) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
20:26:53.0520 0696 Autodesk Licensing Service - ok
20:26:53.0582 0696 Autodesk Network Licensing Service (01c2c507fe03745aa2487e35fb6b1fdb) C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
20:26:53.0613 0696 Autodesk Network Licensing Service - ok
20:26:53.0801 0696 BCM43XX (185a6dc6d655dc31c0b228cc94fb99ac) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:26:53.0816 0696 BCM43XX - ok
20:26:53.0895 0696 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:26:53.0895 0696 Beep - ok
20:26:54.0004 0696 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:26:54.0035 0696 BITS - ok
20:26:54.0082 0696 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:26:54.0082 0696 Browser - ok
20:26:54.0160 0696 BTWUSB (2d0fc1415956e84cbb06b2542f3bda41) C:\WINDOWS\system32\Drivers\btwusb.sys
20:26:54.0176 0696 BTWUSB - ok
20:26:54.0270 0696 CAMCAUD (df813edff93fde099e95f1b48a665d0c) C:\WINDOWS\system32\drivers\camcaud.sys
20:26:54.0270 0696 CAMCAUD - ok
20:26:54.0348 0696 CAMCHALA (cb9eda5216b6218e0a377813a767bf7e) C:\WINDOWS\system32\drivers\camchal.sys
20:26:54.0348 0696 CAMCHALA - ok
20:26:54.0395 0696 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:26:54.0395 0696 cbidf2k - ok
20:26:54.0410 0696 cd20xrnt - ok
20:26:54.0457 0696 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:26:54.0457 0696 Cdaudio - ok
20:26:54.0504 0696 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:26:54.0504 0696 Cdfs - ok
20:26:54.0535 0696 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:26:54.0535 0696 Cdrom - ok
20:26:54.0551 0696 Changer - ok
20:26:54.0598 0696 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:26:54.0598 0696 CiSvc - ok
20:26:54.0613 0696 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:26:54.0629 0696 ClipSrv - ok
20:26:54.0754 0696 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:54.0879 0696 clr_optimization_v2.0.50727_32 - ok
20:26:55.0004 0696 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:55.0160 0696 clr_optimization_v4.0.30319_32 - ok
20:26:55.0285 0696 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:26:55.0285 0696 CmBatt - ok
20:26:55.0316 0696 CmdIde - ok
20:26:55.0348 0696 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:26:55.0348 0696 Compbatt - ok
20:26:55.0363 0696 COMSysApp - ok
20:26:55.0426 0696 Cpqarray - ok
20:26:55.0582 0696 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:26:55.0582 0696 CryptSvc - ok
20:26:55.0645 0696 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:26:55.0645 0696 CVirtA - ok
20:26:55.0816 0696 CVPND (08d8fa119f2ad6ac0377fb667523482e) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
20:26:55.0816 0696 CVPND - ok
20:26:55.0879 0696 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
20:26:55.0910 0696 CVPNDRVA - ok
20:26:55.0926 0696 dac2w2k - ok
20:26:55.0941 0696 dac960nt - ok
20:26:55.0957 0696 DAmirr - ok
20:26:56.0020 0696 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:26:56.0035 0696 DcomLaunch - ok
20:26:56.0082 0696 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:26:56.0082 0696 Dhcp - ok
20:26:56.0113 0696 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:26:56.0113 0696 Disk - ok
20:26:56.0129 0696 dmadmin - ok
20:26:56.0207 0696 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:26:56.0223 0696 dmboot - ok
20:26:56.0254 0696 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:26:56.0254 0696 dmio - ok
20:26:56.0317 0696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:26:56.0317 0696 dmload - ok
20:26:56.0363 0696 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:26:56.0363 0696 dmserver - ok
20:26:56.0426 0696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:26:56.0426 0696 DMusic - ok
20:26:56.0473 0696 DNE (7efbafdec4f543d43296bdbdf912bdd4) C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:26:56.0520 0696 DNE - ok
20:26:56.0567 0696 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:26:56.0567 0696 Dnscache - ok
20:26:56.0613 0696 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:26:56.0613 0696 Dot3svc - ok
20:26:56.0676 0696 dpti2o - ok
20:26:56.0723 0696 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:26:56.0723 0696 drmkaud - ok
20:26:56.0785 0696 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:26:56.0801 0696 drvmcdb - ok
20:26:56.0973 0696 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
20:26:57.0379 0696 drvnddm - ok
20:26:57.0473 0696 DTSRVC (0f6581e283bf289a5040023fc6440473) C:\Program Files\Portrait Displays\HP Display Assistant\DTSRVC.exe
20:26:57.0473 0696 DTSRVC - ok
20:26:57.0535 0696 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
20:26:57.0551 0696 eabfiltr - ok
20:26:57.0582 0696 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
20:26:57.0582 0696 eabusb - ok
20:26:57.0629 0696 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:26:57.0629 0696 EapHost - ok
20:26:57.0676 0696 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:26:57.0676 0696 ERSvc - ok
20:26:57.0738 0696 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:26:57.0738 0696 Eventlog - ok
20:26:57.0801 0696 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:26:57.0801 0696 EventSystem - ok
20:26:57.0895 0696 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:26:57.0895 0696 Fastfat - ok
20:26:57.0942 0696 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:26:57.0957 0696 FastUserSwitchingCompatibility - ok
20:26:57.0973 0696 FBIKB_NT - ok
20:26:57.0988 0696 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:26:58.0004 0696 Fdc - ok
20:26:58.0020 0696 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:26:58.0020 0696 Fips - ok
20:26:58.0129 0696 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:26:58.0192 0696 FLEXnet Licensing Service - ok
20:26:58.0301 0696 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:26:58.0317 0696 Flpydisk - ok
20:26:58.0379 0696 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:26:58.0379 0696 FltMgr - ok
20:26:58.0504 0696 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:26:58.0504 0696 FontCache3.0.0.0 - ok
20:26:58.0582 0696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:26:58.0582 0696 Fs_Rec - ok
20:26:58.0645 0696 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:26:58.0645 0696 Ftdisk - ok
20:26:58.0692 0696 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:26:58.0692 0696 Gpc - ok
20:26:58.0801 0696 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys
20:26:58.0817 0696 hardlock - ok
20:26:58.0832 0696 hasplms - ok
20:26:58.0895 0696 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
20:26:58.0926 0696 Haspnt - ok
20:26:59.0020 0696 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:26:59.0020 0696 helpsvc - ok
20:26:59.0082 0696 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:26:59.0082 0696 HidServ - ok
20:26:59.0145 0696 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:26:59.0145 0696 HidUsb - ok
20:26:59.0192 0696 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:26:59.0192 0696 hkmsvc - ok
20:26:59.0207 0696 hpn - ok
20:26:59.0317 0696 hpqwmi (e7e0cf2e13994dab2ce10dfef25bf610) C:\Program Files\HPQ\SHARED\HPQWMI.exe
20:26:59.0332 0696 hpqwmi - ok
20:26:59.0395 0696 HSFHWICH (fac3b0a7ec158c4582d23eda4c5a56e9) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:26:59.0395 0696 HSFHWICH - ok
20:26:59.0457 0696 HSF_DP (e5add2afecbf514f5cca730edfdfb49e) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:26:59.0504 0696 HSF_DP - ok
20:26:59.0567 0696 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:26:59.0582 0696 HTTP - ok
20:26:59.0645 0696 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:26:59.0645 0696 HTTPFilter - ok
20:26:59.0660 0696 i2omgmt - ok
20:26:59.0676 0696 i2omp - ok
20:26:59.0723 0696 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:26:59.0723 0696 i8042prt - ok
20:26:59.0832 0696 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:26:59.0879 0696 IDriverT - ok
20:27:00.0051 0696 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:27:00.0113 0696 idsvc - ok
20:27:00.0254 0696 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
20:27:00.0254 0696 IISADMIN - ok
20:27:00.0332 0696 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:27:00.0332 0696 Imapi - ok
20:27:00.0410 0696 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:27:00.0410 0696 ImapiService - ok
20:27:00.0442 0696 ini910u - ok
20:27:00.0473 0696 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:27:00.0473 0696 IntelIde - ok
20:27:00.0535 0696 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:27:00.0535 0696 intelppm - ok
20:27:00.0582 0696 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:27:00.0598 0696 Ip6Fw - ok
20:27:00.0676 0696 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:27:00.0676 0696 IpFilterDriver - ok
20:27:00.0707 0696 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:27:00.0707 0696 IpInIp - ok
20:27:00.0738 0696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:27:00.0754 0696 IpNat - ok
20:27:00.0770 0696 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:27:00.0785 0696 IPSec - ok
20:27:00.0801 0696 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:27:00.0801 0696 IRENUM - ok
20:27:00.0832 0696 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:27:00.0848 0696 isapnp - ok
20:27:00.0989 0696 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
20:27:01.0004 0696 JavaQuickStarterService - ok
20:27:01.0160 0696 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:27:01.0160 0696 Kbdclass - ok
20:27:01.0207 0696 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:27:01.0207 0696 kbdhid - ok
20:27:01.0270 0696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:27:01.0270 0696 kmixer - ok
20:27:01.0332 0696 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:27:01.0348 0696 KSecDD - ok
20:27:01.0426 0696 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:27:01.0426 0696 lanmanserver - ok
20:27:01.0504 0696 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:27:01.0504 0696 lanmanworkstation - ok
20:27:01.0535 0696 LBeepKE (5644acfa1b281ce2212353552147d1a0) C:\WINDOWS\system32\Drivers\LBeepKE.sys
20:27:01.0535 0696 LBeepKE - ok
20:27:01.0551 0696 lbrtfdc - ok
20:27:01.0739 0696 LBTServ (9582504591a9f405f7505fefb4f64123) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:27:01.0739 0696 LBTServ - ok
20:27:01.0801 0696 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:27:01.0848 0696 LHidFilt - ok
20:27:01.0895 0696 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:27:01.0895 0696 LmHosts - ok
20:27:01.0973 0696 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:27:01.0989 0696 LMouFilt - ok
20:27:02.0051 0696 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:27:02.0051 0696 mdmxsdk - ok
20:27:02.0067 0696 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:27:02.0082 0696 Messenger - ok
20:27:02.0457 0696 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:27:02.0457 0696 mnmdd - ok
20:27:02.0504 0696 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:27:02.0504 0696 mnmsrvc - ok
20:27:02.0535 0696 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:27:02.0535 0696 Modem - ok
20:27:02.0567 0696 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:27:02.0567 0696 Mouclass - ok
20:27:02.0598 0696 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:27:02.0598 0696 mouhid - ok
20:27:02.0629 0696 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:27:02.0629 0696 MountMgr - ok
20:27:02.0645 0696 mraid35x - ok
20:27:02.0723 0696 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:27:02.0801 0696 MRxDAV - ok
20:27:02.0879 0696 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:27:02.0895 0696 MRxSmb - ok
20:27:02.0942 0696 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:27:02.0942 0696 MSDTC - ok
20:27:02.0973 0696 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:27:02.0989 0696 Msfs - ok
20:27:03.0004 0696 MSIServer - ok
20:27:03.0035 0696 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:27:03.0035 0696 MSKSSRV - ok
20:27:03.0051 0696 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:27:03.0051 0696 MSPCLOCK - ok
20:27:03.0082 0696 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:27:03.0082 0696 MSPQM - ok
20:27:03.0098 0696 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:27:03.0098 0696 mssmbios - ok
20:27:03.0160 0696 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:27:03.0176 0696 Mup - ok
20:27:03.0239 0696 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:27:03.0239 0696 napagent - ok
20:27:03.0301 0696 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:27:03.0301 0696 NDIS - ok
20:27:03.0348 0696 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:27:03.0348 0696 NdisTapi - ok
20:27:03.0379 0696 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:27:03.0379 0696 Ndisuio - ok
20:27:03.0410 0696 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:27:03.0410 0696 NdisWan - ok
20:27:03.0473 0696 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:27:03.0473 0696 NDProxy - ok
20:27:03.0535 0696 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
20:27:03.0535 0696 Net Driver HPZ12 - ok
20:27:03.0582 0696 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:27:03.0582 0696 NetBIOS - ok
20:27:03.0614 0696 NetBT (ad2103aa98f7a62ffbddb6ef62f64318) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:27:03.0645 0696 NetBT ( Virus.Win32.ZAccess.k ) - infected
20:27:03.0645 0696 NetBT - detected Virus.Win32.ZAccess.k (0)
20:27:03.0692 0696 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:27:03.0692 0696 NetDDE - ok
20:27:03.0707 0696 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:27:03.0707 0696 NetDDEdsdm - ok
20:27:03.0754 0696 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:27:03.0754 0696 Netlogon - ok
20:27:03.0785 0696 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:27:03.0785 0696 Netman - ok
20:27:03.0879 0696 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:27:03.0895 0696 NetTcpPortSharing - ok
20:27:04.0004 0696 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:27:04.0004 0696 NIC1394 - ok
20:27:04.0082 0696 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:27:04.0082 0696 Nla - ok
20:27:04.0114 0696 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:27:04.0114 0696 Npfs - ok
20:27:04.0285 0696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:27:04.0301 0696 Ntfs - ok
20:27:04.0395 0696 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:27:04.0395 0696 NtLmSsp - ok
20:27:04.0473 0696 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:27:04.0489 0696 NtmsSvc - ok
20:27:04.0551 0696 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:27:04.0567 0696 Null - ok
20:27:04.0629 0696 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:27:04.0629 0696 NwlnkFlt - ok
20:27:04.0676 0696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:27:04.0676 0696 NwlnkFwd - ok
20:27:04.0754 0696 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:27:04.0754 0696 ohci1394 - ok
20:27:04.0910 0696 Panda Software Controller (62ddeb7cbcfa3522aed4308b66780a93) C:\Program Files\Panda Software\AVTC\PsCtrlS.exe
20:27:04.0910 0696 Panda Software Controller - ok
20:27:05.0082 0696 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:27:05.0098 0696 Parport - ok
20:27:05.0145 0696 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:27:05.0145 0696 PartMgr - ok
20:27:05.0223 0696 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:27:05.0223 0696 ParVdm - ok
20:27:05.0285 0696 PavProc (a110035fdc4b8f8f0cd5e71d031274e1) C:\WINDOWS\system32\DRIVERS\PavProc.sys
20:27:05.0285 0696 PavProc - ok
20:27:05.0332 0696 PavPrSrv (2ae3f6b23448443bbef5de207159213b) C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
20:27:05.0332 0696 PavPrSrv - ok
20:27:05.0473 0696 PavReport (a6ef20b50aa9f64591f6747b7a93477f) C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
20:27:05.0489 0696 PavReport - ok
20:27:05.0582 0696 PavSrv (b380167242f8b498d59999f324e4a89c) C:\Program Files\Panda Software\AVTC\PavSrvX86.exe
20:27:05.0582 0696 PavSrv - ok
20:27:05.0786 0696 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:27:05.0786 0696 PCI - ok
20:27:05.0817 0696 PCIDump - ok
20:27:05.0926 0696 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:27:05.0926 0696 PCIIde - ok
20:27:05.0973 0696 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:27:05.0973 0696 Pcmcia - ok
20:27:05.0989 0696 PDCOMP - ok
20:27:06.0036 0696 PDFRAME - ok
20:27:06.0082 0696 pdiddcci (c57f2cdbbbf6f6be75fb5a82e598e004) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys
20:27:06.0082 0696 pdiddcci - ok
20:27:06.0129 0696 PdiPorts (19032c974c8864f488b4953abc200e1a) C:\WINDOWS\system32\Drivers\PdiPorts.sys
20:27:06.0145 0696 PdiPorts - ok
20:27:06.0207 0696 PDRELI - ok
20:27:06.0239 0696 PDRFRAME - ok
20:27:06.0254 0696 perc2 - ok
20:27:06.0270 0696 perc2hib - ok
20:27:06.0332 0696 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:27:06.0332 0696 PlugPlay - ok
20:27:06.0379 0696 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
20:27:06.0379 0696 Pml Driver HPZ12 - ok
20:27:06.0520 0696 PMShellSrv (d858c1b9c6b4726993c1baffc27f49e6) C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
20:27:06.0520 0696 PMShellSrv - ok
20:27:06.0567 0696 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
20:27:06.0582 0696 Point32 - ok
20:27:06.0629 0696 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:27:06.0629 0696 PolicyAgent - ok
20:27:06.0676 0696 ppa3 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\captureservice.dll
20:27:06.0676 0696 ppa3 ( Backdoor.Multi.ZAccess.gen ) - infected
20:27:06.0676 0696 ppa3 - detected Backdoor.Multi.ZAccess.gen (0)
20:27:06.0707 0696 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:27:06.0707 0696 PptpMiniport - ok
20:27:06.0723 0696 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:27:06.0723 0696 ProtectedStorage - ok
20:27:06.0770 0696 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:27:06.0770 0696 PSched - ok
20:27:06.0911 0696 PsImSvc (935581107fd5b40b61d3908cae0c4e53) C:\Program Files\Panda Software\AVTC\PsImSvc.exe
20:27:06.0911 0696 PsImSvc - ok
20:27:06.0957 0696 PskSvc (7f0f38bc0236fbb9469281e0826d862e) C:\Program Files\Panda Software\AVTC\PskSvc.exe
20:27:06.0957 0696 PskSvc - ok
20:27:07.0129 0696 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:27:07.0129 0696 Ptilink - ok
20:27:07.0207 0696 PxHelp20 (d7e32c33c08ccdbd21d47d291f30d35b) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:27:07.0223 0696 PxHelp20 - ok
20:27:07.0254 0696 ql1080 - ok
20:27:07.0270 0696 Ql10wnt - ok
20:27:07.0286 0696 ql12160 - ok
20:27:07.0317 0696 ql1240 - ok
20:27:07.0332 0696 ql1280 - ok
20:27:07.0426 0696 RampartSvc (bc1980557ce60cf5dfc5d570256b0a83) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
20:27:07.0426 0696 RampartSvc - ok
20:27:07.0457 0696 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:27:07.0457 0696 RasAcd - ok
20:27:07.0692 0696 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:27:07.0692 0696 RasAuto - ok
20:27:07.0723 0696 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:27:07.0723 0696 Rasirda - ok
20:27:07.0754 0696 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:27:07.0754 0696 Rasl2tp - ok
20:27:07.0832 0696 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:27:07.0832 0696 RasMan - ok
20:27:07.0957 0696 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:27:07.0957 0696 RasPppoe - ok
20:27:08.0004 0696 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:27:08.0004 0696 Raspti - ok
20:27:08.0082 0696 RCFOX (8f1211a58c1bf3b63ca928878ac6deb0) C:\WINDOWS\system32\Drivers\RCFOX.sys
20:27:08.0114 0696 RCFOX - ok
20:27:08.0239 0696 rcvpn (bca39c96b11318cbc2797c4b842e22e4) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
20:27:08.0286 0696 rcvpn - ok
20:27:08.0364 0696 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:27:08.0379 0696 Rdbss - ok
20:27:08.0442 0696 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:27:08.0457 0696 RDPCDD - ok
20:27:08.0504 0696 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:27:08.0520 0696 rdpdr - ok
20:27:08.0567 0696 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:27:08.0582 0696 RDPWD - ok
20:27:08.0661 0696 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:27:08.0661 0696 RDSessMgr - ok
20:27:08.0770 0696 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:27:08.0786 0696 redbook - ok
20:27:09.0098 0696 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:27:09.0114 0696 RemoteAccess - ok
20:27:09.0161 0696 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:27:09.0161 0696 RemoteRegistry - ok
20:27:09.0207 0696 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:27:09.0223 0696 RpcLocator - ok
20:27:09.0286 0696 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:27:09.0286 0696 RpcSs - ok
20:27:09.0426 0696 RSMWebServer (a3ee8ecc10c4f54e3c417366991e5f00) C:\Program Files\N-able Technologies\NRM\RSMWinService.exe
20:27:09.0426 0696 RSMWebServer - ok
20:27:09.0582 0696 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:27:09.0582 0696 RSVP - ok
20:27:09.0676 0696 RTL8023xp (accaef9f58ae156772be67df148c5b3a) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
20:27:09.0676 0696 RTL8023xp - ok
20:27:09.0754 0696 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:27:09.0754 0696 SamSs - ok
20:27:09.0832 0696 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:27:09.0848 0696 SCardSvr - ok
20:27:09.0911 0696 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:27:09.0926 0696 Schedule - ok
20:27:10.0020 0696 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:27:10.0020 0696 sdbus - ok
20:27:10.0098 0696 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:27:10.0114 0696 Secdrv - ok
20:27:10.0161 0696 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:27:10.0161 0696 seclogon - ok
20:27:10.0207 0696 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:27:10.0207 0696 SENS - ok
20:27:10.0254 0696 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:27:10.0254 0696 serenum - ok
20:27:10.0301 0696 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:27:10.0301 0696 Serial - ok
20:27:10.0364 0696 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:27:10.0364 0696 Sfloppy - ok
20:27:10.0426 0696 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:27:10.0426 0696 SharedAccess - ok
20:27:10.0489 0696 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:27:10.0489 0696 ShellHWDetection - ok
20:27:10.0567 0696 ShldDrv (32d6f7632234f0354c79e915ca4613d4) C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys
20:27:10.0567 0696 ShldDrv - ok
20:27:10.0582 0696 Simbad - ok
20:27:10.0645 0696 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
20:27:10.0645 0696 SMCIRDA - ok
20:27:10.0708 0696 SMTPSVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
20:27:10.0708 0696 SMTPSVC - ok
20:27:10.0739 0696 Sparrow - ok
20:27:10.0786 0696 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:27:10.0786 0696 splitter - ok
20:27:10.0848 0696 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:27:10.0848 0696 Spooler - ok
20:27:10.0879 0696 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:27:10.0879 0696 sr - ok
20:27:10.0926 0696 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:27:10.0942 0696 srservice - ok
20:27:10.0973 0696 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:27:10.0989 0696 Srv - ok
20:27:11.0020 0696 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:27:11.0020 0696 sscdbhk5 - ok
20:27:11.0083 0696 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:27:11.0083 0696 SSDPSRV - ok
20:27:11.0114 0696 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
20:27:11.0364 0696 ssrtln - ok
20:27:11.0426 0696 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:27:11.0442 0696 stisvc - ok
20:27:11.0504 0696 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:27:11.0504 0696 swenum - ok
20:27:11.0583 0696 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:27:11.0598 0696 swmidi - ok
20:27:11.0629 0696 SwPrv - ok
20:27:11.0661 0696 symc810 - ok
20:27:11.0676 0696 symc8xx - ok
20:27:11.0708 0696 sym_hi - ok
20:27:11.0723 0696 sym_u3 - ok
20:27:11.0801 0696 SynTP (ec39343756c82b2a344b03d1314fb436) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:27:11.0801 0696 SynTP - ok
20:27:11.0864 0696 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:27:11.0864 0696 sysaudio - ok
20:27:11.0926 0696 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:27:11.0926 0696 SysmonLog - ok
20:27:11.0958 0696 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:27:11.0958 0696 TapiSrv - ok
20:27:12.0036 0696 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:27:12.0036 0696 Tcpip - ok
20:27:12.0067 0696 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:27:12.0083 0696 TDPIPE - ok
20:27:12.0114 0696 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:27:12.0129 0696 TDTCP - ok
20:27:12.0145 0696 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:27:12.0161 0696 TermDD - ok
20:27:12.0239 0696 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:27:12.0239 0696 TermService - ok
20:27:12.0317 0696 tfsnboio (2aceb9567639ff2db9d862104a80227a) C:\WINDOWS\system32\dla\tfsnboio.sys
20:27:12.0333 0696 tfsnboio - ok
20:27:12.0364 0696 tfsncofs (d9f936eac2a6d55e3de87bedff8137a9) C:\WINDOWS\system32\dla\tfsncofs.sys
20:27:12.0364 0696 tfsncofs - ok
20:27:12.0411 0696 tfsndrct (0fd9805bc047ada2cff540d4b7fa71fb) C:\WINDOWS\system32\dla\tfsndrct.sys
20:27:12.0411 0696 tfsndrct - ok
20:27:12.0442 0696 tfsndres (f8b907198e2540a4a340f1e6775f7b71) C:\WINDOWS\system32\dla\tfsndres.sys
20:27:12.0504 0696 tfsndres - ok
20:27:12.0551 0696 tfsnifs (fb11349b31346290d098941f0216cc45) C:\WINDOWS\system32\dla\tfsnifs.sys
20:27:12.0895 0696 tfsnifs - ok
20:27:13.0051 0696 tfsnopio (1994265f3a90e23a9434bba687f1a069) C:\WINDOWS\system32\dla\tfsnopio.sys
20:27:13.0067 0696 tfsnopio - ok
20:27:13.0114 0696 tfsnpool (0b3d2bd550aa63bfd25ae8c5afbf7f76) C:\WINDOWS\system32\dla\tfsnpool.sys
20:27:13.0161 0696 tfsnpool - ok
20:27:13.0192 0696 tfsnudf (716edddba259a2d699332df95301edda) C:\WINDOWS\system32\dla\tfsnudf.sys
20:27:13.0223 0696 tfsnudf - ok
20:27:13.0254 0696 tfsnudfa (a8ee7bbdd0b8c01e38221d0dca2e7aaa) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:27:13.0270 0696 tfsnudfa - ok
20:27:13.0317 0696 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:27:13.0333 0696 Themes - ok
20:27:13.0411 0696 tifm21 (10fab5de182e0807cce1f7ff4275a67f) C:\WINDOWS\system32\drivers\tifm21.sys
20:27:13.0426 0696 tifm21 - ok
20:27:13.0489 0696 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:27:13.0489 0696 TlntSvr - ok
20:27:13.0520 0696 TosIde - ok
20:27:13.0567 0696 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:27:13.0567 0696 TrkWks - ok
20:27:13.0629 0696 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:27:13.0629 0696 Udfs - ok
20:27:13.0645 0696 ultra - ok
20:27:13.0708 0696 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:27:13.0723 0696 Update - ok
20:27:13.0770 0696 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:27:13.0770 0696 upnphost - ok
20:27:13.0801 0696 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:27:13.0801 0696 UPS - ok
20:27:13.0895 0696 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:27:13.0911 0696 usbccgp - ok
20:27:13.0958 0696 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:27:13.0958 0696 usbehci - ok
20:27:14.0004 0696 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:27:14.0004 0696 usbhub - ok
20:27:14.0036 0696 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:27:14.0036 0696 usbprint - ok
20:27:14.0083 0696 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:27:14.0098 0696 usbscan - ok
20:27:14.0161 0696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:27:14.0161 0696 USBSTOR - ok
20:27:14.0192 0696 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:27:14.0192 0696 usbuhci - ok
20:27:14.0364 0696 uvnc_service (b840c0d1a043bd4f3d98ee0c8bd8de72) C:\Program Files\UltraVNC\WinVNC.exe
20:27:14.0379 0696 uvnc_service - ok
20:27:14.0567 0696 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:27:14.0567 0696 VgaSave - ok
20:27:14.0614 0696 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:27:14.0614 0696 ViaIde - ok
20:27:14.0661 0696 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:27:14.0661 0696 VolSnap - ok
20:27:14.0754 0696 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
20:27:14.0754 0696 vsdatant - ok
20:27:14.0817 0696 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:27:14.0833 0696 VSS - ok
20:27:14.0879 0696 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:27:14.0895 0696 W32Time - ok
20:27:14.0942 0696 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
20:27:14.0958 0696 W3SVC - ok
20:27:15.0036 0696 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:27:15.0036 0696 Wanarp - ok
20:27:15.0098 0696 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:27:15.0114 0696 Wdf01000 - ok
20:27:15.0129 0696 WDICA - ok
20:27:15.0176 0696 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:27:15.0176 0696 wdmaud - ok
20:27:15.0223 0696 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:27:15.0223 0696 WebClient - ok
20:27:15.0301 0696 winachsf (2e84a40836b2a8dc523cb530c7262ac3) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:27:15.0317 0696 winachsf - ok
20:27:15.0458 0696 Windows Agent Maintenance Service (207474bd54d2a66bd1099dd13f512f26) C:\Program Files\N-able Technologies\Windows Agent\bin\AgentMaint.exe
20:27:15.0473 0696 Windows Agent Maintenance Service - ok
20:27:15.0520 0696 Windows Agent Service (5a0755a5f3d92e821b5b757c1018d98c) C:\Program Files\N-able Technologies\Windows Agent\bin\agent.exe
20:27:15.0520 0696 Windows Agent Service - ok
20:27:15.0739 0696 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:27:15.0739 0696 winmgmt - ok
20:27:15.0833 0696 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:27:15.0833 0696 WmdmPmSN - ok
20:27:15.0895 0696 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:27:15.0911 0696 Wmi - ok
20:27:15.0973 0696 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:27:15.0973 0696 WmiAcpi - ok
20:27:16.0098 0696 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:27:16.0098 0696 WmiApSrv - ok
20:27:16.0208 0696 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:27:16.0270 0696 WMPNetworkSvc - ok
20:27:16.0661 0696 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:27:16.0723 0696 WPFFontCache_v0400 - ok
20:27:16.0833 0696 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:27:16.0848 0696 wuauserv - ok
20:27:17.0223 0696 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:27:17.0223 0696 WudfPf - ok
20:27:17.0286 0696 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:27:17.0286 0696 WudfRd - ok
20:27:17.0348 0696 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:27:17.0348 0696 WudfSvc - ok
20:27:17.0442 0696 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:27:17.0458 0696 WZCSVC - ok
20:27:17.0505 0696 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:27:17.0505 0696 xmlprov - ok
20:27:17.0567 0696 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
20:27:17.0755 0696 \Device\Harddisk0\DR0 - ok
20:27:17.0755 0696 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR4
20:27:20.0645 0696 \Device\Harddisk1\DR4 - ok
20:27:20.0661 0696 Boot (0x1200) (5d289a07a405dd0b8a9601ec737d1785) \Device\Harddisk0\DR0\Partition0
20:27:20.0661 0696 \Device\Harddisk0\DR0\Partition0 - ok
20:27:20.0661 0696 Boot (0x1200) (b87067dffb7b82b43b97ffa94c0e867f) \Device\Harddisk1\DR4\Partition0
20:27:20.0661 0696 \Device\Harddisk1\DR4\Partition0 - ok
20:27:20.0677 0696 ============================================================
20:27:20.0677 0696 Scan finished
20:27:20.0677 0696 ============================================================
20:27:20.0677 6000 Detected object count: 2
20:27:20.0677 6000 Actual detected object count: 2
20:27:26.0364 6000 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
20:27:26.0474 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\@ - copied to quarantine
20:27:26.0489 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\cfg.ini - copied to quarantine
20:27:26.0520 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\Desktop.ini - copied to quarantine
20:27:26.0708 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\L\nqrupmok - copied to quarantine
20:27:26.0724 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\oemid - copied to quarantine
20:27:26.0770 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\00000001.@ - copied to quarantine
20:27:26.0833 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\00000002.@ - copied to quarantine
20:27:26.0849 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\00000004.@ - copied to quarantine
20:27:26.0911 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\80000000.@ - copied to quarantine
20:27:26.0958 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\80000004.@ - copied to quarantine
20:27:26.0958 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\80000032.@ - copied to quarantine
20:27:27.0005 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\version - copied to quarantine
20:27:28.0427 6000 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
20:28:07.0178 6000 Backup copy found, using it..
20:28:07.0209 6000 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
20:28:09.0553 6000 C:\WINDOWS\$NtUninstallKB62280$\4102036159 - will be deleted on reboot
20:28:09.0553 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\@ - will be deleted on reboot
20:28:09.0553 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\cfg.ini - will be deleted on reboot
20:28:09.0568 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\Desktop.ini - will be deleted on reboot
20:28:09.0568 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\oemid - will be deleted on reboot
20:28:09.0584 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\00000001.@ - will be deleted on reboot
20:28:09.0584 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\00000002.@ - will be deleted on reboot
20:28:09.0584 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\00000004.@ - will be deleted on reboot
20:28:09.0584 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\80000000.@ - will be deleted on reboot
20:28:09.0584 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\80000004.@ - will be deleted on reboot
20:28:09.0584 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\U\80000032.@ - will be deleted on reboot
20:28:09.0584 6000 C:\WINDOWS\$NtUninstallKB62280$\485945278\version - will be deleted on reboot
20:28:09.0584 6000 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
20:28:09.0662 6000 C:\WINDOWS\system32\captureservice.dll - copied to quarantine
20:28:09.0678 6000 HKLM\SYSTEM\ControlSet001\services\ppa3 - will be deleted on reboot
20:28:09.0678 6000 HKLM\SYSTEM\ControlSet003\services\ppa3 - will be deleted on reboot
20:28:09.0678 6000 C:\WINDOWS\system32\captureservice.dll - will be deleted on reboot
20:28:09.0678 6000 ppa3 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

#4 Brinleigh217

Brinleigh217
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 11 April 2012 - 11:38 PM

mbam log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.11.06

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
bcrider :: EECMOBIL1 [administrator]

4/11/2012 3:13:20 PM
mbam-log-2012-04-11 (15-13-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 517601
Time elapsed: 1 hour(s), 35 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|svchost (Trojan.Agent) -> Data: C:\Documents and Settings\mduval\Application Data\svchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pcripi (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\bcrider\LOCALS~1\Temp\pcripi.dll",QuaternionNormalize -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 18
C:\WINDOWS\system32\SPCtl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\F4D5619C000EF3FD001F240BD151FC4E\F4D5619C000EF3FD001F240BD151FC4E.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\bcrider\Application Data\Sun\Java\Deployment\cache\6.0\11\7c6bdf0b-2c5a10af (Trojan.Zbot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\bcrider\Local Settings\Temp\ms0cfg32.exe (Trojan.Zbot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\bcrider\Local Settings\Temp\ydvtLsBE87mu4yn.exe (Trojan.Zbot.IPGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\bcrider\Local Settings\Temp\~!#EE.tmp (Trojan.Zbot.IPGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\mduval\Application Data\Sun\Java\Deployment\cache\6.0\48\6db44eb0-28a0cefb (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alg.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CoachVc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F700isw.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LMIRfsClientNP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MA_CMIDI.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PolarUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\se44nd5.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfdrv01.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\V0070VID.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\mduval\Application Data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\Documents and Settings\bcrider\Local Settings\Temp\pcripi.dll (Trojan.Agent.LTGen) -> Quarantined and deleted successfully.

(end)

#5 Brinleigh217

Brinleigh217
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 11 April 2012 - 11:39 PM

SuperAntiSpyware log -- JUST A NOTE: When I restarted my computer after running this, to open the program to get to the log, I had to run as admin to get it to open, which I thought I should mention. I tried to open it just by clicking the desktop icon like 4 times.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/11/2012 at 11:07 PM

Application Version : 5.0.1146

Core Rules Database Version : 8445
Trace Rules Database Version: 6257

Scan type : Complete Scan
Total Scan Time : 02:27:59

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 702
Memory threats detected : 0
Registry items scanned : 36692
Registry threats detected : 0
File items scanned : 85536
File threats detected : 369

Adware.Tracking Cookie
art.aim4media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\954ECYSR ]
kaltura.hutchmedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\954ECYSR ]
media4.onsugar.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\954ECYSR ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\954ECYSR ]
tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\954ECYSR ]
C:\Documents and Settings\bcrider\Cookies\4RDIG347.txt [ /adbrite.com ]
C:\Documents and Settings\bcrider\Cookies\3OA0BJNE.txt [ /e2itg.pbteen.com ]
C:\Documents and Settings\bcrider\Cookies\758K1NKN.txt [ /2o7.net ]
C:\Documents and Settings\bcrider\Cookies\49RZZDOL.txt [ /gsimedia.net ]
C:\Documents and Settings\bcrider\Cookies\7LV41EI8.txt [ /eighteen25.blogspot.com ]
C:\Documents and Settings\bcrider\Cookies\6OPCYQGR.txt [ /yieldmanager.net ]
C:\Documents and Settings\bcrider\Cookies\5QR62WBE.txt [ /histats.com ]
C:\Documents and Settings\bcrider\Cookies\PH8E1PCW.txt [ /collective-media.net ]
C:\Documents and Settings\bcrider\Cookies\1QWSKQ0B.txt [ /pro-market.net ]
C:\Documents and Settings\bcrider\Cookies\365HGHSK.txt [ /hitbox.com ]
C:\Documents and Settings\bcrider\Cookies\IAFQQ2L8.txt [ /intermundomedia.com ]
C:\Documents and Settings\bcrider\Cookies\TX85XBJ8.txt [ /bizrate.com ]
C:\Documents and Settings\bcrider\Cookies\JC0CRYIG.txt [ /insightexpressai.com ]
C:\Documents and Settings\bcrider\Cookies\S848N42I.txt [ /warnerbros.112.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\TIY9A7EI.txt [ /lucidmedia.com ]
C:\Documents and Settings\bcrider\Cookies\RTUKG250.txt [ /interclick.com ]
C:\Documents and Settings\bcrider\Cookies\MMYPUUIN.txt [ /ads.undertone.com ]
C:\Documents and Settings\bcrider\Cookies\ANCDR5LD.txt [ /cn.clickable.net ]
C:\Documents and Settings\bcrider\Cookies\LGHWTFI1.txt [ /z.blogads.com ]
C:\Documents and Settings\bcrider\Cookies\AVXQX9V9.txt [ /nextag.com ]
C:\Documents and Settings\bcrider\Cookies\9JJRF4DB.txt [ /mediabrandsww.com ]
C:\Documents and Settings\bcrider\Cookies\1FPJY489.txt [ /ad.wsod.com ]
C:\Documents and Settings\bcrider\Cookies\0YQLS1I5.txt [ /c.atdmt.com ]
C:\Documents and Settings\bcrider\Cookies\1H0RXQ8N.txt [ /burstbeacon.com ]
C:\Documents and Settings\bcrider\Cookies\A36J2O8P.txt [ /foxinteractivemedia.122.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\5XJEP8FQ.txt [ /ru4.com ]
C:\Documents and Settings\bcrider\Cookies\BGFUQ4C5.txt [ /mediaforge.com ]
C:\Documents and Settings\bcrider\Cookies\K7TN7V40.txt [ /ar.atwola.com ]
C:\Documents and Settings\bcrider\Cookies\XBFB97A8.txt [ /a1.interclick.com ]
C:\Documents and Settings\bcrider\Cookies\WSDL9D0X.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\bcrider\Cookies\JK4HDPPJ.txt [ /csc.112.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\UNLYC0L6.txt [ /counters.gigya.com ]
C:\Documents and Settings\bcrider\Cookies\3G1MEWJD.txt [ /accounts.youtube.com ]
C:\Documents and Settings\bcrider\Cookies\EGFH1QPX.txt [ /imrworldwide.com ]
C:\Documents and Settings\bcrider\Cookies\7PV15AN3.txt [ /liveperson.net ]
C:\Documents and Settings\bcrider\Cookies\4HO9WLJI.txt [ /socialstreamingplayer.crystalmedianetworks.com ]
C:\Documents and Settings\bcrider\Cookies\3BG0ZB9D.txt [ /at.atwola.com ]
C:\Documents and Settings\bcrider\Cookies\IILG5NGJ.txt [ /pbteen.com ]
C:\Documents and Settings\bcrider\Cookies\ERJB9A3N.txt [ /content.yieldmanager.com ]
C:\Documents and Settings\bcrider\Cookies\IUW2R2HO.txt [ /mtvn.112.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\YCUNAJ0C.txt [ /www.burstnet.com ]
C:\Documents and Settings\bcrider\Cookies\BP4WLOXS.txt [ /stats.townnews.com ]
C:\Documents and Settings\bcrider\Cookies\OAI00W0F.txt [ /ads.lycos.com ]
C:\Documents and Settings\bcrider\Cookies\NDO4HDWI.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\bcrider\Cookies\EZCLZ9OW.txt [ /eyewonder.com ]
C:\Documents and Settings\bcrider\Cookies\7BBKSVD9.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\bcrider\Cookies\1ATYOGZU.txt [ /microsoftwlcashback.112.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\DVEANF11.txt [ /ehg-emmiscommunications.hitbox.com ]
C:\Documents and Settings\bcrider\Cookies\BW16QAK3.txt [ /invitemedia.com ]
C:\Documents and Settings\bcrider\Cookies\M7WNYOFJ.txt [ /www.pbteen.com ]
C:\Documents and Settings\bcrider\Cookies\MLO6R77I.txt [ /revsci.net ]
C:\Documents and Settings\bcrider\Cookies\ZMH08ZVA.txt [ /anrtx.tacoda.net ]
C:\Documents and Settings\bcrider\Cookies\J8315S2A.txt [ /media.adfrontiers.com ]
C:\Documents and Settings\bcrider\Cookies\68B3FBH4.txt [ /c.gigcount.com ]
C:\Documents and Settings\bcrider\Cookies\PGRU1V2U.txt [ /legolas-media.com ]
C:\Documents and Settings\bcrider\Cookies\QPO1AO8X.txt [ /liveperson.net ]
C:\Documents and Settings\bcrider\Cookies\CEZXE8F7.txt [ /accounts.google.com ]
C:\Documents and Settings\bcrider\Cookies\C68V1D3K.txt [ /adinterax.com ]
C:\Documents and Settings\bcrider\Cookies\5ELA8L99.txt [ /parentmediagroup.go2jump.org ]
C:\Documents and Settings\bcrider\Cookies\WGVB7Y6Q.txt [ /mm.chitika.net ]
C:\Documents and Settings\bcrider\Cookies\K4WUZC6W.txt [ /specificclick.net ]
C:\Documents and Settings\bcrider\Cookies\4M7FWYOU.txt [ /pointroll.com ]
C:\Documents and Settings\bcrider\Cookies\Y5H2LD1O.txt [ /media6degrees.com ]
C:\Documents and Settings\bcrider\Cookies\JACFPLIU.txt [ /adxpose.com ]
C:\Documents and Settings\bcrider\Cookies\7DBKWO19.txt [ /dmtracker.com ]
C:\Documents and Settings\bcrider\Cookies\S85YPVAF.txt [ /viewablemedia.net ]
C:\Documents and Settings\bcrider\Cookies\O0OQYQG0.txt [ /ewstv.112.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\MOEQSXPZ.txt [ /sales.liveperson.net ]
C:\Documents and Settings\bcrider\Cookies\S33ESMPR.txt [ /e-2dj6wjmikkdzgbo.stats.esomniture.com ]
C:\Documents and Settings\bcrider\Cookies\FN7WWTX8.txt [ /media.gsimedia.net ]
C:\Documents and Settings\bcrider\Cookies\OUHL7BE4.txt [ /charmingshoppes.112.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\YF11XVLF.txt [ /liveperson.net ]
C:\Documents and Settings\bcrider\Cookies\K7VRMMCZ.txt [ /myweather.112.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\WEIKB1BQ.txt [ /hpi.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\bcrider\Cookies\NLM2QDOX.txt [ /ads.shorttail.net ]
C:\Documents and Settings\bcrider\Cookies\VFGNQVV2.txt [ /www.dolphinencounters.printroom.com ]
C:\Documents and Settings\bcrider\Cookies\HITM7Z9B.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\BZGRUUZW.txt [ /andomedia.com ]
C:\Documents and Settings\bcrider\Cookies\DB8BWIWT.txt [ /adform.net ]
C:\Documents and Settings\bcrider\Cookies\HZF36KKQ.txt [ /rd.bizrate.com ]
C:\Documents and Settings\bcrider\Cookies\U4WHW0K3.txt [ /ad.360yield.com ]
C:\Documents and Settings\bcrider\Cookies\F3S0JLPH.txt [ /samsclub.112.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\GGW4PSHN.txt [ /adlegend.com ]
C:\Documents and Settings\bcrider\Cookies\L1VVUE4T.txt [ /ads.pennlive.com ]
C:\Documents and Settings\bcrider\Cookies\VLL5Y120.txt [ /track.adform.net ]
C:\Documents and Settings\bcrider\Cookies\XK34UM93.txt [ /d.gravityadnetwork.com ]
C:\Documents and Settings\bcrider\Cookies\AE3FTCIF.txt [ /testdata.coremetrics.com ]
C:\Documents and Settings\bcrider\Cookies\UNAFCX1O.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\bcrider\Cookies\A9ILEGUO.txt [ /liveperson.net ]
C:\Documents and Settings\bcrider\Cookies\Z8IYD580.txt [ /traveladvertising.com ]
C:\Documents and Settings\bcrider\Cookies\SKJP7VFQ.txt [ /in.getclicky.com ]
C:\Documents and Settings\bcrider\Cookies\AGY0C4SE.txt [ /parentingteens.about.com ]
C:\Documents and Settings\bcrider\Cookies\92176JOK.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\bcrider\Cookies\UXWWTC88.txt [ /optimize.indieclick.com ]
C:\Documents and Settings\bcrider\Cookies\78JGMAE2.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\bcrider\Cookies\XKBRECDV.txt [ /www.onetruemedia.com ]
C:\Documents and Settings\bcrider\Cookies\32FJW6WE.txt [ /beta-ads.ace.advertising.com ]
C:\Documents and Settings\bcrider\Cookies\1ZLSSJ68.txt [ /dolphinencounters.com ]
C:\Documents and Settings\bcrider\Cookies\M4A4D0AN.txt [ /adserver.spacetimeads.com ]
C:\Documents and Settings\bcrider\Cookies\B5JUZUHY.txt [ /vitacost.122.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\OT0CLGWR.txt [ /www.googleadservices.com ]
C:\Documents and Settings\bcrider\Cookies\74FV1REG.txt [ /network.realmedia.com ]
C:\Documents and Settings\bcrider\Cookies\BE5TC8D2.txt [ /lm.logicalmedia.com ]
C:\Documents and Settings\bcrider\Cookies\2QJ5DJN6.txt [ /indieclick.com ]
C:\Documents and Settings\bcrider\Cookies\3XQMGQK6.txt [ /ad.mlnadvertising.com ]
C:\Documents and Settings\bcrider\Cookies\576P0OH1.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\bcrider\Cookies\NW4Q2PPX.txt [ /rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\bcrider\Cookies\E3EBPBCI.txt [ /akamai.interclickproxy.com ]
C:\Documents and Settings\bcrider\Cookies\6WM1TAMZ.txt [ /webtrack.dhlglobalmail.com ]
C:\Documents and Settings\bcrider\Cookies\A75L8EG8.txt [ /jamesavery.122.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\5I7DFR3V.txt [ /ads.foodbuzz.com ]
C:\Documents and Settings\bcrider\Cookies\J3PKQ9WA.txt [ /clickbooth.com ]
C:\Documents and Settings\bcrider\Cookies\SH6Z9JRO.txt [ /lfstmedia.com ]
C:\Documents and Settings\bcrider\Cookies\WLXAD4OA.txt [ /kontera.com ]
C:\Documents and Settings\bcrider\Cookies\3KZWR2GN.txt [ /ad.doubleclick.net ]
C:\Documents and Settings\bcrider\Cookies\7QBQVCP3.txt [ /liveperson.net ]
C:\Documents and Settings\bcrider\Cookies\8YFTUMWI.txt [ /tomsshoes.122.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\CONLLN2T.txt [ /www.inrichmedia.com ]
C:\Documents and Settings\bcrider\Cookies\86NZ2PRC.txt [ /sales.liveperson.net ]
C:\Documents and Settings\bcrider\Cookies\HB8UHWAA.txt [ /msnportal.112.2o7.net ]
C:\Documents and Settings\bcrider\Cookies\0PZA0EP1.txt [ /d.mediaforge.com ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\ER6H1RMI.txt [ Cookie:administrator@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\QY6BDY8A.txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\2DE95J4K.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\GTG5MZ4T.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\CE0H55HP.txt [ Cookie:system@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\10JTSNI4.txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\9ED2F0IP.txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\08D0P30B.txt [ Cookie:system@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\3AAAIEZI.txt [ Cookie:system@stat.onestat.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\SW9640JX.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\ETYON3L6.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\ZSAG1205.txt [ Cookie:system@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\W6K03PRT.txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\SDXTW3XE.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\74J9YM51.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\administrator@2o7[1].txt [ Cookie:administrator@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\PTFA13GH.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\2BN73R8R.txt [ Cookie:system@eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\EOLRFBF3.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\UBUB8IGB.txt [ Cookie:system@ezsearchresults.com/click/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\OCB9M1AM.txt [ Cookie:system@adnetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\ZCW0C0IB.txt [ Cookie:system@burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\1X6F5W7Z.txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\SNPZEALD.txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\FV688JOI.txt [ Cookie:system@kanoodle.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\JFIHE1Y2.txt [ Cookie:system@search.eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\QWX1SVZ4.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\LK5YCQD0.txt [ Cookie:administrator@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\4XVHMW10.txt [ Cookie:system@www.burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\LGZXT30G.txt [ Cookie:system@mediatraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\PM2GGSG5.txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\BT6X2XUR.txt [ Cookie:system@histats.com/stats/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\SF48MGNU.txt [ Cookie:administrator@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\BCTGCU18.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\95ALN2D9.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\YV0YL0L7.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\SO4VC7EN.txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\O5JH5XK2.txt [ Cookie:administrator@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\C74AB1RR.txt [ Cookie:system@crackle.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\MPEBQSGU.txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\SNC0EW1Y.txt [ Cookie:system@ox-d.adservermedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\JMR4THGT.txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\T9JGFYFZ.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\8HDPJ9V3.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\GR43CF1O.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\CCACDS18.txt [ Cookie:system@tag.2bluemedia.hiro.tv/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\GSYI7OVK.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\J27QM7CV.txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\O9B503KW.txt [ Cookie:system@server.cpmstar.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\AD7U56SG.txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\ZC1A8ENO.txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\KQ7IHSBJ.txt [ Cookie:system@cdmedia.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\7HUZZFSY.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\CMPYLQXF.txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\CG94QYGB.txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\17BGJNE2.txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\KLG0ANXL.txt [ Cookie:system@advertising.ezanga.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\BRLZN9QA.txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\5EJFE4DT.txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\Q6R45MMB.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\I51PU0V7.txt [ Cookie:system@ads.gamersmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\3ZP13N1Z.txt [ Cookie:system@keepufind.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\88XWPFGW.txt [ Cookie:system@getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\XMJUVNRW.txt [ Cookie:system@aim4media.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\WR3GP8R2.txt [ Cookie:system@static.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\OVTB0YS5.txt [ Cookie:system@yourgoodsearch.com/click/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\B9QNFHNW.txt [ Cookie:system@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Cookies\YV0R8IN4.txt [ Cookie:system@xml.trafficengine.net/ ]
C:\DOCUMENTS AND SETTINGS\BCRIDER\Cookies\ODLZFEXJ.txt [ Cookie:bcrider@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\BCRIDER\Cookies\J8NQIL2U.txt [ Cookie:bcrider@www.google.com/accounts ]
C:\DOCUMENTS AND SETTINGS\BCRIDER\Cookies\COD6CWIF.txt [ Cookie:bcrider@google.com/accounts/recovery/ ]
C:\DOCUMENTS AND SETTINGS\BCRIDER\Cookies\M0CF9A10.txt [ Cookie:bcrider@tlc.discovery.com/videos/19-kids-and-counting-season-5-webisodes/ ]
C:\DOCUMENTS AND SETTINGS\BCRIDER\Cookies\EAP1LGSK.txt [ Cookie:bcrider@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\BCRIDER\Cookies\AO5DW68B.txt [ Cookie:bcrider@blogs.babble.com/the-new-home-ec/wp-content/plugins/pixelstats/ ]
C:\DOCUMENTS AND SETTINGS\EMADMIN\Cookies\emadmin@doubleclick[1].txt [ Cookie:emadmin@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\GHEITKAMP\Cookies\gheitkamp@doubleclick[1].txt [ Cookie:gheitkamp@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\GHEITKAMP\Cookies\gheitkamp@advertising[1].txt [ Cookie:gheitkamp@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\GHEITKAMP\Cookies\gheitkamp@casalemedia[1].txt [ Cookie:gheitkamp@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\GHEITKAMP\Cookies\gheitkamp@2o7[2].txt [ Cookie:gheitkamp@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GHEITKAMP\Cookies\gheitkamp@questionmarket[1].txt [ Cookie:gheitkamp@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\GHEITKAMP\Cookies\gheitkamp@edge.ru4[1].txt [ Cookie:gheitkamp@edge.ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\Cookies\mduvall@specificclick[1].txt [ Cookie:mduvall@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\Cookies\mduvall@viewablemedia[2].txt [ Cookie:mduvall@viewablemedia.net/ ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\Cookies\mduvall@imrworldwide[2].txt [ Cookie:mduvall@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\Cookies\mduvall@www.pga[1].txt [ Cookie:mduvall@www.pga.com/pgachampionship/2011/multimedia/video/live/pga/ ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\Cookies\mduvall@adinterax[2].txt [ Cookie:mduvall@adinterax.com/ ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\Cookies\mduvall@insightexpressai[2].txt [ Cookie:mduvall@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\Cookies\mduvall@2o7[2].txt [ Cookie:mduvall@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\Cookies\mduvall@content.yieldmanager[1].txt [ Cookie:mduvall@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\Cookies\mduvall@invitemedia[1].txt [ Cookie:mduvall@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\Cookies\mduvall@adsonar[1].txt [ Cookie:mduvall@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@media.formatdynamics[1].txt [ Cookie:mhancock@media.formatdynamics.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@content.yieldmanager[3].txt [ Cookie:mhancock@content.yieldmanager.com/ak/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@insightexpressai[1].txt [ Cookie:mhancock@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@statcounter[1].txt [ Cookie:mhancock@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@imrworldwide[2].txt [ Cookie:mhancock@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@tracking.foxnews[2].txt [ Cookie:mhancock@tracking.foxnews.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@tribalfusion[2].txt [ Cookie:mhancock@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@sales.liveperson[3].txt [ Cookie:mhancock@sales.liveperson.net/hc/74613876 ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@tacoda.at.atwola[2].txt [ Cookie:mhancock@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@adserver.adtechus[1].txt [ Cookie:mhancock@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@pro-market[1].txt [ Cookie:mhancock@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@bs.serving-sys[1].txt [ Cookie:mhancock@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@kontera[2].txt [ Cookie:mhancock@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@questionmarket[1].txt [ Cookie:mhancock@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@cbsdigitalmedia.112.2o7[1].txt [ Cookie:mhancock@cbsdigitalmedia.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@clickshift[1].txt [ Cookie:mhancock@clickshift.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@doubleclick[2].txt [ Cookie:mhancock@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@realmedia[2].txt [ Cookie:mhancock@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@burstnet[2].txt [ Cookie:mhancock@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@ru4[1].txt [ Cookie:mhancock@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@casalemedia[1].txt [ Cookie:mhancock@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@statse.webtrendslive[1].txt [ Cookie:mhancock@statse.webtrendslive.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@hpi.rotator.hadj7.adjuggler[2].txt [ Cookie:mhancock@hpi.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@cookscountrytv[2].txt [ Cookie:mhancock@cookscountrytv.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@steelhousemedia[2].txt [ Cookie:mhancock@steelhousemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@eyewonder[1].txt [ Cookie:mhancock@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@specificmedia[1].txt [ Cookie:mhancock@specificmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@sales.liveperson[2].txt [ Cookie:mhancock@sales.liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@liveperson[3].txt [ Cookie:mhancock@liveperson.net/hc/74613876 ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@invitemedia[2].txt [ Cookie:mhancock@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@at.atwola[1].txt [ Cookie:mhancock@at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@mediaplex[1].txt [ Cookie:mhancock@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@adbrite[2].txt [ Cookie:mhancock@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@revsci[1].txt [ Cookie:mhancock@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@user.lucidmedia[1].txt [ Cookie:mhancock@user.lucidmedia.com/clicksense/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@content.yieldmanager[2].txt [ Cookie:mhancock@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@msnportal.112.2o7[2].txt [ Cookie:mhancock@msnportal.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@fastclick[1].txt [ Cookie:mhancock@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@usatoday1.112.2o7[1].txt [ Cookie:mhancock@usatoday1.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@apmebf[2].txt [ Cookie:mhancock@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@advertising[2].txt [ Cookie:mhancock@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@yellowpages.112.2o7[1].txt [ Cookie:mhancock@yellowpages.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@pointroll[2].txt [ Cookie:mhancock@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@lucidmedia[1].txt [ Cookie:mhancock@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@www.burstnet[1].txt [ Cookie:mhancock@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@interclick[2].txt [ Cookie:mhancock@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@a1.interclick[1].txt [ Cookie:mhancock@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@dc.tremormedia[1].txt [ Cookie:mhancock@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@ads.pointroll[1].txt [ Cookie:mhancock@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@serving-sys[2].txt [ Cookie:mhancock@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@yieldmanager[1].txt [ Cookie:mhancock@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\Cookies\mhancock@adxpose[1].txt [ Cookie:mhancock@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GBNPPV0A.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VEM1NGK3.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\858L1YQD.txt [ Cookie:system@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SDQPHTT0.txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C9HTSJOS.txt [ Cookie:system@indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CN4IBF85.txt [ Cookie:system@lovecomm.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MZ7OXCUW.txt [ Cookie:system@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\32HILJS4.txt [ Cookie:system@conversioncompany.solution.weborama.fr/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OX7NGUT2.txt [ Cookie:system@bluesearchlocal.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Q2E7QQ4Z.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LXU8FFIJ.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UIJORC7N.txt [ Cookie:system@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LKRISB4N.txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RLEEL0J2.txt [ Cookie:system@optimize.indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UMPMX139.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2I2TUTWE.txt [ Cookie:system@adnetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2DOTJ32R.txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\R1GFREBO.txt [ Cookie:system@burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ALVMK5ZH.txt [ Cookie:system@www.shefinds.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\80098UB1.txt [ Cookie:system@kanoodle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\707OQNC1.txt [ Cookie:system@amazon-adsystem.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XGD4IFPE.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6HZRQVUK.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0YT0G1O2.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4LOFDHYQ.txt [ Cookie:system@ox-d.fondnessmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WBT2HTM2.txt [ Cookie:system@ads.saymedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OFKZO8CI.txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8IOI5TE0.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\D46T2W27.txt [ Cookie:system@openx.overadmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3KG3SF6T.txt [ Cookie:system@shefinds.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\F95BRJBY.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\M87W6AW0.txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C1PLQV1G.txt [ Cookie:system@unrulymedia.com/blank.gif ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GB04TJPF.txt [ Cookie:system@clickcountr.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KFKE04HX.txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FTPBUQ5D.txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0OS0CKN1.txt [ Cookie:system@click.get-answers-fast.com/ads-clicktrack/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\F4CZ0TE0.txt [ Cookie:system@ihire.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7VOL7PT8.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HG4VE736.txt [ Cookie:system@ads.gamersmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HDHWYG7Y.txt [ Cookie:system@micklemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\786UBUBM.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
as1.wdpromedia.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
cdn.media.abc.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
cdn.media.abcfamily.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
dcl.wdpromedia.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
dcl2.wdpromedia.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
imagec15.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
parksandresorts.wdpromedia.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
socialstreamingplayer.crystalmedianetworks.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
static.discoverymedia.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
wdw1.wdpromedia.com [ C:\DOCUMENTS AND SETTINGS\BCRIDER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AE73WCK7 ]
C:\DOCUMENTS AND SETTINGS\GFISHER\ADMINISTRATOR.ENERGY\COOKIES\ADMINISTRATOR@2O7[1].TXT [ /2O7 ]
C:\DOCUMENTS AND SETTINGS\GHEITKAMP\COOKIES\GHEITKAMP@ATDMT[2].TXT [ /ATDMT ]
C:\DOCUMENTS AND SETTINGS\GHEITKAMP\COOKIES\GHEITKAMP@ADS.AS4X.TMCS[1].TXT [ /ADS.AS4X.TMCS ]
C:\DOCUMENTS AND SETTINGS\GHEITKAMP\COOKIES\GHEITKAMP@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
cdn.insights.gravity.com [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
cdn4.specificclick.net [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
hs.interpolls.com [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
media.resulthost.org [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
static.2mdn.net [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
udn.specificclick.net [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
www.soundclick.com [ C:\DOCUMENTS AND SETTINGS\MDUVAL\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4P3DEPSG ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\LOCAL SETTINGS\TEMP\COOKIES\MDUVALL@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
C:\DOCUMENTS AND SETTINGS\MDUVAL\LOCAL SETTINGS\TEMP\COOKIES\MDUVALL@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\MHANCOCK\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U6M2FMYR ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\MHANCOCK\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U6M2FMYR ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\COOKIES\MHANCOCK@2O7[2].TXT [ /2O7 ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\COOKIES\MHANCOCK@AD.WSOD[2].TXT [ /AD.WSOD ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\COOKIES\MHANCOCK@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\COOKIES\MHANCOCK@ADECN[2].TXT [ /ADECN ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\COOKIES\MHANCOCK@ADS.ROISERVER[1].TXT [ /ADS.ROISERVER ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\COOKIES\MHANCOCK@ATDMT[1].TXT [ /ATDMT ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\COOKIES\MHANCOCK@CN.CLICKABLE[1].TXT [ /CN.CLICKABLE ]
C:\DOCUMENTS AND SETTINGS\MHANCOCK\COOKIES\MHANCOCK@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ]
cdn2.baronsmedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MEWTTU5S ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MEWTTU5S ]
C:\RECYCLER\S-1-5-21-1900646769-867467850-2170705705-500\DC3\COOKIES\GARY FISHER@ATWOLA[1].TXT [ /ATWOLA ]
C:\RECYCLER\S-1-5-21-1900646769-867467850-2170705705-500\DC3\COOKIES\GARY FISHER@KANOODLE[2].TXT [ /KANOODLE ]
C:\RECYCLER\S-1-5-21-1900646769-867467850-2170705705-500\DC4\COOKIES\HCOOPER@2O7[1].TXT [ /2O7 ]
C:\RECYCLER\S-1-5-21-1900646769-867467850-2170705705-500\DC4\COOKIES\HCOOPER@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]

Trace.Known Threat Sources
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Local Settings\Temporary Internet Files\Content.IE5\36UG8QNG\crossdomain[1].xml [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ENERGY\Local Settings\Temporary Internet Files\Content.IE5\RZCDDSUU\59b8caa9266b8_2174314[1].flv [ cache:wista ]

Trojan.Agent/Gen-Sirefef
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP559\A0055649.SYS

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:28 AM

Posted 12 April 2012 - 06:52 PM

Hi Leigh,you had a very badly infrcted unit.
Reboot it again.
It should be a lot better,but we still need to do somethings.

How is it running after these?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

Edited by boopme, 12 April 2012 - 06:53 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Brinleigh217

Brinleigh217
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 13 April 2012 - 12:29 AM

The computer worked pretty well today, tons better than yesterday. IE redirected me even after all I did last night. As you said directed, I restarted again. Tonight I ran the Mini Tool Box and Eset Scanner. Eset came up with 6 threats. The logs are below. Thanks again for helping me :)

MiniToolBox by Farbar Version: 18-01-2012
Ran by bcrider (administrator) on 12-04-2012 at 20:50:34
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 2 (Disconnected)
SonicWALL VPN Adapter = SonicWALL Virtual Adapter (Disconnected)
Realtek RTL8169/8110 Family Gigabit Ethernet NIC = Local Area Connection (Connected)
Broadcom 802.11b/g WLAN = Wireless Network Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : EECMOBIL1

Primary Dns Suffix . . . . . . . : energy.energyexchanger.com

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : energy.energyexchanger.com

energyexchanger.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-C0-9F-DF-5B-3E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.168.121

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.168.1

DHCP Server . . . . . . . . . . . : 192.168.168.1

DNS Servers . . . . . . . . . . . : 192.168.168.3

Lease Obtained. . . . . . . . . . : Thursday, April 12, 2012 8:42:36 PM

Lease Expires . . . . . . . . . . : Friday, April 13, 2012 8:42:36 PM



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

Physical Address. . . . . . . . . : 00-90-4B-A2-9E-46

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.119

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.168.3

192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, April 12, 2012 8:42:43 PM

Lease Expires . . . . . . . . . . : Friday, April 13, 2012 8:42:43 PM

Server: eesbs01.energy.energyexchanger.com
Address: 192.168.168.3

Name: google.com
Addresses: 74.125.227.103, 74.125.227.104, 74.125.227.99, 74.125.227.102
74.125.227.100, 74.125.227.97, 74.125.227.96, 74.125.227.101, 74.125.227.98
74.125.227.105, 74.125.227.110



Pinging google.com [74.125.227.103] with 32 bytes of data:



Reply from 74.125.227.103: bytes=32 time=13ms TTL=57

Reply from 74.125.227.103: bytes=32 time=13ms TTL=57



Ping statistics for 74.125.227.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 13ms, Maximum = 13ms, Average = 13ms

Server: eesbs01.energy.energyexchanger.com
Address: 192.168.168.3

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=61ms TTL=56

Reply from 72.30.38.140: bytes=32 time=56ms TTL=56



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 61ms, Average = 58ms

Server: eesbs01.energy.energyexchanger.com
Address: 192.168.168.3

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 9f df 5b 3e ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 90 4b a2 9e 46 ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.119 25
0.0.0.0 0.0.0.0 192.168.168.1 192.168.168.121 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.119 192.168.1.119 25
192.168.1.119 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.119 192.168.1.119 25
192.168.168.0 255.255.255.0 192.168.168.121 192.168.168.121 20
192.168.168.121 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.168.255 255.255.255.255 192.168.168.121 192.168.168.121 20
224.0.0.0 240.0.0.0 192.168.1.119 192.168.1.119 25
224.0.0.0 240.0.0.0 192.168.168.121 192.168.168.121 20
255.255.255.255 255.255.255.255 192.168.1.119 192.168.1.119 1
255.255.255.255 255.255.255.255 192.168.168.121 192.168.168.121 1
Default Gateway: 192.168.168.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/12/2012 08:48:05 PM) (Source: TlntSvr) (User: )
Description: WSAGetLastError() returned error: An invalid argument was supplied.

Error: (04/12/2012 00:36:43 PM) (Source: TlntSvr) (User: )
Description: WSAGetLastError() returned error: An invalid argument was supplied.

Error: (04/12/2012 07:09:47 AM) (Source: Microsoft Office 10) (User: )
Description: Accepted Safe Mode action : Microsoft Outlook.

Error: (04/12/2012 07:08:15 AM) (Source: TlntSvr) (User: )
Description: WSAGetLastError() returned error: An invalid argument was supplied.

Error: (04/12/2012 00:16:42 AM) (Source: TlntSvr) (User: )
Description: WSAGetLastError() returned error: An invalid argument was supplied.

Error: (04/12/2012 00:13:51 AM) (Source: Application Error) (User: )
Description: Fault bucket -1785813116.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (04/12/2012 00:13:48 AM) (Source: Application Error) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x0008d1c0.
Processing media-specific event for [pev.exe!ws!]

Error: (04/11/2012 11:18:14 PM) (Source: TlntSvr) (User: )
Description: WSAGetLastError() returned error: An invalid argument was supplied.

Error: (04/11/2012 08:34:58 PM) (Source: TlntSvr) (User: )
Description: WSAGetLastError() returned error: An invalid argument was supplied.

Error: (04/11/2012 07:19:44 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot determine the user or computer name. (The RPC protocol sequence is not supported. ). Group Policy processing aborted.


System errors:
=============
Error: (04/12/2012 08:45:06 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.

Error: (04/12/2012 08:43:54 PM) (Source: Service Control Manager) (User: )
Description: The Ssm_mdm service terminated with the following error:
%%126

Error: (04/12/2012 04:03:16 PM) (Source: Service Control Manager) (User: )
Description: The RkPavproc1 service failed to start due to the following error:
%%183

Error: (04/12/2012 02:03:22 PM) (Source: Service Control Manager) (User: )
Description: The RkPavproc1 service failed to start due to the following error:
%%183

Error: (04/12/2012 00:03:14 PM) (Source: Service Control Manager) (User: )
Description: The RkPavproc1 service failed to start due to the following error:
%%183

Error: (04/12/2012 10:03:20 AM) (Source: Service Control Manager) (User: )
Description: The RkPavproc1 service failed to start due to the following error:
%%183

Error: (04/12/2012 09:54:57 AM) (Source: Service Control Manager) (User: )
Description: The RkPavproc1 service failed to start due to the following error:
%%183

Error: (04/12/2012 08:03:17 AM) (Source: Service Control Manager) (User: )
Description: The RkPavproc1 service failed to start due to the following error:
%%183

Error: (04/12/2012 07:05:44 AM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.

Error: (04/12/2012 07:04:26 AM) (Source: Service Control Manager) (User: )
Description: The Ssm_mdm service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (04/12/2012 08:48:05 PM) (Source: TlntSvr)(User: )
Description: An invalid argument was supplied.

Error: (04/12/2012 00:36:43 PM) (Source: TlntSvr)(User: )
Description: An invalid argument was supplied.

Error: (04/12/2012 07:09:47 AM) (Source: Microsoft Office 10)(User: )
Description: Microsoft OutlookOutlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

Error: (04/12/2012 07:08:15 AM) (Source: TlntSvr)(User: )
Description: An invalid argument was supplied.

Error: (04/12/2012 00:16:42 AM) (Source: TlntSvr)(User: )
Description: An invalid argument was supplied.

Error: (04/12/2012 00:13:51 AM) (Source: Application Error)(User: )
Description: -1785813116

Error: (04/12/2012 00:13:48 AM) (Source: Application Error)(User: )
Description: pev.exe0.0.0.0pev.exe0.0.0.00008d1c0

Error: (04/11/2012 11:18:14 PM) (Source: TlntSvr)(User: )
Description: An invalid argument was supplied.

Error: (04/11/2012 08:34:58 PM) (Source: TlntSvr)(User: )
Description: An invalid argument was supplied.

Error: (04/11/2012 07:19:44 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The RPC protocol sequence is not supported.


=========================== Installed Programs ============================

32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 7.0 (Version: 7.0.0)
AnswerWorks Runtime
AOEMView 2009 (Version: 17.2.56.0)
ATI - Software Uninstall Utility (Version: 6.14.10.1010)
ATI Control Panel (Version: 6.14.10.5120)
ATI Display Driver (Version: 8.062-040929a-018664C)
AutoCAD 2000 Migration Assistance
AutoCAD 2002 (Version: 15.0.6.030)
AutoCAD 2012 - English (Version: 18.2.51.0)
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0)
AutoCAD Mechanical 2009 (Version: 13.0.59.0)
AutoCAD Mechanical 2009 (Version: 13.2.0.5)
AutoCAD Mechanical 2009 SP2 (Version: 1)
Autodesk Content Service (Version: 2.0.90)
Autodesk Design Review 2009 (Version: 9.0.96)
Autodesk Inventor 2009 (Version: 13.1.53800.0000)
Autodesk Inventor 2009 SP1 (Version: 1)
Autodesk Inventor 2009 Subscription Bonus Pack (Version: 1)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Material Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
CCleaner (Version: 3.10)
Conexant AC-97 Audio
Conexant Data Fax Modem with SmartCP
Critical Update for Windows Media Player 11 (KB959772)
DWG TrueView 2009 (Version: 17.2.56.0)
Endpoint Security Manager (Version: 4.07.13.0000)
eReg (Version: 1.20.138.34)
FARO LS 1.1.406.58 (Version: 4.6.58.2)
HP Display Assistant (Version: 1.30.012)
HP Help and Support (Version: 3.200.7.2)
HP LaserJet P1500 series
HPCarePackCore (Version: 10.0.0.1)
HPCarePackProducts (Version: 1.0.0.1)
HpSdpAppCoreApp (Version: 3.00.0000)
HPSSupply (Version: 2.1.1.0000)
IIS 7.5 Express (Version: 7.5.1070)
InterVideo WinDVD (Version: 5.0-B11.570)
Java 2 Runtime Environment, SE v1.4.2_05 (Version: 1.4.2_05)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
LiveUpdate 1.7 (Symantec Corporation)
Logitech SetPoint 6.30 (Version: 6.30.43)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 7.1 (Version: 7.10.344.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.57233)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MrvlUsgTracking (Version: 1.0.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
PV Elite 2010 (Version: 12.00.0000)
PV Elite 2011 (Version: 13.00.0000)
PVCC_Prereq (Version: 1.00.0000)
Quick Launch Buttons 5.00 C2 (Version: 5.00 C2)
RCSWin
Sonic DLA (Version: 4.95.1)
Sonic RecordNow! (Version: 7.22)
Sonic Update Manager (Version: 2.9)
SonicWALL Global VPN Client (Version: 4.0.0.835)
SonicWALL Global VPN Client 4.0.0.835 (Version: 4.0.0.835)
SUPERAntiSpyware (Version: 5.0.1146)
Synaptics Pointing Device Driver (Version: 7.11.14.0)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.35.0000)
TIxx21/x515 (Version: 1.35.0000)
UltraVNC 1.0.6.4 (Version: 1.0.6.4)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2264107) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VBA (2627.01) (Version: 6.03.00.9402)
Volo View Express
WebFldrs XP (Version: 9.50.7523)
Windows Agent (Version: 8.2.0.1147)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Small Business Server 2008 ClientAgent (Version: 6.0.5601.0)
Windows Small Business Server 2008 WMI Provider (Version: 6.0.5601.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 2558.48 MB
Available physical RAM: 1866.59 MB
Total Pagefile: 3937.61 MB
Available Pagefile: 3286.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.3 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:39.86 GB) NTFS
3 Drive e: (ERGO1GB) (Removable) (Total:0.94 GB) (Free:0.51 GB) FAT
4 Drive u: (Data) (Network) (Total:500 GB) (Free:215.04 GB) NTFS
5 Drive x: (Data) (Network) (Total:500 GB) (Free:215.04 GB) NTFS
6 Drive y: (Data) (Network) (Total:500 GB) (Free:215.04 GB) NTFS
7 Drive z: (Data) (Network) (Total:500 GB) (Free:215.04 GB) NTFS

========================= Users: ========================================

User accounts for \\EECMOBIL1

Administrator ASPNET Gary Fisher
Guest HelpAssistant IUSR_EECMOBIL1
IWAM_EECMOBIL1 SUPPORT_388945a0


**** End of log ****


ESET RESULTS

C:\Documents and Settings\administrator.ENERGY\Local Settings\Temporary Internet Files\Content.IE5\2B50EIZQ\software[1].php HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\administrator.ENERGY\Local Settings\Temporary Internet Files\Content.IE5\A9W66O6T\mx_usn_a[1].txt HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\mduval\Application Data\Sun\Java\Deployment\cache\6.0\10\3794260a-2b89b3fc a variant of Java/TrojanDownloader.Agent.NCO trojan deleted - quarantined
C:\Documents and Settings\mduval\Application Data\Sun\Java\Deployment\cache\6.0\49\72517431-54e03606 a variant of OSX/Exploit.Smid.D trojan deleted - quarantined
C:\TDSSKiller_Quarantine\11.04.2012_20.26.30\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.04.2012_20.26.30\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan cleaned by deleting - quarantined

Edited by Brinleigh217, 13 April 2012 - 12:30 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:28 AM

Posted 13 April 2012 - 04:15 PM

Let's runn one more here..

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

Edited by boopme, 13 April 2012 - 04:16 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Brinleigh217

Brinleigh217
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 15 April 2012 - 09:43 PM

Ok, it didn't publish a report, ran it twice. All it showed was this pop up.
Posted Image

Edited by Brinleigh217, 15 April 2012 - 10:15 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:28 AM

Posted 16 April 2012 - 02:32 PM

Ok, one more look ,if still re directing pages...


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Brinleigh217

Brinleigh217
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 22 April 2012 - 05:57 PM

Here is the log. Thanks again for your help, sorry it took awhile to post back. Also, I haven't had any redirecting recently :)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-22 17:27:01
-----------------------------
17:27:01.948 OS Version: Windows 5.1.2600 Service Pack 3
17:27:01.948 Number of processors: 2 586 0x403
17:27:01.948 ComputerName: EECMOBIL1 UserName: bcrider
17:27:02.338 Initialize success
17:27:26.368 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:27:26.383 Disk 0 Vendor: ST9808211A 3.02 Size: 76319MB BusType: 3
17:27:26.399 Disk 0 MBR read successfully
17:27:26.415 Disk 0 MBR scan
17:27:26.415 Disk 0 unknown MBR code
17:27:26.430 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
17:27:26.430 Disk 0 scanning sectors +156280320
17:27:26.477 Disk 0 scanning C:\WINDOWS\system32\drivers
17:27:34.414 Service scanning
17:27:50.397 Modules scanning
17:28:13.879 Disk 0 trace - called modules:
17:28:13.942 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
17:28:13.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8c0ab8]
17:28:13.973 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a8dd2e0]
17:28:13.989 Scan finished successfully
17:54:44.249 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
17:54:44.327 The log file has been saved successfully to "E:\aswMBR.txt"

Edited by Brinleigh217, 22 April 2012 - 06:00 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:28 AM

Posted 22 April 2012 - 08:16 PM

You're welcome. Looks good now. If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users