Not sure if infected, PC acting funny. OTL & aswMBR logs attached

View previous topic View next topic Go down

Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by robyn1112 on 15th January 2012, 9:56 pm

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-15 16:50:57
-----------------------------
16:50:57.828 OS Version: Windows 5.1.2600 Service Pack 3
16:50:57.828 Number of processors: 2 586 0xF06
16:50:57.828 ComputerName: DESKTOP UserName: Chris
16:51:01.093 Initialize success
16:51:29.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b
16:51:29.750 Disk 0 Vendor: MAXTOR_STM3320620A 3.AAE Size: 305245MB BusType: 3
16:51:29.765 Device \Driver\atapi -> DriverStartIo 85a652c6
16:51:29.796 Disk 0 MBR read successfully
16:51:29.812 Disk 0 MBR scan
16:51:29.828 Disk 0 TDL4@MBR code has been found
16:51:29.843 Disk 0 Windows XP default MBR code found via API
16:51:29.843 Disk 0 MBR hidden
16:51:29.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
16:51:29.875 Disk 0 Partition - 00 0F Extended LBA 174181 MB offset 268414020
16:51:29.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 174181 MB offset 268414083
16:51:29.921 Disk 0 MBR [TDL4] **ROOTKIT**
16:51:29.937 Disk 0 trace - called modules:
16:51:29.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85a6549f]<<
16:51:30.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f63ab8]
16:51:30.750 3 CLASSPNP.SYS[f75d5fd7] -> nt!IofCallDriver -> \Device\00000066[0x85f693b8]
16:51:30.796 5 ACPI.sys[f746c620] -> nt!IofCallDriver -> [0x85f0d940]
16:51:30.843 \Driver\atapi[0x85cdaec8] -> IRP_MJ_CREATE -> 0x85a6549f
16:51:30.875 Scan finished successfully
16:51:38.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Chris\Desktop\MBR.dat"
16:51:38.609 The log file has been saved successfully to "C:\Documents and Settings\Chris\Desktop\aswMBR.txt"

OTL logfile created on: 1/15/2012 4:49:25 PM - Run 3
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 352.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 89.50 Gb Free Space | 69.93% Space Free | Partition Type: NTFS
Drive D: | 170.10 Gb Total Space | 18.10 Gb Free Space | 10.64% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/15 16:45:45 | 000,286,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Temp\2.6537375987268788E8.tmp
PRC - [2011/12/22 05:39:29 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/05 02:05:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2011/03/01 07:51:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.com
PRC - [2010/07/26 02:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2006/03/01 03:22:04 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/01 07:51:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2006/03/31 01:38:48 | 003,960,896 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/02/22 22:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/02/22 22:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyPoints Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/13 11:09:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/28 13:31:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/28 14:14:22 | 000,000,000 | ---D | M]

[2010/10/08 17:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2012/01/15 10:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7ptixe7t.default\extensions
[2011/12/03 11:04:59 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7ptixe7t.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/02/12 22:31:58 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7ptixe7t.default\extensions\firefox@tvunetworks.com
[2011/04/19 21:55:32 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7ptixe7t.default\extensions\LogMeInClient@logmein.com
[2010/10/24 12:16:21 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7ptixe7t.default\extensions\vshare@toolbar
[2012/01/10 19:52:33 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7ptixe7t.default\searchplugins\mypoints-search.xml
[2011/03/01 22:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/13 11:09:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/03/05 02:05:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/28 14:14:21 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/03/05 02:05:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/07/15 01:21:11 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [You must be registered and logged in to see this link.] (JuniperSetupSP1 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/08 15:51:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{aba2b526-d566-11e0-8479-00192120b88e}\Shell - "" = AutoRun
O33 - MountPoints2\{aba2b526-d566-11e0-8479-00192120b88e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aba2b526-d566-11e0-8479-00192120b88e}\Shell\AutoRun\command - "" = H:\TL_Bootstrap.exe
O33 - MountPoints2\{fa2e306b-ae50-11e0-8471-00192120b88e}\Shell - "" = AutoRun
O33 - MountPoints2\{fa2e306b-ae50-11e0-8471-00192120b88e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa2e306b-ae50-11e0-8471-00192120b88e}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\fscommand\LS_Start_Launch.exe
O33 - MountPoints2\H\Shell\Launcher\command - "" = H:\Get_Started_with_LifeStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70945304882446336)

========== Files/Folders - Created Within 30 Days ==========

[2012/01/15 16:50:06 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Chris\Desktop\aswMBR.exe
[2012/01/15 12:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\.bitrock
[2012/01/15 04:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/13 11:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/01/13 11:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\AVG2012
[2012/01/13 11:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/30 21:34:52 | 000,000,000 | R--D | C] -- C:\My Pics
[2011/12/28 14:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Catalina Marketing Corp
[2011/12/28 14:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Catalina Marketing Corp
[2011/12/28 14:14:01 | 000,485,576 | ---- | C] (Catalina Marketing Corp. ) -- C:\Documents and Settings\Chris\Desktop\CouponActivator.exe
[2011/12/28 13:31:30 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/12/28 13:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/12/28 13:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/12/28 13:30:43 | 001,284,232 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Chris\Desktop\CouponPrinter.exe
[2011/12/18 17:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/15 16:51:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\MBR.dat
[2012/01/15 16:50:23 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Chris\Desktop\aswMBR.exe
[2012/01/15 16:45:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/15 16:37:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/15 12:33:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/15 12:12:10 | 000,010,210 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\f335ee59
[2012/01/15 08:29:36 | 086,774,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/13 21:42:49 | 000,030,027 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\70087337920690844_GQI84uAQ_c.jpg
[2012/01/13 18:59:12 | 000,213,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/13 11:09:18 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/12 03:03:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/11 23:26:46 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 19:21:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 14:14:01 | 000,485,576 | ---- | M] (Catalina Marketing Corp. ) -- C:\Documents and Settings\Chris\Desktop\CouponActivator.exe
[2011/12/28 13:31:30 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/12/28 13:30:51 | 001,284,232 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Chris\Desktop\CouponPrinter.exe
[2011/12/16 18:27:03 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/15 04:10:51 | 000,010,248 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bc158638
[2012/01/15 04:10:51 | 000,010,221 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\6254a060
[2012/01/15 04:10:51 | 000,010,210 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\f335ee59
[2012/01/13 21:42:48 | 000,030,027 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\70087337920690844_GQI84uAQ_c.jpg
[2012/01/13 11:09:18 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/30 19:21:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/05/19 21:11:41 | 000,059,720 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/09 12:35:47 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 15:10:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/18 10:52:17 | 000,000,793 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2010/10/18 10:51:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2010/10/09 19:41:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/09 19:38:28 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/08 20:18:13 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/10/08 19:40:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/08 17:15:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/08 15:53:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/08 15:48:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,305,318 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,037,760 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/01/15 16:50:23 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Chris\Desktop\aswMBR.exe
[2011/12/28 14:14:01 | 000,485,576 | ---- | M] (Catalina Marketing Corp. ) -- C:\Documents and Settings\Chris\Desktop\CouponActivator.exe
[2011/12/28 13:30:51 | 001,284,232 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Chris\Desktop\CouponPrinter.exe
[2011/02/12 22:31:37 | 002,136,688 | ---- | M] (TVU networks) -- C:\Documents and Settings\Chris\Desktop\PluginInstaller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/12/22 05:39:29 | 000,110,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/12/22 05:39:29 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/12/22 05:39:36 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/12/22 05:39:37 | 000,247,768 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2006/02/28 07:00:00 | 000,127,213 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ega.cpi
[2010/10/09 19:47:49 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\h323log.txt
[2009/03/08 04:31:02 | 001,638,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mshtml.tlb
[2008/04/13 10:42:06 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2.tlb
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/10/20 22:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/08 19:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/05/23 20:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2012/01/13 11:05:55 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/04/30 23:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/01/30 16:26:13 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/11/05 14:38:03 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2011/05/01 17:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/10/08 15:48:17 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/02/10 18:15:58 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/12/28 13:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2010/12/10 17:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2011/12/15 03:08:06 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/04/30 23:41:56 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/04/30 23:42:47 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/02/24 15:59:19 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/23 21:27:16 | 000,000,000 | ---D | M] -- C:\Program Files\Lame For Audacity
[2010/10/08 16:00:24 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2011/12/30 19:21:53 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/22 21:32:34 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/10/18 15:09:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/10/08 15:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/05/01 17:34:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/12/24 03:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/01/13 23:22:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/03/31 14:29:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/10/08 16:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/10/08 15:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/10/18 10:52:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSPress
[2011/12/13 18:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2011/03/22 14:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Neoteris
[2010/12/22 21:25:14 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/10/08 15:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/24 03:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/12/22 22:34:32 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoScape
[2011/01/29 10:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/02/12 22:45:41 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2010/10/08 15:55:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/02/05 22:59:19 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2010/12/10 17:24:38 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2011/12/03 11:05:48 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2011/12/04 10:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze_Remote
[2010/12/22 21:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/12/22 21:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/10/08 15:50:13 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/10/08 15:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2012/01/15 16:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid


< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/12/22 21:16:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/12/22 21:16:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/12/22 21:16:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/12/22 21:16:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/12/22 21:16:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/12/22 21:16:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-13 14:04:38

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/22 05:39:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/22 05:39:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/22 05:39:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/22 05:39:29 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/22 05:39:29 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/22 05:39:29 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/22 05:39:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/22 05:39:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/22 05:39:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/22 05:39:29 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/22 05:39:29 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/22 05:39:29 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

robyn1112
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-23
OS OS : Windows 7
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by Superdave on 17th January 2012, 12:48 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
******************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by robyn1112 on 17th January 2012, 8:07 pm

Thanks for taking time to help me!!

TDSSkiller logs
13:42:49.0093 1116 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
13:42:49.0562 1116 ============================================================
13:42:49.0562 1116 Current date / time: 2012/01/17 13:42:49.0562
13:42:49.0562 1116 SystemInfo:
13:42:49.0562 1116
13:42:49.0562 1116 OS Version: 5.1.2600 ServicePack: 3.0
13:42:49.0562 1116 Product type: Workstation
13:42:49.0562 1116 ComputerName: DESKTOP
13:42:49.0562 1116 UserName: Chris
13:42:49.0562 1116 Windows directory: C:\WINDOWS
13:42:49.0562 1116 System windows directory: C:\WINDOWS
13:42:49.0578 1116 Processor architecture: Intel x86
13:42:49.0578 1116 Number of processors: 2
13:42:49.0578 1116 Page size: 0x1000
13:42:49.0578 1116 Boot type: Normal boot
13:42:49.0578 1116 ============================================================
13:42:55.0609 1116 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:42:56.0078 1116 Initialize success
13:42:59.0734 1488 ============================================================
13:42:59.0734 1488 Scan started
13:42:59.0734 1488 Mode: Manual;
13:42:59.0734 1488 ============================================================
13:43:03.0078 1488 Abiosdsk - ok
13:43:03.0109 1488 abp480n5 - ok
13:43:03.0703 1488 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:43:03.0734 1488 ACPI - ok
13:43:03.0765 1488 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:43:03.0781 1488 ACPIEC - ok
13:43:03.0796 1488 adpu160m - ok
13:43:03.0843 1488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:43:03.0843 1488 aec - ok
13:43:03.0906 1488 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:43:03.0921 1488 AFD - ok
13:43:03.0937 1488 Aha154x - ok
13:43:03.0984 1488 aic78u2 - ok
13:43:04.0078 1488 aic78xx - ok
13:43:04.0250 1488 ALCXWDM (a8407775e1b64057418781481b202930) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:43:04.0453 1488 ALCXWDM - ok
13:43:04.0546 1488 AliIde - ok
13:43:04.0578 1488 amsint - ok
13:43:04.0656 1488 asc - ok
13:43:04.0718 1488 asc3350p - ok
13:43:04.0765 1488 asc3550 - ok
13:43:04.0859 1488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:43:04.0859 1488 AsyncMac - ok
13:43:04.0890 1488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:43:04.0890 1488 atapi - ok
13:43:04.0937 1488 Atdisk - ok
13:43:05.0125 1488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:43:05.0140 1488 Atmarpc - ok
13:43:05.0203 1488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:43:05.0203 1488 audstub - ok
13:43:05.0296 1488 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:43:05.0296 1488 AVGIDSDriver - ok
13:43:05.0343 1488 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:43:05.0343 1488 AVGIDSEH - ok
13:43:05.0375 1488 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:43:05.0375 1488 AVGIDSFilter - ok
13:43:05.0421 1488 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:43:05.0421 1488 AVGIDSShim - ok
13:43:05.0468 1488 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:43:05.0468 1488 Avgldx86 - ok
13:43:05.0515 1488 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:43:05.0515 1488 Avgmfx86 - ok
13:43:05.0562 1488 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:43:05.0578 1488 Avgrkx86 - ok
13:43:05.0671 1488 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:43:05.0703 1488 Avgtdix - ok
13:43:05.0765 1488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:43:05.0781 1488 Beep - ok
13:43:05.0859 1488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:43:05.0875 1488 cbidf2k - ok
13:43:05.0890 1488 cd20xrnt - ok
13:43:05.0953 1488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:43:05.0953 1488 Cdaudio - ok
13:43:06.0000 1488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:43:06.0000 1488 Cdfs - ok
13:43:06.0031 1488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:43:06.0031 1488 Cdrom - ok
13:43:06.0062 1488 Changer - ok
13:43:06.0125 1488 CmdIde - ok
13:43:06.0218 1488 Cpqarray - ok
13:43:06.0359 1488 dac2w2k - ok
13:43:06.0406 1488 dac960nt - ok
13:43:06.0562 1488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:43:06.0578 1488 Disk - ok
13:43:06.0671 1488 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:43:06.0703 1488 dmboot - ok
13:43:06.0750 1488 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:43:06.0750 1488 dmio - ok
13:43:06.0796 1488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:43:06.0796 1488 dmload - ok
13:43:06.0859 1488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:43:06.0859 1488 DMusic - ok
13:43:06.0921 1488 dpti2o - ok
13:43:06.0968 1488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:43:06.0968 1488 drmkaud - ok
13:43:07.0078 1488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:43:07.0078 1488 Fastfat - ok
13:43:07.0140 1488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:43:07.0140 1488 Fdc - ok
13:43:07.0203 1488 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
13:43:07.0203 1488 FETNDIS - ok
13:43:07.0265 1488 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:43:07.0265 1488 Fips - ok
13:43:07.0296 1488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:43:07.0296 1488 Flpydisk - ok
13:43:07.0343 1488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:43:07.0343 1488 FltMgr - ok
13:43:07.0390 1488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:43:07.0390 1488 Fs_Rec - ok
13:43:07.0453 1488 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:43:07.0453 1488 Ftdisk - ok
13:43:07.0515 1488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:43:07.0546 1488 GEARAspiWDM - ok
13:43:07.0578 1488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:43:07.0578 1488 Gpc - ok
13:43:07.0671 1488 hpn - ok
13:43:07.0765 1488 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:43:07.0781 1488 HTTP - ok
13:43:07.0843 1488 i2omgmt - ok
13:43:07.0875 1488 i2omp - ok
13:43:07.0906 1488 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:43:07.0906 1488 i8042prt - ok
13:43:07.0953 1488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:43:07.0953 1488 Imapi - ok
13:43:08.0046 1488 ini910u - ok
13:43:08.0109 1488 IntelIde - ok
13:43:08.0187 1488 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:43:08.0187 1488 intelppm - ok
13:43:08.0234 1488 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:43:08.0234 1488 Ip6Fw - ok
13:43:08.0296 1488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:43:08.0296 1488 IpFilterDriver - ok
13:43:08.0343 1488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:43:08.0343 1488 IpInIp - ok
13:43:08.0390 1488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:43:08.0390 1488 IpNat - ok
13:43:08.0437 1488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:43:08.0437 1488 IPSec - ok
13:43:08.0500 1488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:43:08.0500 1488 IRENUM - ok
13:43:08.0562 1488 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:43:08.0562 1488 isapnp - ok
13:43:08.0609 1488 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:43:08.0625 1488 Kbdclass - ok
13:43:08.0781 1488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:43:08.0796 1488 kmixer - ok
13:43:08.0828 1488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:43:08.0828 1488 KSecDD - ok
13:43:08.0890 1488 lbrtfdc - ok
13:43:09.0046 1488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:43:09.0046 1488 mnmdd - ok
13:43:09.0093 1488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:43:09.0093 1488 Modem - ok
13:43:09.0125 1488 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:43:09.0125 1488 Mouclass - ok
13:43:09.0171 1488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:43:09.0171 1488 MountMgr - ok
13:43:09.0203 1488 mraid35x - ok
13:43:09.0250 1488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:43:09.0265 1488 MRxDAV - ok
13:43:09.0312 1488 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:43:09.0328 1488 MRxSmb - ok
13:43:09.0359 1488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:43:09.0359 1488 Msfs - ok
13:43:09.0437 1488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:43:09.0437 1488 MSKSSRV - ok
13:43:09.0453 1488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:43:09.0468 1488 MSPCLOCK - ok
13:43:09.0500 1488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:43:09.0500 1488 MSPQM - ok
13:43:09.0531 1488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:43:09.0531 1488 mssmbios - ok
13:43:09.0578 1488 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:43:09.0640 1488 Mup - ok
13:43:09.0671 1488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:43:09.0687 1488 NDIS - ok
13:43:09.0750 1488 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:43:09.0765 1488 NdisTapi - ok
13:43:09.0812 1488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:43:09.0812 1488 Ndisuio - ok
13:43:09.0828 1488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:43:09.0828 1488 NdisWan - ok
13:43:09.0875 1488 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:43:09.0875 1488 NDProxy - ok
13:43:09.0906 1488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:43:09.0906 1488 NetBIOS - ok
13:43:09.0953 1488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:43:09.0953 1488 NetBT - ok
13:43:10.0031 1488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:43:10.0031 1488 Npfs - ok
13:43:10.0109 1488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:43:10.0125 1488 Ntfs - ok
13:43:10.0171 1488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:43:10.0171 1488 Null - ok
13:43:10.0234 1488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:43:10.0234 1488 NwlnkFlt - ok
13:43:10.0265 1488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:43:10.0265 1488 NwlnkFwd - ok
13:43:10.0343 1488 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:43:10.0343 1488 Parport - ok
13:43:10.0375 1488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:43:10.0375 1488 PartMgr - ok
13:43:10.0515 1488 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:43:10.0515 1488 ParVdm - ok
13:43:10.0531 1488 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:43:10.0546 1488 PCI - ok
13:43:10.0578 1488 PCIDump - ok
13:43:10.0609 1488 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:43:10.0625 1488 PCIIde - ok
13:43:10.0656 1488 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:43:10.0671 1488 Pcmcia - ok
13:43:10.0687 1488 PDCOMP - ok
13:43:10.0718 1488 PDFRAME - ok
13:43:10.0750 1488 PDRELI - ok
13:43:10.0781 1488 PDRFRAME - ok
13:43:10.0859 1488 perc2 - ok
13:43:10.0890 1488 perc2hib - ok
13:43:11.0031 1488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:43:11.0031 1488 PptpMiniport - ok
13:43:11.0062 1488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:43:11.0078 1488 Ptilink - ok
13:43:11.0109 1488 ql1080 - ok
13:43:11.0140 1488 Ql10wnt - ok
13:43:11.0171 1488 ql12160 - ok
13:43:11.0187 1488 ql1240 - ok
13:43:11.0218 1488 ql1280 - ok
13:43:11.0250 1488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:43:11.0250 1488 RasAcd - ok
13:43:11.0406 1488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:43:11.0406 1488 Rasl2tp - ok
13:43:11.0421 1488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:43:11.0437 1488 RasPppoe - ok
13:43:11.0453 1488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:43:11.0453 1488 Raspti - ok
13:43:11.0500 1488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:43:11.0500 1488 Rdbss - ok
13:43:11.0515 1488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:43:11.0515 1488 RDPCDD - ok
13:43:11.0609 1488 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:43:11.0609 1488 RDPWD - ok
13:43:11.0671 1488 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:43:11.0671 1488 redbook - ok
13:43:11.0796 1488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:43:11.0796 1488 Secdrv - ok
13:43:11.0875 1488 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:43:11.0875 1488 serenum - ok
13:43:11.0906 1488 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:43:11.0906 1488 Serial - ok
13:43:11.0968 1488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:43:11.0968 1488 Sfloppy - ok
13:43:12.0031 1488 Simbad - ok
13:43:12.0078 1488 Sparrow - ok
13:43:12.0125 1488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:43:12.0125 1488 splitter - ok
13:43:12.0187 1488 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:43:12.0187 1488 sr - ok
13:43:12.0234 1488 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:43:12.0250 1488 Srv - ok
13:43:12.0328 1488 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
13:43:12.0343 1488 StillCam - ok
13:43:12.0375 1488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:43:12.0375 1488 swenum - ok
13:43:12.0406 1488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:43:12.0421 1488 swmidi - ok
13:43:12.0453 1488 symc810 - ok
13:43:12.0484 1488 symc8xx - ok
13:43:12.0500 1488 sym_hi - ok
13:43:12.0531 1488 sym_u3 - ok
13:43:12.0625 1488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:43:12.0625 1488 sysaudio - ok
13:43:12.0703 1488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:43:12.0703 1488 Tcpip - ok
13:43:12.0734 1488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:43:12.0734 1488 TDPIPE - ok
13:43:12.0765 1488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:43:12.0765 1488 TDTCP - ok
13:43:12.0796 1488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:43:12.0796 1488 TermDD - ok
13:43:12.0859 1488 TosIde - ok
13:43:12.0937 1488 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:43:12.0953 1488 uagp35 - ok
13:43:12.0984 1488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:43:12.0984 1488 Udfs - ok
13:43:13.0000 1488 ultra - ok
13:43:13.0031 1488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:43:13.0046 1488 Update - ok
13:43:13.0109 1488 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:43:13.0125 1488 USBAAPL - ok
13:43:13.0140 1488 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:43:13.0140 1488 usbccgp - ok
13:43:13.0187 1488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:43:13.0187 1488 usbehci - ok
13:43:13.0218 1488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:43:13.0218 1488 usbhub - ok
13:43:13.0234 1488 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:43:13.0250 1488 usbprint - ok
13:43:13.0265 1488 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:43:13.0265 1488 usbscan - ok
13:43:13.0296 1488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:43:13.0296 1488 USBSTOR - ok
13:43:13.0328 1488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:43:13.0328 1488 usbuhci - ok
13:43:13.0375 1488 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
13:43:13.0375 1488 USB_RNDIS - ok
13:43:13.0421 1488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:43:13.0421 1488 VgaSave - ok
13:43:13.0453 1488 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:43:13.0453 1488 ViaIde - ok
13:43:13.0500 1488 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
13:43:13.0500 1488 videX32 - ok
13:43:13.0531 1488 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:43:13.0546 1488 VolSnap - ok
13:43:13.0687 1488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:43:13.0687 1488 Wanarp - ok
13:43:13.0812 1488 WDICA - ok
13:43:14.0000 1488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:43:14.0000 1488 wdmaud - ok
13:43:14.0265 1488 xfilt (fcbc27869092850cdb75139f3818653a) C:\WINDOWS\system32\DRIVERS\xfilt.sys
13:43:14.0281 1488 xfilt - ok
13:43:14.0500 1488 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
13:43:14.0515 1488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:43:14.0515 1488 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:43:14.0546 1488 Boot (0x1200) (65ba4bbdd8ee46e75e2d56be9fd98a38) \Device\Harddisk0\DR0\Partition0
13:43:14.0546 1488 \Device\Harddisk0\DR0\Partition0 - ok
13:43:14.0578 1488 Boot (0x1200) (137713e737ee6881dc4d470cf7a7c972) \Device\Harddisk0\DR0\Partition1
13:43:14.0578 1488 \Device\Harddisk0\DR0\Partition1 - ok
13:43:14.0578 1488 ============================================================
13:43:14.0578 1488 Scan finished
13:43:14.0578 1488 ============================================================
13:43:14.0625 0976 Detected object count: 1
13:43:14.0625 0976 Actual detected object count: 1
13:44:12.0031 0976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:44:12.0031 0976 \Device\Harddisk0\DR0 - ok
13:44:12.0031 0976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:44:14.0984 1120 Deinitialize success

robyn1112
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-23
OS OS : Windows 7
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by robyn1112 on 17th January 2012, 8:37 pm

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]
Generated 01/17/2012 at 02:05 PM
Application Version : 5.0.1142
Core Rules Database Version : 8136
Trace Rules Database Version: 5948
Scan type : Quick Scan
Total Scan Time : 00:10:34
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 447
Memory threats detected : 0
Registry items scanned : 31188
Registry threats detected : 3
File items scanned : 14240
File threats detected : 568
Disabled.TaskManager
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
Adware.Tracking Cookie
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@adecn[1].txt [ /adecn ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@ads.addynamix[1].txt [ /ads.addynamix ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@ads.adk2[2].txt [ /ads.adk2 ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@ads.pointroll[2].txt [ /ads.pointroll ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@adserver.twitpic[1].txt [ /adserver.twitpic ]
C:\Documents and Settings\Chris\Cookies\chris@advertising[2].txt [ /advertising ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@avgtechnologies.112.2o7[1].txt [ /avgtechnologies.112.2o7 ]
.media.lintvnews.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@clicksense[1].txt [ /clicksense ]
.media.lintvnews.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Documents and Settings\Chris\Cookies\chris@content.yieldmanager[3].txt [ /content.yieldmanager ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@electronicarts.112.2o7[1].txt [ /electronicarts.112.2o7 ]
C:\Documents and Settings\Chris\Cookies\chris@fastclick[1].txt [ /fastclick ]
.fim.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@g-pixel.invitemedia[1].txt [ /g-pixel.invitemedia ]
C:\Documents and Settings\Chris\Cookies\chris@imrworldwide[2].txt [ /imrworldwide ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@insightexpressai[2].txt [ /insightexpressai ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@interclick[2].txt [ /interclick ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@legolas-media[2].txt [ /legolas-media ]
C:\Documents and Settings\Chris\Cookies\chris@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@networldmedia[1].txt [ /networldmedia ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@pointroll[2].txt [ /pointroll ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@segment-pixel.invitemedia[1].txt [ /segment-pixel.invitemedia ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@serving-sys[1].txt [ /serving-sys ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@specificclick[2].txt [ /specificclick ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@statse.webtrendslive[2].txt [ /statse.webtrendslive ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@trafficmp[1].txt [ /trafficmp ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@[You must be registered and logged in to see this link.] [ /www.burstnet ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@yieldmanager[1].txt [ /yieldmanager ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\chris@zedo[1].txt [ /zedo ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\M6WLQHQW.txt [ /apmebf.com ]
.network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\DUF0T68W.txt [ /valassis.112.2o7.net ]
C:\Documents and Settings\Chris\Cookies\ZQBACZAX.txt [ /collective-media.net ]
wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\1I617NID.txt [ /media6degrees.com ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\HJZ6XY4K.txt [ /at.atwola.com ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\NYF4RBNY.txt [ /mediaplex.com ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\O0TUZTFX.txt [ /pro-market.net ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\O1SFNO1N.txt [ /insightexpressai.com ]
C:\Documents and Settings\Chris\Cookies\KRWH44WH.txt [ /questionmarket.com ]
C:\Documents and Settings\Chris\Cookies\CJUA0Q42.txt [ /ad.yieldmanager.com ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\VXJ8BE3Q.txt [ /casalemedia.com ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\12VDYWX3.txt [ /ad.wsod.com ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.premiumtv.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\FML5MUEI.txt [ /c.atdmt.com ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\1N7XKP44.txt [ /ru4.com ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\LQQ2UU3A.txt [ /invitemedia.com ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\737J90BK.txt [ /atdmt.com ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\LFHSA3JO.txt [ /doubleclick.net ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\34XKXAWL.txt [ /statcounter.com ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\GNCL10M0.txt [ /adbrite.com ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Chris\Cookies\6AGV9HD7.txt [ /revsci.net ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.a.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
cdn.uc.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.ad.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.2mdn.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.ad.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.meta.wikimedia.org [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
mediaservices-d.openxenterprise.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7PTIXE7T.DEFAULT\COOKIES.SQLITE ]

robyn1112
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-23
OS OS : Windows 7
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by Superdave on 19th January 2012, 6:59 pm

Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by robyn1112 on 19th January 2012, 8:04 pm

Here's what I got from combofix.....It didn't prompt me to re-start the pc, my desktop is still grey and not all of my original icons are on the desktop, but my programs are now showing up in the start menu. I'm still getting a pop-up that windows automatic updates are not enabled.
ComboFix 12-01-19.01 - Chris 01/19/2012 14:52:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.415 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\pchelpforum.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\alcrmv.exe
c:\windows\AutoRun.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-17 18:52 . 2012-01-17 18:52 -------- d-----w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2012-01-17 18:52 . 2012-01-17 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-15 17:35 . 2012-01-15 17:35 -------- d-----w- c:\documents and settings\Chris\.bitrock
2012-01-15 09:09 . 2012-01-15 09:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-13 16:07 . 2012-01-13 16:07 -------- d-----w- c:\documents and settings\Chris\Application Data\AVG2012
2012-01-13 16:07 . 2012-01-13 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-12-31 02:34 . 2012-01-03 03:41 -------- d-----r- C:\My Pics
2011-12-28 19:14 . 2011-12-28 19:14 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
2011-12-28 19:14 . 2011-12-28 19:14 -------- d-----w- c:\documents and settings\Chris\Application Data\Catalina Marketing Corp
2011-12-28 18:31 . 2011-12-28 18:31 -------- d-----w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-03-01 15:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-02-28 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2006-02-28 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2006-02-28 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\Chris\Desktop\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\documents and settings\Chris\Desktop\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Chris\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\Chris\Desktop\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\Chris\Desktop\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\documents and settings\Chris\Desktop\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-11-06 23:45]
.
2011-12-16 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-12-13 23:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\7ptixe7t.default\
FF - prefs.js: browser.search.selectedEngine - MyPoints Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
FF - Ext: TVU Web Player: [You must be registered and logged in to see this link.] - %profile%\extensions\firefox@tvunetworks.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-19 14:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,c9,76,3d,a5,1d,98,4c,a2,d1,53,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,c9,76,3d,a5,1d,98,4c,a2,d1,53,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0c\06\03\10\06\01?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\documents and settings\Chris\Desktop\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-01-19 15:01:19
ComboFix-quarantined-files.txt 2012-01-19 20:01
.
Pre-Run: 98,285,338,624 bytes free
Post-Run: 99,797,610,496 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9D189965F07B401DC192FA231DFB7623

robyn1112
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-23
OS OS : Windows 7
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by Superdave on 19th January 2012, 8:29 pm


  • Please download Unhide by Grinler from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Double click unhide.exe to run the tool.
  • It will take some time to go through all your files, so please be patient.
  • If this tool doesn´t fix the problem, please let me know.

*******************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by robyn1112 on 19th January 2012, 9:23 pm

Thank you so much for your help!! Visually, everything is back to normal. I had to drag some icons back to the desktop, but other than that, all seems ok.
Here are the logs from the other 2 scans. Should I keep or delete the other programs from my desktop (TDSSkiller, combofix, Super Anti-Spyware)?
Thanks again!!!!!

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java(TM) 6 Update 24
Java version out of date!
Adobe Flash Player 10.3.183.10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.25) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Chris\Desktop\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: F6744000
Module End: F6766000
Hidden: Yes

Module Name: \??\C:\Documents and Settings\Chris\Desktop\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F7975000
Module End: F797B000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F64F2000
Module End: F650A000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7AD3000
Module End: F7AD5000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwOpenProcess
Address: F5DE2F3C
Driver Base: F5DE2000
Driver End: F5DE5000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateProcess
Address: F5DE2FE4
Driver Base: F5DE2000
Driver End: F5DE5000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateThread
Address: F5DE3080
Driver Base: F5DE2000
Driver End: F5DE5000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwWriteVirtualMemory
Address: F5DE311C
Driver Base: F5DE2000
Driver End: F5DE5000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

robyn1112
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-23
OS OS : Windows 7
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by Superdave on 19th January 2012, 11:10 pm

Should I keep or delete the other programs from my desktop (TDSSkiller, combofix, Super Anti-Spyware)?
You can uninstall TDSSKiller and SAS. I'll get rid of CF when I'm satisfied the computer is clean.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************
Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
*****************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by robyn1112 on 20th January 2012, 5:45 pm

here's what I got with the esetscan...
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\456472d2-6fdcf2a9 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\27\60b5d41b-627b63c0 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\25ac915d-520c456c a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\530d44e1-1845afa8 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-28770cb4 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\7\43c3de87-7c7e2e28 a variant of Java/TrojanDownloader.Agent.NDJ trojan
D:\torrents\Tomey's Music\Music\Estelle - Dance with me.mp3.virus a variant of WMA/TrojanDownloader.GetCodec.gen trojan

robyn1112
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-23
OS OS : Windows 7
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by robyn1112 on 20th January 2012, 6:37 pm

Just noticed when I opened itunes that all my music is no longer there. It is still on my hard drive, but is there anyway to recover the playlists that were already created in itunes? (fingers crossed...)

robyn1112
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-23
OS OS : Windows 7
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by Superdave on 20th January 2012, 7:34 pm

Please run ESET again because it didn't quarantine the problems found.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by robyn1112 on 20th January 2012, 9:25 pm

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\456472d2-6fdcf2a9 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\27\60b5d41b-627b63c0 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\25ac915d-520c456c a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\530d44e1-1845afa8 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-28770cb4 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\7\43c3de87-7c7e2e28 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
D:\torrents\Tomey's Music\Music\Estelle - Dance with me.mp3.virus a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

robyn1112
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-23
OS OS : Windows 7
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by Superdave on 21st January 2012, 2:42 am

That looks better. How's the computer running now? Any other issues?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by robyn1112 on 21st January 2012, 5:29 am

Just couple of minor things...the missing itunes playlists, and I don't think all my plug-in's are still there, but I'm a little nervous about what to enable. I can't play games on pogo.com. It says there's a problem with my java plug-in. Thanks again for all your help!!

robyn1112
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-23
OS OS : Windows 7
Points Points : 25718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not sure if infected, PC acting funny. OTL & aswMBR logs attached

Post by Superdave on 21st January 2012, 7:13 pm


  • Please download Unhide by Grinler from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Double click unhide.exe to run the tool.
  • It will take some time to go through all your files, so please be patient.
  • If this tool doesn´t fix the problem, please let me know.

*******************************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum