Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lingering effects of Windows Live Platinum virus


  • Please log in to reply
15 replies to this topic

#1 prairiedances

prairiedances

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 20 August 2012 - 03:33 PM

Hi! My work computer was infected with the Windows Live Platinum virus a few weeks ago. I ran Malwarebytes and it seemed to get rid of it. However, a week or so later, my Google searches kept getting redirected to other sites. I deleted a Google add-on in Firefox that seemed to be doing the redirects and it stopped. However, today my Microsoft security essentials detected several threats. It deleted most of them but one was allowed to go through- java/CVE-2012-1723.OD I ran full scans of both Microsoft security essentials and Malwarebytes but both programs failed to detect anything. I just want to make sure my computer is clean. FYI, as mentioned it's a work computer and I'm not logged in as administrator so I don't believe I have access to safe mode.

Oh, and it's Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702

Thanks!

Edited by prairiedances, 20 August 2012 - 03:36 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:57 AM

Posted 20 August 2012 - 03:45 PM

Hello and welcome,let's try this way.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.



>>>>
Next...
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


Next run Superantisypware (SAS):

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.




Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 20 August 2012 - 03:57 PM

Hi! Thanks for your help. This is the report from TDSSKiller

16:54:38.0515 0356 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
16:54:38.0734 0356 ============================================================
16:54:38.0734 0356 Current date / time: 2012/08/20 16:54:38.0734
16:54:38.0734 0356 SystemInfo:
16:54:38.0734 0356
16:54:38.0734 0356 OS Version: 5.1.2600 ServicePack: 3.0
16:54:38.0734 0356 Product type: Workstation
16:54:38.0734 0356 ComputerName: HP88342945029
16:54:38.0734 0356 UserName: Grant Writer
16:54:38.0734 0356 Windows directory: C:\WINDOWS
16:54:38.0734 0356 System windows directory: C:\WINDOWS
16:54:38.0734 0356 Processor architecture: Intel x86
16:54:38.0734 0356 Number of processors: 2
16:54:38.0734 0356 Page size: 0x1000
16:54:38.0734 0356 Boot type: Safe boot with network
16:54:38.0734 0356 ============================================================
16:54:40.0515 0356 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:54:40.0531 0356 ============================================================
16:54:40.0531 0356 \Device\Harddisk0\DR0:
16:54:40.0531 0356 MBR partitions:
16:54:40.0531 0356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1120EDA1
16:54:40.0531 0356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11212CA1, BlocksNum 0x1801F5F
16:54:40.0531 0356 ============================================================
16:54:40.0593 0356 C: <-> \Device\Harddisk0\DR0\Partition1
16:54:40.0609 0356 D: <-> \Device\Harddisk0\DR0\Partition2
16:54:40.0625 0356 ============================================================
16:54:40.0625 0356 Initialize success
16:54:40.0625 0356 ============================================================
16:54:55.0250 1124 ============================================================
16:54:55.0250 1124 Scan started
16:54:55.0250 1124 Mode: Manual; TDLFS;
16:54:55.0250 1124 ============================================================
16:54:55.0578 1124 ================ Scan system memory ========================
16:54:55.0578 1124 System memory - ok
16:54:55.0578 1124 ================ Scan services =============================
16:54:55.0640 1124 0176251236890864mcinstcleanup - ok
16:54:55.0765 1124 Abiosdsk - ok
16:54:55.0781 1124 abp480n5 - ok
16:54:55.0812 1124 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
16:54:55.0812 1124 ac97intc - ok
16:54:55.0859 1124 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:54:55.0859 1124 ACPI - ok
16:54:55.0875 1124 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:54:55.0875 1124 ACPIEC - ok
16:54:55.0984 1124 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:54:55.0984 1124 AdobeFlashPlayerUpdateSvc - ok
16:54:56.0000 1124 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:54:56.0000 1124 adpu160m - ok
16:54:56.0031 1124 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
16:54:56.0046 1124 adpu320 - ok
16:54:56.0062 1124 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:54:56.0062 1124 aec - ok
16:54:56.0109 1124 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:54:56.0109 1124 AFD - ok
16:54:56.0125 1124 Aha154x - ok
16:54:56.0156 1124 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:54:56.0156 1124 aic78u2 - ok
16:54:56.0171 1124 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:54:56.0171 1124 aic78xx - ok
16:54:56.0203 1124 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:54:56.0203 1124 Alerter - ok
16:54:56.0218 1124 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:54:56.0218 1124 ALG - ok
16:54:56.0234 1124 AliIde - ok
16:54:56.0234 1124 amsint - ok
16:54:56.0281 1124 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:54:56.0281 1124 AppMgmt - ok
16:54:56.0312 1124 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:54:56.0312 1124 Arp1394 - ok
16:54:56.0328 1124 asc - ok
16:54:56.0328 1124 asc3350p - ok
16:54:56.0343 1124 asc3550 - ok
16:54:56.0468 1124 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:54:56.0484 1124 aspnet_state - ok
16:54:56.0500 1124 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:54:56.0500 1124 AsyncMac - ok
16:54:56.0531 1124 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:54:56.0531 1124 atapi - ok
16:54:56.0531 1124 Atdisk - ok
16:54:56.0562 1124 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:54:56.0562 1124 Atmarpc - ok
16:54:56.0609 1124 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:54:56.0609 1124 AudioSrv - ok
16:54:56.0656 1124 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:54:56.0656 1124 audstub - ok
16:54:56.0781 1124 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
16:54:56.0781 1124 BcmSqlStartupSvc - ok
16:54:56.0796 1124 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:54:56.0796 1124 Beep - ok
16:54:56.0828 1124 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
16:54:56.0843 1124 Browser - ok
16:54:56.0859 1124 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:54:56.0875 1124 cbidf2k - ok
16:54:56.0875 1124 cd20xrnt - ok
16:54:56.0875 1124 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:54:56.0875 1124 Cdaudio - ok
16:54:56.0921 1124 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:54:56.0921 1124 Cdfs - ok
16:54:56.0937 1124 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:54:56.0937 1124 Cdrom - ok
16:54:56.0937 1124 Changer - ok
16:54:56.0968 1124 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:54:56.0968 1124 CiSvc - ok
16:54:56.0984 1124 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:54:56.0984 1124 ClipSrv - ok
16:54:57.0031 1124 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:54:57.0109 1124 clr_optimization_v2.0.50727_32 - ok
16:54:57.0125 1124 CmdIde - ok
16:54:57.0125 1124 COMSysApp - ok
16:54:57.0140 1124 Cpqarray - ok
16:54:57.0187 1124 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:54:57.0187 1124 CryptSvc - ok
16:54:57.0187 1124 dac2w2k - ok
16:54:57.0203 1124 dac960nt - ok
16:54:57.0265 1124 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:54:57.0265 1124 DcomLaunch - ok
16:54:57.0312 1124 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:54:57.0312 1124 Dhcp - ok
16:54:57.0359 1124 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:54:57.0359 1124 Disk - ok
16:54:57.0359 1124 dmadmin - ok
16:54:57.0406 1124 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:54:57.0437 1124 dmboot - ok
16:54:57.0437 1124 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:54:57.0437 1124 dmio - ok
16:54:57.0453 1124 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:54:57.0453 1124 dmload - ok
16:54:57.0484 1124 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:54:57.0484 1124 dmserver - ok
16:54:57.0500 1124 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:54:57.0500 1124 DMusic - ok
16:54:57.0515 1124 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:54:57.0515 1124 Dnscache - ok
16:54:57.0562 1124 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:54:57.0578 1124 Dot3svc - ok
16:54:57.0593 1124 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:54:57.0593 1124 dpti2o - ok
16:54:57.0625 1124 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:54:57.0625 1124 drmkaud - ok
16:54:57.0640 1124 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:54:57.0656 1124 E100B - ok
16:54:57.0703 1124 [ 6A738BEE58FF3D2F237157082E799DE8 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
16:54:57.0703 1124 e1yexpress - ok
16:54:57.0734 1124 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:54:57.0734 1124 EapHost - ok
16:54:57.0781 1124 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:54:57.0781 1124 ERSvc - ok
16:54:57.0828 1124 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:54:57.0828 1124 Eventlog - ok
16:54:57.0875 1124 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:54:57.0875 1124 EventSystem - ok
16:54:57.0890 1124 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:54:57.0890 1124 Fastfat - ok
16:54:57.0937 1124 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:54:57.0937 1124 FastUserSwitchingCompatibility - ok
16:54:57.0968 1124 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:54:57.0984 1124 Fdc - ok
16:54:58.0000 1124 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:54:58.0000 1124 Fips - ok
16:54:58.0031 1124 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:54:58.0031 1124 Flpydisk - ok
16:54:58.0046 1124 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:54:58.0046 1124 FltMgr - ok
16:54:58.0125 1124 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:54:58.0140 1124 FontCache3.0.0.0 - ok
16:54:58.0156 1124 [ 037B3AB349BE884BB8CB9C5356E34717 ] FSLX C:\WINDOWS\system32\drivers\fslx.sys
16:54:58.0156 1124 FSLX - ok
16:54:58.0203 1124 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:54:58.0203 1124 Fs_Rec - ok
16:54:58.0203 1124 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:54:58.0203 1124 Ftdisk - ok
16:54:58.0250 1124 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:54:58.0250 1124 Gpc - ok
16:54:58.0359 1124 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:54:58.0375 1124 gupdate - ok
16:54:58.0375 1124 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:54:58.0375 1124 gupdatem - ok
16:54:58.0437 1124 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:54:58.0437 1124 gusvc - ok
16:54:58.0484 1124 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:54:58.0484 1124 HDAudBus - ok
16:54:58.0578 1124 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:54:58.0578 1124 helpsvc - ok
16:54:58.0609 1124 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:54:58.0609 1124 HidServ - ok
16:54:58.0640 1124 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:54:58.0640 1124 HidUsb - ok
16:54:58.0671 1124 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:54:58.0671 1124 hkmsvc - ok
16:54:58.0671 1124 hljqshpu - ok
16:54:58.0718 1124 [ E4E0B356A8756066CF89080D9DA69F22 ] HPFXBULK C:\WINDOWS\system32\drivers\hpfxbulk.sys
16:54:58.0718 1124 HPFXBULK - ok
16:54:58.0718 1124 hpn - ok
16:54:58.0750 1124 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:54:58.0750 1124 HPZid412 - ok
16:54:58.0796 1124 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:54:58.0796 1124 HPZipr12 - ok
16:54:58.0843 1124 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:54:58.0843 1124 HPZius12 - ok
16:54:58.0953 1124 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:54:58.0984 1124 HTTP - ok
16:54:59.0031 1124 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:54:59.0046 1124 HTTPFilter - ok
16:54:59.0046 1124 i2omgmt - ok
16:54:59.0062 1124 i2omp - ok
16:54:59.0093 1124 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:54:59.0093 1124 i8042prt - ok
16:54:59.0156 1124 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
16:54:59.0171 1124 i81x - ok
16:54:59.0234 1124 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
16:54:59.0234 1124 iAimFP0 - ok
16:54:59.0250 1124 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
16:54:59.0265 1124 iAimFP1 - ok
16:54:59.0281 1124 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
16:54:59.0281 1124 iAimFP2 - ok
16:54:59.0281 1124 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
16:54:59.0281 1124 iAimFP3 - ok
16:54:59.0312 1124 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
16:54:59.0328 1124 iAimFP4 - ok
16:54:59.0343 1124 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
16:54:59.0359 1124 iAimFP5 - ok
16:54:59.0390 1124 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
16:54:59.0421 1124 iAimFP6 - ok
16:54:59.0437 1124 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
16:54:59.0453 1124 iAimFP7 - ok
16:54:59.0484 1124 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
16:54:59.0515 1124 iAimTV0 - ok
16:54:59.0531 1124 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
16:54:59.0546 1124 iAimTV1 - ok
16:54:59.0578 1124 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
16:54:59.0609 1124 iAimTV3 - ok
16:54:59.0656 1124 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
16:54:59.0656 1124 iAimTV4 - ok
16:54:59.0656 1124 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
16:54:59.0656 1124 iAimTV5 - ok
16:54:59.0671 1124 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
16:54:59.0671 1124 iAimTV6 - ok
16:55:00.0015 1124 [ 00CD8ECE5983C6175A78230653FFDBF1 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:55:00.0468 1124 ialm - ok
16:55:00.0531 1124 [ 42BE6406094936A23280D68D9AEC33D0 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:55:00.0531 1124 iaStor - ok
16:55:00.0593 1124 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:55:00.0625 1124 idsvc - ok
16:55:00.0625 1124 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:55:00.0625 1124 Imapi - ok
16:55:00.0671 1124 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:55:00.0671 1124 ImapiService - ok
16:55:00.0687 1124 ini910u - ok
16:55:00.0828 1124 [ 3FD00A073361937B705822775255D4E0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:55:00.0937 1124 IntcAzAudAddService - ok
16:55:00.0968 1124 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:55:00.0984 1124 IntelIde - ok
16:55:01.0015 1124 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:55:01.0015 1124 intelppm - ok
16:55:01.0046 1124 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:55:01.0046 1124 Ip6Fw - ok
16:55:01.0062 1124 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:55:01.0062 1124 IpFilterDriver - ok
16:55:01.0078 1124 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:55:01.0078 1124 IpInIp - ok
16:55:01.0093 1124 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:55:01.0109 1124 IpNat - ok
16:55:01.0125 1124 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:55:01.0125 1124 IPSec - ok
16:55:01.0187 1124 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:55:01.0187 1124 IRENUM - ok
16:55:01.0218 1124 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:55:01.0218 1124 isapnp - ok
16:55:01.0265 1124 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
16:55:01.0265 1124 IviRegMgr - ok
16:55:01.0343 1124 [ 28E8A9984BA1297EFE44B6138D2CA51E ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:55:01.0359 1124 JavaQuickStarterService - ok
16:55:01.0390 1124 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:55:01.0390 1124 Kbdclass - ok
16:55:01.0390 1124 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:55:01.0390 1124 kbdhid - ok
16:55:01.0437 1124 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:55:01.0437 1124 kmixer - ok
16:55:01.0453 1124 kqvpscbt - ok
16:55:01.0500 1124 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:55:01.0500 1124 KSecDD - ok
16:55:01.0531 1124 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:55:01.0531 1124 lanmanserver - ok
16:55:01.0578 1124 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:55:01.0578 1124 lanmanworkstation - ok
16:55:01.0593 1124 lbrtfdc - ok
16:55:01.0640 1124 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:55:01.0640 1124 LmHosts - ok
16:55:01.0671 1124 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
16:55:01.0671 1124 MBAMProtector - ok
16:55:01.0750 1124 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:55:01.0765 1124 MBAMService - ok
16:55:01.0796 1124 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:55:01.0796 1124 Messenger - ok
16:55:01.0828 1124 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:55:01.0828 1124 mnmdd - ok
16:55:01.0859 1124 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:55:01.0859 1124 mnmsrvc - ok
16:55:01.0906 1124 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:55:01.0906 1124 Modem - ok
16:55:01.0921 1124 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:55:01.0921 1124 Mouclass - ok
16:55:01.0968 1124 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:55:01.0968 1124 mouhid - ok
16:55:01.0984 1124 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:55:01.0984 1124 MountMgr - ok
16:55:02.0031 1124 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:55:02.0031 1124 MozillaMaintenance - ok
16:55:02.0062 1124 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:55:02.0062 1124 MpFilter - ok
16:55:02.0078 1124 mraid35x - ok
16:55:02.0078 1124 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:55:02.0078 1124 MRxDAV - ok
16:55:02.0109 1124 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:55:02.0140 1124 MRxSmb - ok
16:55:02.0156 1124 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:55:02.0156 1124 MSDTC - ok
16:55:02.0171 1124 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:55:02.0171 1124 Msfs - ok
16:55:02.0171 1124 MSIServer - ok
16:55:02.0203 1124 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:55:02.0203 1124 MSKSSRV - ok
16:55:02.0312 1124 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:55:02.0312 1124 MsMpSvc - ok
16:55:02.0343 1124 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:55:02.0343 1124 MSPCLOCK - ok
16:55:02.0359 1124 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:55:02.0359 1124 MSPQM - ok
16:55:02.0390 1124 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:55:02.0390 1124 mssmbios - ok
16:55:02.0468 1124 MSSQL$MSSMLBIZ - ok
16:55:02.0500 1124 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:55:02.0531 1124 MSSQLServerADHelper - ok
16:55:02.0562 1124 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:55:02.0562 1124 Mup - ok
16:55:02.0593 1124 [ 03CA886BA148B6B9996BE1368DDC3FC0 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
16:55:02.0593 1124 NAL - ok
16:55:02.0640 1124 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:55:02.0656 1124 napagent - ok
16:55:02.0687 1124 [ 8716356E49A665BDC7B114725B60A456 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:55:02.0703 1124 NDIS - ok
16:55:02.0734 1124 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:55:02.0734 1124 NdisTapi - ok
16:55:02.0781 1124 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:55:02.0781 1124 Ndisuio - ok
16:55:02.0781 1124 [ 5526CFEBB619F7F763BD6A2E1B618078 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:55:02.0781 1124 NdisWan - ok
16:55:02.0828 1124 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:55:02.0828 1124 NDProxy - ok
16:55:02.0859 1124 [ 9EAC175BA34898308620C1984C881845 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
16:55:02.0859 1124 Net Driver HPZ12 - ok
16:55:02.0875 1124 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:55:02.0875 1124 NetBIOS - ok
16:55:02.0890 1124 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:55:02.0890 1124 NetBT - ok
16:55:02.0937 1124 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:55:02.0937 1124 NetDDE - ok
16:55:02.0953 1124 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:55:02.0953 1124 NetDDEdsdm - ok
16:55:02.0984 1124 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:55:02.0984 1124 Netlogon - ok
16:55:03.0000 1124 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:55:03.0000 1124 Netman - ok
16:55:03.0046 1124 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:55:03.0046 1124 NetTcpPortSharing - ok
16:55:03.0078 1124 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:55:03.0078 1124 NIC1394 - ok
16:55:03.0093 1124 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:55:03.0093 1124 Nla - ok
16:55:03.0140 1124 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:55:03.0140 1124 Npfs - ok
16:55:03.0156 1124 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:55:03.0171 1124 Ntfs - ok
16:55:03.0171 1124 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:55:03.0171 1124 NtLmSsp - ok
16:55:03.0218 1124 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:55:03.0218 1124 NtmsSvc - ok
16:55:03.0250 1124 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:55:03.0250 1124 Null - ok
16:55:03.0281 1124 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:55:03.0281 1124 NwlnkFlt - ok
16:55:03.0296 1124 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:55:03.0296 1124 NwlnkFwd - ok
16:55:03.0312 1124 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:55:03.0312 1124 ohci1394 - ok
16:55:03.0390 1124 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:55:03.0390 1124 ose - ok
16:55:03.0453 1124 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
16:55:03.0453 1124 P3 - ok
16:55:03.0468 1124 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:55:03.0484 1124 Parport - ok
16:55:03.0484 1124 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:55:03.0484 1124 PartMgr - ok
16:55:03.0515 1124 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:55:03.0531 1124 ParVdm - ok
16:55:03.0609 1124 [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA C:\WINDOWS\SMINST\PCAngel.exe
16:55:03.0609 1124 PCA - ok
16:55:03.0625 1124 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:55:03.0625 1124 PCI - ok
16:55:03.0640 1124 PCIDump - ok
16:55:03.0656 1124 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:55:03.0656 1124 PCIIde - ok
16:55:03.0671 1124 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:55:03.0671 1124 Pcmcia - ok
16:55:03.0687 1124 PDCOMP - ok
16:55:03.0687 1124 PDFRAME - ok
16:55:03.0703 1124 PDRELI - ok
16:55:03.0703 1124 PDRFRAME - ok
16:55:03.0718 1124 perc2 - ok
16:55:03.0734 1124 perc2hib - ok
16:55:03.0765 1124 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:55:03.0765 1124 PlugPlay - ok
16:55:03.0812 1124 [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
16:55:03.0812 1124 Pml Driver HPZ12 - ok
16:55:03.0828 1124 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:55:03.0828 1124 PolicyAgent - ok
16:55:03.0875 1124 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:55:03.0875 1124 PptpMiniport - ok
16:55:03.0890 1124 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:55:03.0890 1124 ProtectedStorage - ok
16:55:03.0890 1124 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:55:03.0890 1124 PSched - ok
16:55:03.0906 1124 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:55:03.0921 1124 Ptilink - ok
16:55:03.0921 1124 ql1080 - ok
16:55:03.0921 1124 Ql10wnt - ok
16:55:03.0937 1124 ql12160 - ok
16:55:03.0953 1124 ql1240 - ok
16:55:03.0953 1124 ql1280 - ok
16:55:03.0968 1124 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:55:03.0968 1124 RasAcd - ok
16:55:04.0000 1124 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:55:04.0000 1124 RasAuto - ok
16:55:04.0031 1124 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:55:04.0031 1124 Rasl2tp - ok
16:55:04.0062 1124 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:55:04.0078 1124 RasMan - ok
16:55:04.0078 1124 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:55:04.0078 1124 RasPppoe - ok
16:55:04.0109 1124 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:55:04.0109 1124 Raspti - ok
16:55:04.0140 1124 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:55:04.0156 1124 Rdbss - ok
16:55:04.0156 1124 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:55:04.0156 1124 RDPCDD - ok
16:55:04.0187 1124 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:55:04.0187 1124 rdpdr - ok
16:55:04.0203 1124 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:55:04.0203 1124 RDPWD - ok
16:55:04.0250 1124 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:55:04.0250 1124 RDSessMgr - ok
16:55:04.0265 1124 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:55:04.0265 1124 redbook - ok
16:55:04.0312 1124 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:55:04.0312 1124 RemoteAccess - ok
16:55:04.0343 1124 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:55:04.0343 1124 RemoteRegistry - ok
16:55:04.0359 1124 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:55:04.0359 1124 RpcLocator - ok
16:55:04.0375 1124 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:55:04.0390 1124 RpcSs - ok
16:55:04.0406 1124 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:55:04.0406 1124 RSVP - ok
16:55:04.0437 1124 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:55:04.0437 1124 SamSs - ok
16:55:04.0437 1124 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:55:04.0437 1124 SCardSvr - ok
16:55:04.0500 1124 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:55:04.0500 1124 Schedule - ok
16:55:04.0546 1124 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:55:04.0546 1124 Secdrv - ok
16:55:04.0562 1124 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:55:04.0562 1124 seclogon - ok
16:55:04.0578 1124 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:55:04.0578 1124 SENS - ok
16:55:04.0609 1124 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:55:04.0609 1124 serenum - ok
16:55:04.0640 1124 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:55:04.0640 1124 Serial - ok
16:55:04.0656 1124 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:55:04.0656 1124 Sfloppy - ok
16:55:04.0671 1124 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:55:04.0671 1124 ShellHWDetection - ok
16:55:04.0687 1124 Simbad - ok
16:55:04.0703 1124 Sparrow - ok
16:55:04.0718 1124 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:55:04.0718 1124 splitter - ok
16:55:04.0750 1124 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:55:04.0750 1124 Spooler - ok
16:55:04.0796 1124 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:55:04.0796 1124 SQLBrowser - ok
16:55:04.0828 1124 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:55:04.0843 1124 SQLWriter - ok
16:55:04.0875 1124 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:55:04.0875 1124 sr - ok
16:55:04.0921 1124 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:55:04.0921 1124 srservice - ok
16:55:04.0953 1124 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:55:04.0953 1124 Srv - ok
16:55:04.0984 1124 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:55:04.0984 1124 SSDPSRV - ok
16:55:05.0000 1124 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:55:05.0000 1124 stisvc - ok
16:55:05.0015 1124 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:55:05.0015 1124 swenum - ok
16:55:05.0031 1124 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:55:05.0031 1124 swmidi - ok
16:55:05.0046 1124 SwPrv - ok
16:55:05.0078 1124 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:55:05.0078 1124 symc810 - ok
16:55:05.0109 1124 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:55:05.0109 1124 symc8xx - ok
16:55:05.0140 1124 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
16:55:05.0140 1124 Symmpi - ok
16:55:05.0171 1124 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:55:05.0171 1124 sym_hi - ok
16:55:05.0203 1124 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:55:05.0203 1124 sym_u3 - ok
16:55:05.0218 1124 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:55:05.0234 1124 sysaudio - ok
16:55:05.0265 1124 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:55:05.0265 1124 SysmonLog - ok
16:55:05.0312 1124 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:55:05.0312 1124 TapiSrv - ok
16:55:05.0375 1124 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:55:05.0375 1124 Tcpip - ok
16:55:05.0406 1124 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:55:05.0406 1124 TDPIPE - ok
16:55:05.0421 1124 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:55:05.0421 1124 TDTCP - ok
16:55:05.0437 1124 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:55:05.0437 1124 TermDD - ok
16:55:05.0468 1124 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:55:05.0468 1124 TermService - ok
16:55:05.0484 1124 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:55:05.0484 1124 Themes - ok
16:55:05.0515 1124 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:55:05.0515 1124 TlntSvr - ok
16:55:05.0531 1124 TosIde - ok
16:55:05.0562 1124 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:55:05.0562 1124 TrkWks - ok
16:55:05.0593 1124 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:55:05.0593 1124 Udfs - ok
16:55:05.0593 1124 ultra - ok
16:55:05.0625 1124 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:55:05.0625 1124 upnphost - ok
16:55:05.0656 1124 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:55:05.0656 1124 UPS - ok
16:55:05.0703 1124 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:55:05.0703 1124 usbccgp - ok
16:55:05.0734 1124 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:55:05.0734 1124 usbehci - ok
16:55:05.0750 1124 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:55:05.0750 1124 usbhub - ok
16:55:05.0765 1124 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:55:05.0765 1124 usbprint - ok
16:55:05.0796 1124 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:55:05.0812 1124 usbscan - ok
16:55:05.0843 1124 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:55:05.0843 1124 USBSTOR - ok
16:55:05.0859 1124 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:55:05.0859 1124 usbuhci - ok
16:55:05.0875 1124 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:55:05.0875 1124 VgaSave - ok
16:55:05.0906 1124 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:55:05.0906 1124 ViaIde - ok
16:55:05.0921 1124 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:55:05.0921 1124 VolSnap - ok
16:55:05.0968 1124 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:55:05.0968 1124 VSS - ok
16:55:05.0984 1124 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:55:06.0000 1124 W32Time - ok
16:55:06.0015 1124 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:55:06.0015 1124 Wanarp - ok
16:55:06.0015 1124 WDICA - ok
16:55:06.0062 1124 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:55:06.0062 1124 wdmaud - ok
16:55:06.0078 1124 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:55:06.0078 1124 WebClient - ok
16:55:06.0171 1124 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:55:06.0171 1124 winmgmt - ok
16:55:06.0218 1124 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
16:55:06.0218 1124 WmdmPmSN - ok
16:55:06.0250 1124 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:55:06.0265 1124 Wmi - ok
16:55:06.0312 1124 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:55:06.0312 1124 WmiApSrv - ok
16:55:06.0375 1124 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:55:06.0375 1124 WZCSVC - ok
16:55:06.0406 1124 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:55:06.0421 1124 xmlprov - ok
16:55:06.0421 1124 ================ Scan global ===============================
16:55:06.0453 1124 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:55:06.0484 1124 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:55:06.0500 1124 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:55:06.0500 1124 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:55:06.0500 1124 [Global] - ok
16:55:06.0500 1124 ================ Scan MBR ==================================
16:55:06.0531 1124 [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
16:55:06.0765 1124 \Device\Harddisk0\DR0 - ok
16:55:06.0765 1124 ================ Scan VBR ==================================
16:55:06.0765 1124 [ 850F5865E76DCEF21B4D9E8706332476 ] \Device\Harddisk0\DR0\Partition1
16:55:06.0765 1124 \Device\Harddisk0\DR0\Partition1 - ok
16:55:06.0781 1124 [ 7A5FBBFA03A9CA49185E4069A1AE05C3 ] \Device\Harddisk0\DR0\Partition2
16:55:06.0781 1124 \Device\Harddisk0\DR0\Partition2 - ok
16:55:06.0781 1124 ============================================================
16:55:06.0781 1124 Scan finished
16:55:06.0781 1124 ============================================================
16:55:06.0796 0476 Detected object count: 0
16:55:06.0796 0476 Actual detected object count: 0

#4 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 20 August 2012 - 04:53 PM

This is from SUPERAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2012 at 05:45 PM

Application Version : 5.5.1012

Core Rules Database Version : 9088
Trace Rules Database Version: 6900

Scan type : Complete Scan
Total Scan Time : 00:42:11

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 308
Memory threats detected : 0
Registry items scanned : 35261
Registry threats detected : 0
File items scanned : 46309
File threats detected : 170

Adware.Tracking Cookie
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@accounts.google[1].txt [ /accounts.google ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@ad.wsod[2].txt [ /ad.wsod ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@apmebf[2].txt [ /apmebf ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@bs.serving-sys[1].txt [ /bs.serving-sys ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@doubleclick[2].txt [ /doubleclick ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@fastclick[1].txt [ /fastclick ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@imrworldwide[2].txt [ /imrworldwide ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@insightexpressai[2].txt [ /insightexpressai ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@mediaplex[2].txt [ /mediaplex ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@serving-sys[1].txt [ /serving-sys ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@statcounter[2].txt [ /statcounter ]
C:\Documents and Settings\Grant Writer\Cookies\grant_writer@tribalfusion[1].txt [ /tribalfusion ]
C:\Documents and Settings\Grant Writer\Cookies\IVFNCLD7.txt [ /c.atdmt.com ]
C:\Documents and Settings\Grant Writer\Cookies\YMIDU9F4.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Grant Writer\Cookies\CQ5BTD14.txt [ /ero-advertising.com ]
C:\Documents and Settings\Grant Writer\Cookies\0X457NEG.txt [ /www.windowsmedia.com ]
C:\Documents and Settings\Grant Writer\Cookies\Y9RUZ8KB.txt [ /questionmarket.com ]
C:\Documents and Settings\Grant Writer\Cookies\1O501S8N.txt [ /at.atwola.com ]
C:\Documents and Settings\Grant Writer\Cookies\HGTJRXXL.txt [ /atdmt.com ]
C:\Documents and Settings\Grant Writer\Cookies\36LT370F.txt [ /microsoftsto.112.2o7.net ]
C:\Documents and Settings\Grant Writer\Cookies\36BHQJ2F.txt [ /c1.atdmt.com ]
C:\DOCUMENTS AND SETTINGS\ADMIN\Cookies\8RAUMGSD.txt [ Cookie:admin@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@atdmt[2].txt [ Cookie:administrator@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\GUESTPC\Cookies\guestpc@msnportal.112.2o7[1].txt [ Cookie:guestpc@msnportal.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GUESTPC\Cookies\guestpc@doubleclick[1].txt [ Cookie:guestpc@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\GUESTPC\Cookies\guestpc@bs.serving-sys[2].txt [ Cookie:guestpc@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Q4ZO1DX4.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W1Z3K30I.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2GU01BI8.txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1W8VM4AK.txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YVZDYQVL.txt [ Cookie:system@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LZE339UL.txt [ Cookie:system@clicks.coolsearchnow.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5THC1Z5O.txt [ Cookie:system@ads.gamersmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LK3QK13O.txt [ Cookie:system@banners.gossipcenter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DL9S2QTE.txt [ Cookie:system@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DZGPCLTA.txt [ Cookie:system@stat.onestat.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OMQ9VMI9.txt [ Cookie:system@s2.trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AJPKHUEF.txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VEEY1WMQ.txt [ Cookie:system@myroitracking.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2EGXOUFH.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4GB5V6WI.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AI0BGWM8.txt [ Cookie:system@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PIJW9INW.txt [ Cookie:system@s5.mediaadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\R7BU01GQ.txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\EKCC14V0.txt [ Cookie:system@goclicker.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AP0WCUMP.txt [ Cookie:system@marchex.bafind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6QRMA4LE.txt [ Cookie:system@seek-knock.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GE4TPSO6.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PYLPB45Z.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4LYDZDZO.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\F5T2P9QV.txt [ Cookie:system@eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KFXB894C.txt [ Cookie:system@filter.cynosmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\N6HTNV9Z.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C06H6QAE.txt [ Cookie:system@adnetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2OZ7YQY2.txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\394CEQ8L.txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CI6OH098.txt [ Cookie:system@search.eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UDL9VTG9.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JP2GAE45.txt [ Cookie:system@ads.bridgetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RKW77DY8.txt [ Cookie:system@r.looksmart.com/og/pr=Psr;ro=1;rc=1;digest=8fc21c29c7c72b7863bd0f628b1f6e93;kid=dfb7fd4cfd32f3aa0b6271338e085fe5;t=1343320531;v=8;data=opomyjNB7scUKn2MOrG-XnzSVEhYQK8mY7LNS1xsjp1zl7NWK0a3l9l85sMyfWEtoMv3BL_bRusdEZlH-_54fL5H6havBowDmB3fKuZntGRgBv6MzsSGXbuyw2LhcGFwpyDSQg8-ZgvtWCGQ7bNnuLFfoZSUbMBDOD4xC0pP1_4Btzc7BjV5Gg;uh=81x5619408656655811859;la=1075017;lm=2962367;ad=756299439;ag=766156448;kw=1595603210;qt=washington%20federal%20bank;vr=6;lt=BM;ip=65.215.89.202;pt=;st=23.13.5.0.0.0.0;os=339.54.1.0.1.51.3.10;sy=keyword;my=ROC;geo=894417;vid=0;subid=26539_34632;opi=hub_prem;lg=0;sqid=EAC3E29C-D73F-11E1-AB36-A007D605B5E6;siid=EAC6C1D8-D73F-11E1-919E-A007D605B5E6;ii=416c.5db2.501171d3.46a9;pn=;to=;tc=1;po=1;pc=1;pi=hub_prem;ts=;rm=;pfid=260585;rh=26539.34632.filter.hubnetmedia.com%7Chttp:// ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\91FV5DQM.txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\52X85T8L.txt [ Cookie:system@histats.com/stats/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IY1FJO9Y.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\E7ZA361D.txt [ Cookie:system@adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\13TNSN2Q.txt [ Cookie:system@clicks.bestgrabit.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\D2O7S6U7.txt [ Cookie:system@micklemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NSD2BNDU.txt [ Cookie:system@makeanywomanwanttobleep.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LM1K8X7O.txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\537HPQIE.txt [ Cookie:system@pubmatic.com/AdServer/AdClickTrackerServlet/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4Z34USGH.txt [ Cookie:system@ox-d.fondnessmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\I7VRQWVL.txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TP5W7ROA.txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HOMPLWHG.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PTI47X04.txt [ Cookie:system@statse.webtrendslive.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XDO4KPNI.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RE3W1MQH.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\93GYBYIM.txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XYR22Z02.txt [ Cookie:system@test.sem-tracking-analytics.com/test/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PTJEFOSR.txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\EJKZ07ET.txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MUA54XMI.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ICOCTT8K.txt [ Cookie:system@xml.trafficengine.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\N22D5DPH.txt [ Cookie:system@findbetternow.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5BULHL0P.txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\153604ZE.txt [ Cookie:system@clicksor.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AR561DV0.txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QK64AZD6.txt [ Cookie:system@advertising.ezanga.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\EK22GO49.txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZJVUCC6R.txt [ Cookie:system@clickbooth.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5W7PJ68L.txt [ Cookie:system@citygridmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CUEY4O8Z.txt [ Cookie:system@adprudence.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XTABBZXF.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OFZUCLAQ.txt [ Cookie:system@delivery.bluefinmediaads.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HAIQTTTT.txt [ Cookie:system@smartfindonline.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\U9PEL2GJ.txt [ Cookie:system@kanoodle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2V5J4HCC.txt [ Cookie:system@mediatraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\I03FNWZX.txt [ Cookie:system@nextag.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L673JMUW.txt [ Cookie:system@superquestionquiz.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7UYTYNED.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W862BO1X.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KXZS8K71.txt [ Cookie:system@ads.saymedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7YGV5YCY.txt [ Cookie:system@e-2dj6wfkywlcjido.stats.esomniture.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VHEKPLWP.txt [ Cookie:system@openx.overadmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\U4BO6FI9.txt [ Cookie:system@xm.xtendmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W12OLZL3.txt [ Cookie:system@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9ORVH02P.txt [ Cookie:system@mtvn.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5KKTQ21A.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MR2STIDS.txt [ Cookie:system@tag.2bluemedia.hiro.tv/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JKFSV0YU.txt [ Cookie:system@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Y92CLXIG.txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BHP41VQF.txt [ Cookie:system@youngbucks.rotator.hadj7.adjuggler.net/ ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdn.uc.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
ds.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
ictv-tf-ec.indieclicktv.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
media.nbcsandiego.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
static.discoverymedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VJ47DEJ3 ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\GRANT WRITER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B8JPTR3R.DEFAULT\COOKIES.SQLITE ]
C:\DOCUMENTS AND SETTINGS\GUESTPC\COOKIES\GUESTPC@INTERCLICK[1].TXT [ /INTERCLICK ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TGFAA88L ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TGFAA88L ]
tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TGFAA88L ]

#5 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 20 August 2012 - 05:18 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.20.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Grant Writer :: HP88342945029 [administrator]

Protection: Enabled

8/20/2012 5:55:28 PM
mbam-log-2012-08-20 (17-55-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 305536
Time elapsed: 22 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 20 August 2012 - 05:35 PM

PC is running better now. I'm guessing from the clean MBAM scan it's okay? Please let me know and and thank you for your help so far.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:57 AM

Posted 20 August 2012 - 06:37 PM

Hi that was helpful.
Lets do one quick and one longer scan.
The first to see if there are any exploitable items and the second ,longer to see if we missed any malware.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 21 August 2012 - 09:37 AM

Morning! Here's the MiniToolBox log

MiniToolBox by Farbar Version: 23-07-2012
Ran by Grant Writer (administrator) on 21-08-2012 at 10:35:05
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82567V-2 Gigabit Network Connection = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : HP88342945029

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : mvnhc.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : mvnhc.com

Description . . . . . . . . . . . : Intel® 82567V-2 Gigabit Network Connection

Physical Address. . . . . . . . . : 00-22-64-23-12-C7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.0.0.56

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.0.0.1

192.0.0.3

DHCP Server . . . . . . . . . . . : 192.0.0.11

DNS Servers . . . . . . . . . . . : 192.168.1.21

4.2.2.1

192.0.0.11

198.6.100.6

192.0.0.12

Primary WINS Server . . . . . . . : 192.0.0.11

Secondary WINS Server . . . . . . : 192.0.0.12

Lease Obtained. . . . . . . . . . : Tuesday, August 21, 2012 10:24:35 AM

Lease Expires . . . . . . . . . . : Tuesday, August 28, 2012 10:24:35 AM

Server: mtv-nhc-dc-01.mvnhc.local
Address: 192.168.1.21

Name: google.com
Addresses: 74.125.236.100, 74.125.236.101, 74.125.236.102, 74.125.236.103
74.125.236.104, 74.125.236.105, 74.125.236.110, 74.125.236.96, 74.125.236.97
74.125.236.98, 74.125.236.99



Pinging google.com [74.125.236.99] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 74.125.236.99:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: mtv-nhc-dc-01.mvnhc.local
Address: 192.168.1.21

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: mtv-nhc-dc-01.mvnhc.local
Address: 192.168.1.21

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 22 64 23 12 c7 ...... Intel® 82567V-2 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.0.0.1 192.0.0.56 20
0.0.0.0 0.0.0.0 192.0.0.3 192.0.0.56 20
4.2.2.1 255.255.255.255 192.0.0.2 192.0.0.56 1
23.21.187.245 255.255.255.255 192.0.0.2 192.0.0.56 1
54.240.160.35 255.255.255.255 192.0.0.2 192.0.0.56 1
63.245.217.160 255.255.255.255 192.0.0.2 192.0.0.56 1
63.245.217.161 255.255.255.255 192.0.0.2 192.0.0.56 1
64.4.11.25 255.255.255.255 192.0.0.2 192.0.0.56 1
64.4.11.42 255.255.255.255 192.0.0.2 192.0.0.56 1
69.25.24.24 255.255.255.255 192.0.0.2 192.0.0.56 1
69.171.228.70 255.255.255.255 192.0.0.2 192.0.0.56 1
72.247.242.34 255.255.255.255 192.0.0.2 192.0.0.56 1
72.247.242.56 255.255.255.255 192.0.0.2 192.0.0.56 1
72.247.242.58 255.255.255.255 192.0.0.2 192.0.0.56 1
74.125.235.50 255.255.255.255 192.0.0.2 192.0.0.56 1
74.125.236.97 255.255.255.255 192.0.0.2 192.0.0.56 1
74.125.236.111 255.255.255.255 192.0.0.2 192.0.0.56 1
74.125.236.132 255.255.255.255 192.0.0.2 192.0.0.56 1
74.125.236.136 255.255.255.255 192.0.0.2 192.0.0.56 1
81.52.130.162 255.255.255.255 192.0.0.2 192.0.0.56 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
173.194.36.41 255.255.255.255 192.0.0.2 192.0.0.56 1
173.194.36.46 255.255.255.255 192.0.0.2 192.0.0.56 1
173.194.36.57 255.255.255.255 192.0.0.2 192.0.0.56 1
173.194.36.58 255.255.255.255 192.0.0.2 192.0.0.56 1
173.194.79.95 255.255.255.255 192.0.0.2 192.0.0.56 1
173.236.234.202 255.255.255.255 192.0.0.2 192.0.0.56 1
174.129.5.63 255.255.255.255 192.0.0.2 192.0.0.56 1
174.129.87.18 255.255.255.255 192.0.0.2 192.0.0.56 1
174.129.254.160 255.255.255.255 192.0.0.2 192.0.0.56 1
184.28.142.239 255.255.255.255 192.0.0.2 192.0.0.56 1
184.86.207.144 255.255.255.255 192.0.0.2 192.0.0.56 1
192.0.0.0 255.255.255.0 192.0.0.56 192.0.0.56 20
192.0.0.56 255.255.255.255 127.0.0.1 127.0.0.1 20
192.0.0.255 255.255.255.255 192.0.0.56 192.0.0.56 20
192.168.1.21 255.255.255.255 192.0.0.4 192.0.0.56 1
199.7.51.72 255.255.255.255 192.0.0.2 192.0.0.56 1
199.59.150.43 255.255.255.255 192.0.0.2 192.0.0.56 1
204.236.230.105 255.255.255.255 192.0.0.2 192.0.0.56 1
208.43.87.2 255.255.255.255 192.0.0.2 192.0.0.56 1
208.43.117.199 255.255.255.255 192.0.0.2 192.0.0.56 1
208.43.120.24 255.255.255.255 192.0.0.2 192.0.0.56 1
224.0.0.0 240.0.0.0 192.0.0.56 192.0.0.56 20
255.255.255.255 255.255.255.255 192.0.0.56 192.0.0.56 1
Default Gateway: 192.0.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/20/2012 05:55:02 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.87, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/20/2012 02:34:43 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (08/20/2012 02:34:38 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/20/2012 02:30:12 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (08/20/2012 02:30:10 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/20/2012 02:30:01 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (08/20/2012 02:29:54 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/20/2012 02:21:35 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.8601.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/20/2012 02:07:29 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.8601.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/20/2012 02:07:27 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.8601.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (08/21/2012 10:26:08 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/20/2012 05:49:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/20/2012 05:46:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/20/2012 04:52:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/20/2012 04:52:16 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
MpFilter

Error: (08/20/2012 04:51:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/20/2012 02:34:38 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2371.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/20/2012 02:30:10 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2371.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/20/2012 02:29:53 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2371.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/20/2012 02:28:52 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7500_7600_7700_Help (Version: 1.00.0000)
ABBYY FineReader for ScanSnap ™ 4.1 (Version: 8.02.380.7259)
Acrobat.com (Version: 1.7.186)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 1.5.1.8210)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader 9.2 (Version: 9.2.0)
Altiris Software Virtualization Agent (Version: 2.1.2096)
Amazon Browser Bar (Version: 3.0.2012.0507)
BPD_HPSU (Version: 1.00.0000)
BPD_Scan (Version: 2.00.0000)
BPDfax (Version: 70.0.184.000)
BPDSoftware (Version: 70.0.283.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 70.0.170.000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
CardMinder (Version: V4.1L10)
CardMinder V4.1 (Version: 4.1.10.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CorePLS_Full_QFolder (Version: 1.00.0000)
CorePLS_Min_QFolder (Version: 1.00.0000)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
eSupportQFolder (Version: 1.00.0000)
Google Chrome (Version: 21.0.1180.79)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
GoToMeeting 4.5.0.457
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Backup and Recovery Manager (Version: 2.5C)
HP Care Pack Core (Version: 1.0.0.0)
HP Care Pack Products (Version: 1.0.0.0)
HP Customer Participation Program 7.0 (Version: 7.0)
HP Help and Support (Version: 4.2.0010)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP LaserJet P2015 Series 1.0 (Version: 1.0)
HP LaserJet P2030 Series
HP Officejet Pro All-In-One Series (Version: 1.0)
HP Photosmart Essential (Version: 1.9.1.3)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 11.14.0001)
HP Solution Center 7.0 (Version: 7.0)
HP Update (Version: 5.003.001.001)
hppFonts (Version: 000.106.00040)
HPPhotoSmartExpress (Version: 70.0.170.000)
hppIOFiles (Version: 001.001.00024)
hppLJP2015 (Version: 000.104.00224)
hppManualsP2015 (Version: 000.104.00210)
hppMSRedist (Version: 1.01.0000)
HPProductAssistant (Version: 70.0.170.000)
hppTLBXFXP2015 (Version: 001.000.00012)
hppusgP2015 (Version: 001.000.00012)
hppusgP2030 (Version: 000.000.00005)
hppWebRegMM (Version: 000.001.00001)
HPSSupply (Version: 2.1.1.0000)
hpzTLBXFX (Version: 002.002.00170)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 13.1.33.0 (Version: 13.1.33.0)
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1274)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ 6 Update 7 (Version: 1.6.0.70)
L7600 (Version: 50.0.165.000)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works 6.0 (Version: 06.00.1829)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MPM (Version: 1.00.0000)
MrvlUsgTracking (Version: 1.0.7)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
OCR Software by I.R.I.S 7.0 (Version: 7.0)
PanoStandAlone (Version: 70.0.170.000)
Product_SF_Full_QFolder (Version: 1.00.0000)
Product_SF_Min_QFolder (Version: 1.00.0000)
ProductContext (Version: 50.0.165.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
Realtek High Definition Audio Driver (Version: 5.10.0.5708)
RealUpgrade 1.1 (Version: 1.1.0)
Revo Uninstaller 1.94 (Version: 1.94)
Scan (Version: 7.0.0.0)
ScanSnap (Version: 5.0.21.1)
ScanSnap Manager (Version: V5.0L21)
ScanSnap Organizer (Version: 4.1.11.3)
ScanSnap Organizer (Version: V4.1L11)
SolutionCenter (Version: 70.0.170.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Status (Version: 70.0.170.000)
SUPERAntiSpyware (Version: 5.5.1012)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows PowerShell™ 1.0 (Version: 2)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 989.1 MB
Available physical RAM: 482.7 MB
Total Pagefile: 2385.46 MB
Available Pagefile: 1960.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.32 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:137.03 GB) (Free:112.63 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12 GB) (Free:7.64 GB) NTFS

========================= Users: ========================================

User accounts for \\HP88342945029

admin Administrator ASPNET
Grant Writer Guest guestpc
HelpAssistant MIS SUPPORT_388945a0


**** End of log ****

#9 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 21 August 2012 - 11:15 AM

Hi again. Below is the report from ESET Online Scanner. I also wanted to ask, I had a flash drive in when I originally got the platinum virus. I scanned it a few weeks ago with MBAM and it came up clean but I want to make sure if I plug it in it won't re-infect the computer or something. Thanks for your help.

C:\Documents and Settings\admin\Local Settings\Application Data\{FE994361-D738-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Grant Writer\Local Settings\Application Data\{FE994361-D738-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9FKCU00D\firstload_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:57 AM

Posted 21 August 2012 - 02:17 PM

Ok, looks a lot better...

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u6-windows-i586.exe (or jre-7u6-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional



How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 21 August 2012 - 03:29 PM

Hi I'm looking at the list under "Accept License Agreement" and I don't see an option for 32-bit (which I have). All I see is this:

Windows x86 Online 0.85 MB jre-7u6-windows-i586-iftw.exe
Windows x86 Offline 29.73 MB jre-7u6-windows-i586.exe
Windows x64

Sorry nevermind. I see it now.

Edited by prairiedances, 21 August 2012 - 03:36 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:57 AM

Posted 21 August 2012 - 03:43 PM

No problem...

Windows x86 Offline 29.73 MB jre-7u6-windows-i586.exe

86 = 32 bit

Edited by boopme, 21 August 2012 - 03:44 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 21 August 2012 - 04:18 PM

Thanks! Did everything listed. Should I also download Adobe flash player or Adobe AIR? (I just deleted anything in Add/Remove programs that had to do with Adobe).

Also, it's running well now thanks! Should that flash drive be okay to use?

Edited by prairiedances, 21 August 2012 - 04:19 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:57 AM

Posted 21 August 2012 - 07:38 PM

Yes install the latest versions,remove old.
Again watch for any toolbar or extras download boxes to uncheck.

Flash
http://www.sparkmediaplayer.com/player/2/

Adobe AIR
http://get.adobe.com/air/otherversions/


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 22 August 2012 - 10:04 AM

Thank you so much for your help! You're a lifesaver. Very much appreciated :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users