Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Need help with an unknown infection.  (Read 8121 times)

0 Members and 1 Guest are viewing this topic.

brc3404

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    Need help with an unknown infection.
    « on: March 28, 2012, 05:32:30 PM »
    Thanks in advance for taking the time to read this. Im running windows xp home service pack 3. Computer was sending fictious emails from my aol account. Uninstalled AVG Free 12 using avg uninstall tool and successfully reinstalled AVG Free 12. After running first scan, An "infection detected" message from AVG came up. After that, an infection message was coming up about every 5 seconds. So many that it bogged down the computer trying to clear them all. Some items were quarenteened successfully while others failed. While lookking through add/remove programs, I noticed what is called Contextual Tool Bar, when I attempted to uninstall it, AVG infection detected" message appeared. Each time I attempt to uninstall this virus, a different named infection comes us. Im sure this tool bar is just partially the problem, and not entirely to blame. A side note to the add/remove programs, It shows NUMEROUS windows XP updates and hot fixes. Is this normal for all these to show under the add/remove programs? I thought it was suppose to only show the most recent update performed?? I attempted to get msinfo , however reveived an error message. I then went into services and found that help and support had been set to manual. When tring to start the service again, I got another error message. I ran full scans with Computer Care 5, and Antimalware Bytes doing whatever those scans recommended. I tried to install GMER.EXE to run a scan and create a log, error message received upon trying to install, but then GMER started scanning on its own (only a partial system scan).  It seems as if every advice I try to follow to clean this thing, it counters my every move ??? Any suggestions? Im using teamviewer (remote connection) software to fix this computer for my mother, as Im 3 states away from her currently. Sorry for the book, I appreciate ANY time in this matter.
    -Brett

    SuperDave

    • Malware Removal Specialist


    • Sage
    • Thanked: 852
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Need help with an unknown infection.
    « Reply #1 on: March 28, 2012, 07:32:59 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Quote
    A side note to the add/remove programs, It shows NUMEROUS windows XP updates and hot fixes. Is this normal for all these to show under the add/remove programs?
    You can disable this by checking the box at the top marked "Show updates".

    SUPERAntiSpyware

    If you already have SUPERAntiSpyware be sure to check for updates before scanning!


    Download SuperAntispyware Free Edition (SAS)
    * Double-click the icon on your desktop to run the installer.
    * When asked to Update the program definitions, click Yes
    * If you encounter any problems while downloading the updates, manually download and unzip them from here
    * Next click the Preferences button.

    •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
    * Click the Scanning Control tab.
    * Under Scanner Options make sure only the following are checked:

    •Close browsers before scanning
    •Scan for tracking cookies
    •Terminate memory threats before quarantining
    Please leave the others unchecked

    •Click the Close button to leave the control center screen.

    * On the main screen click Scan your computer
    * On the left check the box for the drive you are scanning.
    * On the right choose Perform Complete Scan
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK
    * Make sure everything in the white box has a check next to it, then click Next
    * It will quarantine what it found and if it asks if you want to reboot, click Yes

    •To retrieve the removal information please do the following:
    •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    •Click Preferences. Click the Statistics/Logs tab.

    •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

    •It will open in your default text editor (preferably Notepad).
    •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    *Copy and Paste the log in your post.
    *********************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    *************************************************
    Download DDS from HERE or HERE and save it to your desktop.

    Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs.
    * Save both reports to your desktop.
    * The instructions here ask you to attach the Attach.txt.



    1) DDS.txt
    2) Attach.txt
    Instead of attaching, please copy/past both logs into your Thread

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copying and pasting it into the reply.

    •Close the program window, and delete the program from your desktop.

    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

    brc3404

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Unknown
      Re: Need help with an unknown infection.
      « Reply #2 on: March 30, 2012, 01:18:42 AM »
      Super Dave, Im post the superanti log. I have a log from malware bytes from 3 days ago I can also post. If you prefer I dont post that one, I will post the fresh anti malware bytes log sometime later today. Also, I think I made a slight mistake by trying to run dds whithout disabling my AVG, Computer Care 5 , and while the malware bytes scan was running, The dds didnt finish, it may have even locked the computer desktop up. Let me know, and THANKS!!!!!!


      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 03/30/2012 at 02:14 AM

      Application Version : 5.0.1146

      Core Rules Database Version : 8402
      Trace Rules Database Version: 6214

      Scan type       : Complete Scan
      Total Scan Time : 01:56:25

      Operating System Information
      Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
      Administrator

      Memory items scanned      : 447
      Memory threats detected   : 0
      Registry items scanned    : 34072
      Registry threats detected : 25
      File items scanned        : 63839
      File threats detected     : 670

      Adware.ShopAtHomeSelect
         HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
         HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\InprocServer32
         HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\InprocServer32#ThreadingModel
         HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\ProgID
         HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\Programmable
         HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\TypeLib
         HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\VersionIndependentProgID
         HKLM\Software\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}
         HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
         HKCR\ToolBand.ShopAtHomeIEHelper.1
         HKCR\ToolBand.ShopAtHomeIEHelper.1\CLSID
         HKCR\ToolBand.ShopAtHomeIEHelper
         HKCR\ToolBand.ShopAtHomeIEHelper\CLSID
         HKCR\ToolBand.ShopAtHomeIEHelper\CurVer
         HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}
         HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0
         HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\0
         HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\0\win32
         HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\FLAGS
         HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\HELPDIR
         HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}
         HKU\S-1-5-21-1482476501-573735546-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

      Adware.SelectRebates
         C:\Program Files\SELECTREBATES\SRebates.dll
         C:\Program Files\SELECTREBATES\Toolbar\ShopAtHomeToolbar1.dll
         C:\Program Files\SELECTREBATES\Toolbar
         C:\Program Files\SELECTREBATES

      Adware.Tracking Cookie
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@247realmedia[2].txt [ /247realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@2o7[1].txt [ /2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@2o7[2].txt [ /2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@a.websponsors[3].txt [ /a.websponsors ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@a1.interclick[1].txt [ /a1.interclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@a1.interclick[3].txt [ /a1.interclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@a1.interclick[4].txt [ /a1.interclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@a1.interclick[5].txt [ /a1.interclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@accessvg.112.2o7[1].txt [ /accessvg.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ad.burstdirectads[1].txt [ /ad.burstdirectads ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ad.sbnation[1].txt [ /ad.sbnation ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ad.wsod[1].txt [ /ad.wsod ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ad.wsod[2].txt [ /ad.wsod ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ad.wsod[4].txt [ /ad.wsod ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ad.yieldmanager[3].txt [ /ad.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ad.yieldmanager[5].txt [ /ad.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adbrite[1].txt [ /adbrite ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adbrite[2].txt [ /adbrite ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adbureau[1].txt [ /adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adbureau[2].txt [ /adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adcentriconline[1].txt [ /adcentriconline ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adecn[1].txt [ /adecn ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adecn[3].txt [ /adecn ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adinterax[1].txt [ /adinterax ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adlegend[1].txt [ /adlegend ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adlegend[2].txt [ /adlegend ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adlegend[3].txt [ /adlegend ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads-vrx.adbrite[1].txt [ /ads-vrx.adbrite ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.addynamix[2].txt [ /ads.addynamix ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.associatedcontent[1].txt [ /ads.associatedcontent ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.associatedcontent[3].txt [ /ads.associatedcontent ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.bridgetrack[1].txt [ /ads.bridgetrack ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.bridgetrack[2].txt [ /ads.bridgetrack ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.bridgetrack[4].txt [ /ads.bridgetrack ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.bridgetrack[5].txt [ /ads.bridgetrack ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.bridgetrack[6].txt [ /ads.bridgetrack ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.cellfish[1].txt [ /ads.cellfish ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.cnn[1].txt [ /ads.cnn ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.cnn[2].txt [ /ads.cnn ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.cnn[3].txt [ /ads.cnn ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.financialcontent[2].txt [ /ads.financialcontent ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.lockedonmedia[2].txt [ /ads.lockedonmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.pointroll[10].txt [ /ads.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.pointroll[1].txt [ /ads.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.pointroll[2].txt [ /ads.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.pointroll[3].txt [ /ads.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.pointroll[4].txt [ /ads.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.pointroll[5].txt [ /ads.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.pointroll[6].txt [ /ads.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.pointroll[7].txt [ /ads.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.pointroll[8].txt [ /ads.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.pointroll[9].txt [ /ads.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.trutv[1].txt [ /ads.trutv ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.undertone[1].txt [ /ads.undertone ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.undertone[2].txt [ /ads.undertone ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.undertone[3].txt [ /ads.undertone ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.widgetbucks[1].txt [ /ads.widgetbucks ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.widgetbucks[3].txt [ /ads.widgetbucks ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ads.xapads[1].txt [ /ads.xapads ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adserver.adtechus[1].txt [ /adserver.adtechus ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adserver.adtechus[2].txt [ /adserver.adtechus ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adserver.adtechus[3].txt [ /adserver.adtechus ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adtech[1].txt [ /adtech ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertise[1].txt [ /advertise ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertising[1].txt [ /advertising ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertising[2].txt [ /advertising ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertising[3].txt [ /advertising ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertising[4].txt [ /advertising ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertising[5].txt [ /advertising ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adxpose[1].txt [ /adxpose ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@adxpose[2].txt [ /adxpose ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@aff.primaryads[1].txt [ /aff.primaryads ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@amfam.112.2o7[1].txt [ /amfam.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@amfam.112.2o7[2].txt [ /amfam.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@amfam.112.2o7[3].txt [ /amfam.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@analytics.intrepidstats[1].txt [ /analytics.intrepidstats ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@andomedia[1].txt [ /andomedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[1].txt [ /apmebf ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[2].txt [ /apmebf ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[3].txt [ /apmebf ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[4].txt [ /apmebf ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[5].txt [ /apmebf ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[6].txt [ /apmebf ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[7].txt [ /apmebf ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ar.atwola[1].txt [ /ar.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ar.atwola[2].txt [ /ar.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ar.atwola[3].txt [ /ar.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ar.atwola[4].txt [ /ar.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ar.atwola[5].txt [ /ar.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ar.atwola[6].txt [ /ar.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ar.atwola[7].txt [ /ar.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ar.atwola[8].txt [ /ar.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ar.atwola[9].txt [ /ar.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@associatedcontent.112.2o7[2].txt [ /associatedcontent.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@at.atwola[1].txt [ /at.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@at.atwola[2].txt [ /at.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@at.atwola[3].txt [ /at.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@atdmt[1].txt [ /atdmt ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@atdmt[2].txt [ /atdmt ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[1].txt [ /atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[2].txt [ /atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[3].txt [ /atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[4].txt [ /atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[5].txt [ /atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[6].txt [ /atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@avgtechnologies.112.2o7[1].txt [ /avgtechnologies.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@avgtechnologies.112.2o7[2].txt [ /avgtechnologies.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@azjmp[1].txt [ /azjmp ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@azjmp[3].txt [ /azjmp ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@bonneville.112.2o7[1].txt [ /bonneville.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@bravenet[1].txt [ /bravenet ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@bravenet[2].txt [ /bravenet ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@brittanymurphymedia[1].txt [ /brittanymurphymedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@bruceclay.112.2o7[1].txt [ /bruceclay.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@bs.serving-sys[1].txt [ /bs.serving-sys ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@burstnet[1].txt [ /burstnet ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@burstnet[2].txt [ /burstnet ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@burstnet[3].txt [ /burstnet ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@c7.zedo[1].txt [ /c7.zedo ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@casalemedia[1].txt [ /casalemedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@cb.adbureau[1].txt [ /cb.adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@cb.adbureau[2].txt [ /cb.adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@cbcnewmedia.112.2o7[1].txt [ /cbcnewmedia.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@cbs.112.2o7[1].txt [ /cbs.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@cbsdigitalmedia.112.2o7[1].txt [ /cbsdigitalmedia.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@cdn4.specificclick[1].txt [ /cdn4.specificclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@cdn4.specificclick[2].txt [ /cdn4.specificclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@cdn4.specificclick[3].txt [ /cdn4.specificclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@cdn4.specificclick[5].txt [ /cdn4.specificclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@centralmediaserver[2].txt [ /centralmediaserver ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@centralmediaserver[3].txt [ /centralmediaserver ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@centralmediaserver[4].txt [ /centralmediaserver ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@centralmediaserver[5].txt [ /centralmediaserver ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@checkngo.122.2o7[1].txt [ /checkngo.122.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@chitika[1].txt [ /chitika ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@chitika[2].txt [ /chitika ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@chitika[4].txt [ /chitika ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@chitika[5].txt [ /chitika ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@click.mediadome[2].txt [ /click.mediadome ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@click.onlinepaysys[1].txt [ /click.onlinepaysys ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@click2go[2].txt [ /click2go ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@cms.trafficmp[2].txt [ /cms.trafficmp ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@collective-media[1].txt [ /collective-media ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@collective-media[2].txt [ /collective-media ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@collective-media[3].txt [ /collective-media ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@content.yieldmanager[11].txt [ /content.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@content.yieldmanager[1].txt [ /content.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@content.yieldmanager[2].txt [ /content.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@content.yieldmanager[3].txt [ /content.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@content.yieldmanager[4].txt [ /content.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@content.yieldmanager[5].txt [ /content.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@content.yieldmanager[6].txt [ /content.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@content.yieldmanager[7].txt [ /content.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@content.yieldmanager[8].txt [ /content.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@content.yieldmanager[9].txt [ /content.yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@counter.surfcounters[1].txt [ /counter.surfcounters ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@csc.112.2o7[1].txt [ /csc.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@data.coremetrics[1].txt [ /data.coremetrics ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@dc.tremormedia[1].txt [ /dc.tremormedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@discounts.shopathome[1].txt [ /discounts.shopathome ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@dmtracker[1].txt [ /dmtracker ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@dominionenterprises.112.2o7[1].txt [ /dominionenterprises.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@dominionenterprises.112.2o7[2].txt [ /dominionenterprises.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@doubleclick[1].txt [ /doubleclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@eas.apm.emediate[2].txt [ /eas.apm.emediate ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ecnext.advertserve[1].txt [ /ecnext.advertserve ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@edge.ru4[1].txt [ /edge.ru4 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@edge.ru4[2].txt [ /edge.ru4 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@edge.ru4[3].txt [ /edge.ru4 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@edge.ru4[5].txt [ /edge.ru4 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ehg-airtran.hitbox[2].txt [ /ehg-airtran.hitbox ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ehg-airtran.hitbox[3].txt [ /ehg-airtran.hitbox ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ehg-airtran.hitbox[4].txt [ /ehg-airtran.hitbox ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ehg-findlaw.hitbox[2].txt [ /ehg-findlaw.hitbox ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ehg-gaddispartners.hitbox[1].txt [ /ehg-gaddispartners.hitbox ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ehg-myspaceinc.hitbox[2].txt [ /ehg-myspaceinc.hitbox ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ehg-viacom.hitbox[1].txt [ /ehg-viacom.hitbox ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@elephantgroup.122.2o7[1].txt [ /elephantgroup.122.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ero-advertising[2].txt [ /ero-advertising ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@eyewonder[1].txt [ /eyewonder ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@eyewonder[2].txt [ /eyewonder ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@eyewonder[3].txt [ /eyewonder ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@eyewonder[4].txt [ /eyewonder ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@f.blogads[1].txt [ /f.blogads ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@fastclick[1].txt [ /fastclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@fastclick[3].txt [ /fastclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@femaleinfertilitycenter[1].txt [ /femaleinfertilitycenter ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@findlaw[2].txt [ /findlaw ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@google.lucidmedia[1].txt [ /google.lucidmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@hitbox[2].txt [ /hitbox ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@iacas.adbureau[1].txt [ /iacas.adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@iacas.adbureau[2].txt [ /iacas.adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@imp.bid.ace.advertising[1].txt [ /imp.bid.ace.advertising ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@imrworldwide[2].txt [ /imrworldwide ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@imrworldwide[3].txt [ /imrworldwide ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@imrworldwide[4].txt [ /imrworldwide ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@indigio.122.2o7[1].txt [ /indigio.122.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@insight-com[1].txt [ /insight-com ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@insightexpressai[1].txt [ /insightexpressai ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@insightexpressai[2].txt [ /insightexpressai ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@insightexpressai[3].txt [ /insightexpressai ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@insightexpressai[5].txt [ /insightexpressai ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@insightexpressai[6].txt [ /insightexpressai ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@interclick[1].txt [ /interclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@interclick[2].txt [ /interclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@interclick[4].txt [ /interclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@interclick[5].txt [ /interclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@intermundomedia[2].txt [ /intermundomedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@intermundomedia[3].txt [ /intermundomedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@invitemedia[1].txt [ /invitemedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@invitemedia[2].txt [ /invitemedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@invitemedia[3].txt [ /invitemedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@invitemedia[4].txt [ /invitemedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@invitemedia[5].txt [ /invitemedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ishowernaked2[1].txt [ /ishowernaked2 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@jibjab.112.2o7[1].txt [ /jibjab.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@kanoodle[1].txt [ /kanoodle ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@kanoodle[3].txt [ /kanoodle ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@kontera[2].txt [ /kontera ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@kontera[3].txt [ /kontera ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@kroger.112.2o7[1].txt [ /kroger.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@kronos.bravenetmedia[1].txt [ /kronos.bravenetmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@lfstmedia[1].txt [ /lfstmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@lfstmedia[2].txt [ /lfstmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@lfstmedia[3].txt [ /lfstmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@lfstmedia[5].txt [ /lfstmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@lfstmedia[6].txt [ /lfstmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@linksynergy[1].txt [ /linksynergy ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@linksynergy[3].txt [ /linksynergy ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@liveperson[4].txt [ /liveperson ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@lockedonmedia[1].txt [ /lockedonmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@lockedonmedia[3].txt [ /lockedonmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@login.tracking101[2].txt [ /login.tracking101 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@lucidmedia[2].txt [ /lucidmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@lucidmedia[3].txt [ /lucidmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@lynxtrack[1].txt [ /lynxtrack ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media.adfrontiers[1].txt [ /media.adfrontiers ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media.adfrontiers[2].txt [ /media.adfrontiers ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media.adfrontiers[3].txt [ /media.adfrontiers ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media.causes[1].txt [ /media.causes ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media.causes[3].txt [ /media.causes ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media.formatdynamics[1].txt [ /media.formatdynamics ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[1].txt [ /media6degrees ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[2].txt [ /media6degrees ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[3].txt [ /media6degrees ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[4].txt [ /media6degrees ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[5].txt [ /media6degrees ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[6].txt [ /media6degrees ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[8].txt [ /media6degrees ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[9].txt [ /media6degrees ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@mediaplex[1].txt [ /mediaplex ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@mediaplex[2].txt [ /mediaplex ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@mediaplex[3].txt [ /mediaplex ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@mediaplex[5].txt [ /mediaplex ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@microsoftsto.112.2o7[1].txt [ /microsoftsto.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@movieticketscom.122.2o7[1].txt [ /movieticketscom.122.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@msnbc.112.2o7[1].txt [ /msnbc.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@msnbc.112.2o7[2].txt [ /msnbc.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@myaccount.santanderconsumerusa[1].txt [ /myaccount.santanderconsumerusa ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@neoedge.adbureau[1].txt [ /neoedge.adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@network.realmedia[1].txt [ /network.realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@network.realmedia[2].txt [ /network.realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@network.realmedia[3].txt [ /network.realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@network.realmedia[4].txt [ /network.realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@network.realmedia[5].txt [ /network.realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@network.realmedia[7].txt [ /network.realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@nextag[2].txt [ /nextag ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@oasn03.247realmedia[1].txt [ /oasn03.247realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@oasn04.247realmedia[1].txt [ /oasn04.247realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@oasn04.247realmedia[2].txt [ /oasn04.247realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@oasn04.247realmedia[3].txt [ /oasn04.247realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@oasn04.247realmedia[4].txt [ /oasn04.247realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@oasn04.247realmedia[5].txt [ /oasn04.247realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@oasn04.247realmedia[6].txt [ /oasn04.247realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@onlinediscountmart[1].txt [ /onlinediscountmart ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@optimize.indieclick[2].txt [ /optimize.indieclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ordie.adbureau[2].txt [ /ordie.adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@overture[2].txt [ /overture ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@partners.trafficz[1].txt [ /partners.trafficz ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@peoplefinders[1].txt [ /peoplefinders ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@peoplefinders[2].txt [ /peoplefinders ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@*censored*.122.2o7[1].txt [ /*censored*.122.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@pluckit.demandmedia[1].txt [ /pluckit.demandmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@pluckit.demandmedia[2].txt [ /pluckit.demandmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@pointroll[1].txt [ /pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@pointroll[3].txt [ /pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@pointroll[4].txt [ /pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@pview.findlaw[1].txt [ /pview.findlaw ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@qksrv[2].txt [ /qksrv ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@qnsr[1].txt [ /qnsr ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@questionmarket[2].txt [ /questionmarket ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@questionmarket[3].txt [ /questionmarket ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@questionmarket[4].txt [ /questionmarket ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@realmedia[1].txt [ /realmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@revsci[2].txt [ /revsci ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@richmedia.yahoo[1].txt [ /richmedia.yahoo ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@richmedia.yahoo[2].txt [ /richmedia.yahoo ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@richmedia.yahoo[3].txt [ /richmedia.yahoo ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@rotator.adjuggler[1].txt [ /rotator.adjuggler ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@rotator.hadj7.adjuggler[2].txt [ /rotator.hadj7.adjuggler ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ru4[2].txt [ /ru4 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@sales.liveperson[2].txt [ /sales.liveperson ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@sales.liveperson[3].txt [ /sales.liveperson ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@server.iad.liveperson[2].txt [ /server.iad.liveperson ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@server.iad.liveperson[3].txt [ /server.iad.liveperson ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@serving-sys[1].txt [ /serving-sys ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@serving-sys[2].txt [ /serving-sys ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@smartadserver[1].txt [ /smartadserver ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@socialmedia[1].txt [ /socialmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@socialmedia[3].txt [ /socialmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificclick[1].txt [ /specificclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificclick[2].txt [ /specificclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificclick[3].txt [ /specificclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificclick[4].txt [ /specificclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificclick[5].txt [ /specificclick ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[1].txt [ /specificmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[2].txt [ /specificmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[3].txt [ /specificmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[4].txt [ /specificmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[6].txt [ /specificmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[7].txt [ /specificmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[8].txt [ /specificmedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@stat.onestat[2].txt [ /stat.onestat ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@statcounter[1].txt [ /statcounter ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@statcounter[3].txt [ /statcounter ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@statcounter[4].txt [ /statcounter ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@stats.paypal[2].txt [ /stats.paypal ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@statsadv.dada[1].txt [ /statsadv.dada ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@statse.webtrendslive[2].txt [ /statse.webtrendslive ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@steelhousemedia[1].txt [ /steelhousemedia ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@superpages.122.2o7[1].txt [ /superpages.122.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@t.pointroll[1].txt [ /t.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@t.pointroll[3].txt [ /t.pointroll ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@tacoda.at.atwola[2].txt [ /tacoda.at.atwola ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@tacoda[1].txt [ /tacoda ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@tacoda[2].txt [ /tacoda ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@track.opinion-reward-center[1].txt [ /track.opinion-reward-center ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@tracking.foxnews[1].txt [ /tracking.foxnews ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@tracking.foxnews[3].txt [ /tracking.foxnews ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@trafficmp[1].txt [ /trafficmp ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@trafficmp[2].txt [ /trafficmp ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@traveladvertising[2].txt [ /traveladvertising ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@tribalfusion[2].txt [ /tribalfusion ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@trvlnet.adbureau[1].txt [ /trvlnet.adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@usairways.112.2o7[1].txt [ /usairways.112.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@ussearch.122.2o7[1].txt [ /ussearch.122.2o7 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@viacom.adbureau[2].txt [ /viacom.adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@videoegg.adbureau[2].txt [ /videoegg.adbureau ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@websponsors[1].txt [ /websponsors ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.burstbeacon[1].txt [ /www.burstbeacon ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.burstbeacon[2].txt [ /www.burstbeacon ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.burstbeacon[4].txt [ /www.burstbeacon ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.burstnet[1].txt [ /www.burstnet ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.burstnet[2].txt [ /www.burstnet ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.burstnet[3].txt [ /www.burstnet ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.burstnet[4].txt [ /www.burstnet ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.epitrack[1].txt [ /www.epitrack ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.femaleinfertilitycenter[1].txt [ /www.femaleinfertilitycenter ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.googleadservices[10].txt [ /www.googleadservices ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.googleadservices[11].txt [ /www.googleadservices ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.googleadservices[1].txt [ /www.googleadservices ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.googleadservices[2].txt [ /www.googleadservices ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.googleadservices[3].txt [ /www.googleadservices ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.googleadservices[4].txt [ /www.googleadservices ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.googleadservices[5].txt [ /www.googleadservices ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.googleadservices[8].txt [ /www.googleadservices ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.googleadservices[9].txt [ /www.googleadservices ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.kntrack[1].txt [ /www.kntrack ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.linktrack66[1].txt [ /www.linktrack66 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.linktrack66[2].txt [ /www.linktrack66 ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.peoplefinders[2].txt [ /www.peoplefinders ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.peoplefinders[3].txt [ /www.peoplefinders ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.qksrv[2].txt [ /www.qksrv ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.socialtrack[1].txt [ /www.socialtrack ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.tltrack[1].txt [ /www.tltrack ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@www.yourapprovaltracker[1].txt [ /www.yourapprovaltracker ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@xiti[1].txt [ /xiti ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@yieldmanager[1].txt [ /yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@yieldmanager[2].txt [ /yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@yieldmanager[4].txt [ /yieldmanager ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@zedo[1].txt [ /zedo ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@zedo[2].txt [ /zedo ]
         C:\Documents and Settings\donnakeller\Cookies\donnakeller@zitracker[1].txt [ /zitracker ]
         C:\Documents and Settings\donnakeller\Cookies\QDMBR4MF.txt [ /tacoda.at.atwola.com ]
         C:\Documents and Settings\donnakeller\Cookies\6OB0Z37E.txt [ /eyewonder.com ]
         C:\Documents and Settings\donnakeller\Cookies\NSQFNEJL.txt [ /ad.yieldmanager.com ]
         C:\Documents and Settings\donnakeller\Cookies\V3J3YF7G.txt [ /at.atwola.com ]
         C:\Documents and Settings\donnakeller\Cookies\XZP7H6Y1.txt [ /avgtechnologies.112.2o7.net ]
         C:\Documents and Settings\donnakeller\Cookies\Z5L64FMY.txt [ /accounts.google.com ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@adecn[1].txt [ Cookie:kids@adecn.com/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@microsoftwindows.112.2o7[1].txt [ Cookie:kids@microsoftwindows.112.2o7.net/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@doubleclick[1].txt [ Cookie:kids@doubleclick.net/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@questionmarket[1].txt [ Cookie:kids@questionmarket.com/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@ero-advertising[1].txt [ Cookie:kids@ero-advertising.com/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@interclick[2].txt [ Cookie:kids@interclick.com/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@www.googleadservices[3].txt [ Cookie:kids@www.googleadservices.com/pagead/conversion/1061471219/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@msnportal.112.2o7[2].txt [ Cookie:kids@msnportal.112.2o7.net/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@ads.pointroll[2].txt [ Cookie:kids@ads.pointroll.com/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@ad.yieldmanager[1].txt [ Cookie:kids@ad.yieldmanager.com/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@avgtechnologies.112.2o7[1].txt [ Cookie:kids@avgtechnologies.112.2o7.net/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@invitemedia[1].txt [ Cookie:kids@invitemedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@collective-media[1].txt [ Cookie:kids@collective-media.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CCMIDCCP.txt [ Cookie:system@ru4.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0LKSEJRH.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3VREA4FQ.txt [ Cookie:system@www.burstnet.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\G4P3JC4H.txt [ Cookie:system@fastclick.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\D38MFERX.txt [ Cookie:system@dc.tremormedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7VF7Q2PJ.txt [ Cookie:system@stat.onestat.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7X9J2MYF.txt [ Cookie:system@ox-d.enveromedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4JQROSKN.txt [ Cookie:system@pointroll.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8ZZMWNVQ.txt [ Cookie:system@myroitracking.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\I5I3ME6G.txt [ Cookie:system@pubads.g.doubleclick.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\17BQFRJG.txt [ Cookie:system@www.guysfinders.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CGLOQQR3.txt [ Cookie:system@revsci.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\K5S1C926.txt [ Cookie:system@intfind.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\OW1Q84DX.txt [ Cookie:system@clicks.geltmedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\PCFMX8PU.txt [ Cookie:system@solvemedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\U4T7CGXQ.txt [ Cookie:system@atdmt.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\UGHA5JTP.txt [ Cookie:system@rotator.adjuggler.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\AU0GSM5M.txt [ Cookie:system@trafficno.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\O1J4WJ08.txt [ Cookie:system@doubleclick.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0JCREE0A.txt [ Cookie:system@azurefind.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XEQ17ZY9.txt [ Cookie:system@lucidmedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\P0AVSL2L.txt [ Cookie:system@clicks.thespecialsearch.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NQSOW06M.txt [ Cookie:system@goodcholesterolcount.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\93SVYGAW.txt [ Cookie:system@trafficmp.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\JCR8I69Z.txt [ Cookie:system@collective-media.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\Z5XIVQQU.txt [ Cookie:system@ads.pointroll.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\LBC907BX.txt [ Cookie:system@xml.prostreammedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0ND1ZSMP.txt [ Cookie:system@clickthrough.kanoodle.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NY1QZM0S.txt [ Cookie:system@ero-advertising.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\677WV0I2.txt [ Cookie:system@amazon-adsystem.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\URHG8182.txt [ Cookie:system@realmedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3XYT0RJI.txt [ Cookie:system@burstnet.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZBNT20YN.txt [ Cookie:system@adjuggler.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\2TNYGB45.txt [ Cookie:system@adbrite.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\5GCMHQL5.txt [ Cookie:system@yieldmanager.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ERUMVWDJ.txt [ Cookie:system@servedby.adxserve.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\E9C5HGGU.txt [ Cookie:system@apmebf.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\VVMAE16M.txt [ Cookie:system@adxpose.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\50QS5IWJ.txt [ Cookie:system@crackle.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\69OZ0X52.txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NQRJ7BF8.txt [ Cookie:system@great-deal-find.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7ILCRZPW.txt [ Cookie:system@pro-market.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\58UYEJO0.txt [ Cookie:system@media.withamymac.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\9LCFC5UG.txt [ Cookie:system@casalemedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3IZS37G3.txt [ Cookie:system@adserver.adtechus.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0GJQ2NDZ.txt [ Cookie:system@questionmarket.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\TTP7LH9D.txt [ Cookie:system@tag.2bluemedia.hiro.tv/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\VJAHYPHW.txt [ Cookie:system@test.sem-tracking-analytics.com/test/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZYLKPAL3.txt [ Cookie:system@tribalfusion.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ONZ4O01N.txt [ Cookie:system@statcounter.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZA64QIO7.txt [ Cookie:system@247realmedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\M01SZ7WB.txt [ Cookie:system@smartadserver.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FI0VNUDJ.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ATCBLLDZ.txt [ Cookie:system@lokyfind.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\5WGHFCFG.txt [ Cookie:system@adtech.de/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\1B3KEFGE.txt [ Cookie:system@clicksor.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\KD33LRVY.txt [ Cookie:system@web-traffic-analysis.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\9X6D65SL.txt [ Cookie:system@mm.chitika.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NG074300.txt [ Cookie:system@advertising.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SZ1O4NQQ.txt [ Cookie:system@citi.bridgetrack.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\92353JB4.txt [ Cookie:system@adserving.ezanga.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SJIZVR67.txt [ Cookie:system@youngbucks.rotator.hadj7.adjuggler.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SIZGQ520.txt [ Cookie:system@my.enveromedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XZV321RD.txt [ Cookie:system@ads.gamersmedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\6SM8EGJW.txt [ Cookie:system@www.google.com/adsense/support ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\KIX6BOCP.txt [ Cookie:system@geltmedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\02VJIP3F.txt [ Cookie:system@support.google.com/adsense/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CPKYLE67.txt [ Cookie:system@tacoda.at.atwola.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\HMHW71FF.txt [ Cookie:system@fromtofind.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\GMW27E86.txt [ Cookie:system@bluesearchlocal.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\QBSQ1GRJ.txt [ Cookie:system@media6degrees.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8HPTZYU1.txt [ Cookie:system@ar.atwola.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\63UG7H80.txt [ Cookie:system@goclicker.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8XI6ZY00.txt [ Cookie:system@a1.interclick.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\9Y3ZEPNG.txt [ Cookie:system@bridge1.admarketplace.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\I2FD5E7D.txt [ Cookie:system@adsonar.com/adserving ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4PYWR7DW.txt [ Cookie:system@klpfind.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\13FQ2RV6.txt [ Cookie:system@bluesearchonline.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BOD6IH18.txt [ Cookie:system@eyewonder.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\UKLLHO05.txt [ Cookie:system@ezsearchresults.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\E7MVHL7B.txt [ Cookie:system@getclicky.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3N12GX7E.txt [ Cookie:system@teengarage.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8NOBZOJH.txt [ Cookie:system@tricklefind.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\AI79CQ0Q.txt [ Cookie:system@cleangreenfind.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\YCYXQL5D.txt [ Cookie:system@seek-your.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7J5BC3HH.txt [ Cookie:system@ghmedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BOB4UZA3.txt [ Cookie:system@www.enveromedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\VE3X8AIM.txt [ Cookie:system@adup.rotator.hadj7.adjuggler.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\50BU1BUA.txt [ Cookie:system@ox-d.fondnessmedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\45SHNI7Q.txt [ Cookie:system@zero-seek.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\1IS6XLRK.txt [ Cookie:system@statse.webtrendslive.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\18LJ3CYF.txt [ Cookie:system@openx.overadmedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3DHDG9BC.txt [ Cookie:system@bizzclick.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\JF58LRMM.txt [ Cookie:system@filter.plusfind.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FNQRV7D1.txt [ Cookie:system@network.realmedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\6B9RIB0N.txt [ Cookie:system@smashfind.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\RWJL8ZRM.txt [ Cookie:system@findstops.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CPLS1NHB.txt [ Cookie:system@azjmp.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FRAYMNT0.txt [ Cookie:system@xml.trafficengine.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\DQSAH17F.txt [ Cookie:system@redseekmedia.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NN64F36W.txt [ Cookie:system@cdn.jemamedia.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SXQ8IMRL.txt [ Cookie:system@advertising.ezanga.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\V20PN69N.txt [ Cookie:system@overture.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\YL24BI2I.txt [ Cookie:system@gotta-get.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\AM23TTFK.txt [ Cookie:system@clickbooth.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\QTOX7FO1.txt [ Cookie:system@click.get-answers-fast.com/ads-clicktrack/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\OS8G5XI0.txt [ Cookie:system@twentyfirstsearch.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\A8PPXG0Z.txt [ Cookie:system@findology.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\JU5BOGTJ.txt [ Cookie:system@networldmedia.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\DL70EMJS.txt [ Cookie:system@s2.trafficno.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BJ28KKKI.txt [ Cookie:system@akamai.interclickproxy.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\6V1Q13OQ.txt [ Cookie:system@nm1.ygatracking.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\YJDS2EOD.txt [ Cookie:system@mediatraffic.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\26FO3EDG.txt [ Cookie:system@linksfind.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BKSKIEGI.txt [ Cookie:system@ads.bridgetrack.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8RGJ7BB5.txt [ Cookie:system@trackalyzer.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0RO31MQ9.txt [ Cookie:system@ajpn.rotator.hadj1.adjuggler.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FJRN9MPO.txt [ Cookie:system@ggpublishing.rotator.hadj7.adjuggler.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\TBW95FWD.txt [ Cookie:system@static.getclicky.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CPJD3X9A.txt [ Cookie:system@boom-find.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\1BXWR81D.txt [ Cookie:system@yourgoodsearch.com/click/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\DF9B6BRH.txt [ Cookie:system@kontera.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4MDBDADW.txt [ Cookie:system@content.yieldmanager.com/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0OQIXHU3.txt [ Cookie:system@ads.networldmedia.net/ ]
         C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\AO7ZTS8F.txt [ Cookie:system@xiti.com/ ]
         .adinterax.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .adinterax.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .specificmedia.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .interclick.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .interclick.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .interclick.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .apmebf.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .apmebf.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         tracking.foundry42.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         tracking.foundry42.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .atdmt.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .2o7.net [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .2o7.net [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .revsci.net [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .adbrite.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
         .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\DONNAKEL

      brc3404

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Unknown
        Re: Need help with an unknown infection.
        « Reply #3 on: March 30, 2012, 01:22:10 AM »
        Super Dave, please disregard my previous about providing a anti malware bytes log from a few days ago (it was a quick scan) Il post the results of the anti malware bytes FULL SCAN later on today. Thanks!



        SuperDave

        • Malware Removal Specialist


        • Sage
        • Thanked: 852
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: Need help with an unknown infection.
        « Reply #4 on: March 30, 2012, 11:33:03 AM »
        Download Combofix from any of the links below, and save it to your desktop

        Link 1
        Link 2
        Link 3

        To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
        • Close any open windows and double click ComboFix.exe to run it.

          You will see the following image:


        Click I Agree to start the program.

        ComboFix will then extract the necessary files and you will see this:



        As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

        It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

        If you did not have it installed, you will see the prompt below. Choose YES.



        Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

        **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

        Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



        Click on Yes, to continue scanning for malware.

        When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

        Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

        Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

        brc3404

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Unknown
          Re: Need help with an unknown infection.
          « Reply #5 on: March 31, 2012, 01:33:00 PM »
          Super Dave,
          Ive ran into a bit of a speed bump. Before running combo, i tried disabling my anti virus. (AVG Free 12). It will only allow me to temporarily disable for no longer than 15 mins, then you have to refresh the timer. In doing this, as you mentioned it probley would, the computer locked up while running combo fix. Any suggestions on how to completely shut down avg untill i wanna turn it back on? Also Im using team viewer (remote control software) to perform these actions on the infected computer. Should i not be doing this?
          Brett

          brc3404

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Unknown
            Re: Need help with an unknown infection.
            « Reply #6 on: March 31, 2012, 02:58:36 PM »
            I ran msconfig and unchecked the avg tray from the startup. On re start of windows, avg didnt not appear. However tried running combo fix and i get a warning message that it detects avg 12 scanner/security running. then it goes onto warn about causing damage to the cmputer if it continues scanning. Only option for disabling avg protection is for a maximum of 15 mins. Without bringing avg up and resetting the disable timer every 15 mins, im not sure how im going to get this combofix scan to complete?
            Please let me know
            Brett

            SuperDave

            • Malware Removal Specialist


            • Sage
            • Thanked: 852
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Need help with an unknown infection.
            « Reply #7 on: March 31, 2012, 05:09:50 PM »
            Do your computer a favour and download and install MSE from the list below. Once MSE is installed and activated, please uninstall AVG. 

            Microsoft Security Essentials for Windows XP

            Let's see what security is running on that computer.

            Download Security Check by screen317 from one of the following links and save it to your desktop.

            Link 1
            Link 2

            * Double-click Security Check.bat
            * Follow the on-screen instructions inside of the black box.
            * A Notepad document should open automatically called checkup.txt
            * Post the contents of that document in your next reply.

            Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

            brc3404

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Unknown
              Re: Need help with an unknown infection.
              « Reply #8 on: March 31, 2012, 08:10:32 PM »
               Results of screen317's Security Check version 0.99.32 
               Windows XP Service Pack 3 x86   
               Internet Explorer 8 
              ``````````````````````````````
              Antivirus/Firewall Check:

               Windows Firewall Enabled! 
               AVG 2012     
               McAfee UnInstaller     
              ```````````````````````````````
              Anti-malware/Other Utilities Check:

               SUPERAntiSpyware     
               Java(TM) 6 Update 20 
               Java version out of date!
               Adobe Reader 9 Adobe Reader out of date!
               Mozilla Firefox (3.6.13) Firefox out of Date! 
              ````````````````````````````````
              Process Check: 
              objlist.exe by Laurent

               AVG avgwdsvc.exe
               AVG avgrsx.exe
               AVG avgnsx.exe
               AVG avgemc.exe
              ``````````End of Log````````````

              brc3404

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Unknown
                Re: Need help with an unknown infection.
                « Reply #9 on: April 01, 2012, 04:09:49 AM »
                Super Dave, i was able to complete the anti malware bytes scan.....

                Malwarebytes Anti-Malware (Trial) 1.60.1.1000
                www.malwarebytes.org

                Database version: v2012.03.31.14

                Windows XP Service Pack 3 x86 NTFS
                Internet Explorer 8.0.6001.18702
                donnakeller :: DONNA [administrator]

                Protection: Disabled

                3/31/2012 11:09:15 PM
                mbam-log-2012-03-31 (23-09-15).txt

                Scan type: Full scan
                Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
                Scan options disabled: P2P
                Objects scanned: 291479
                Time elapsed: 1 hour(s), 19 minute(s), 53 second(s)

                Memory Processes Detected: 0
                (No malicious items detected)

                Memory Modules Detected: 0
                (No malicious items detected)

                Registry Keys Detected: 0
                (No malicious items detected)

                Registry Values Detected: 0
                (No malicious items detected)

                Registry Data Items Detected: 0
                (No malicious items detected)

                Folders Detected: 0
                (No malicious items detected)

                Files Detected: 0
                (No malicious items detected)

                (end)

                brc3404

                  Topic Starter


                  Rookie

                  • Experience: Beginner
                  • OS: Unknown
                  Re: Need help with an unknown infection.
                  « Reply #10 on: April 01, 2012, 07:39:36 AM »
                  Ok, sorry I went back and reread our entire thread and noticed i missed a step. I will download mse, uninstall avg 12 and hopefully that will allow me to run combofix. I didnt notice this before, only dowlnloaded and ran security check. If all goes well, I will post combofix log around 6pm eastern today. Thanks
                  Brett

                  brc3404

                    Topic Starter


                    Rookie

                    • Experience: Beginner
                    • OS: Unknown
                    Re: Need help with an unknown infection.
                    « Reply #11 on: April 01, 2012, 08:53:38 PM »
                    Super Dave,
                     I uninstalled Avg, and installed Mse. Attempted to run combofix twice. 2 different combo fix scans, both times it has locked up windows completely. Combofix says creating a restore point, and then no confirmation. Within 5 mins a beep is heard. It says infected Rootkit.0 It has inserted itself into tcp/ip stack This is a particulary difficult infection. Next, within several minutes another beep, scanning for infected files, this typically doesnt take more than 10 minutes. However, scan times for badly infected machines may easily double. No more than 5 mins after this message, it states rootkit is detected. Be patient as this may take some moments. If for any reason your unable to connect to internet after running combofix, reboot once and see if that fixes it. If not fixed, run combofix one more time.  At this point, it FREEZES! Any kind advice before I throw this machine from a 2 story building......grrrrrrrrr lol. Just a thugh the combofix program im running has a blue background. Is there a more recent one I can use?
                    Thanks'
                     Brett

                    SuperDave

                    • Malware Removal Specialist


                    • Sage
                    • Thanked: 852
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 8
                    Re: Need help with an unknown infection.
                    « Reply #12 on: April 02, 2012, 12:53:59 PM »
                    Ok. Just hold off on ComboFix for now and try running this scan.

                    Please download TDSSKiller from here and save it to your Desktop.
                    • Doubleclick TDSSKiller.exe to run the tool
                    • Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)

                    • After the scan has finished, click the Close button
                    • Click the Report button and copy/paste the contents of it into your next reply
                    • Note:It will also create a log in the C:\ directory.
                    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

                    brc3404

                      Topic Starter


                      Rookie

                      • Experience: Beginner
                      • OS: Unknown
                      Re: Need help with an unknown infection.
                      « Reply #13 on: April 02, 2012, 07:04:46 PM »
                      20:31:37.0296 1136   TDSS rootkit removing tool 2.7.24.0 Apr  2 2012 10:31:48
                      20:31:37.0921 1136   ============================================================
                      20:31:37.0921 1136   Current date / time: 2012/04/02 20:31:37.0921
                      20:31:37.0921 1136   SystemInfo:
                      20:31:37.0921 1136   
                      20:31:37.0921 1136   OS Version: 5.1.2600 ServicePack: 3.0
                      20:31:37.0921 1136   Product type: Workstation
                      20:31:37.0921 1136   ComputerName: DONNA
                      20:31:37.0921 1136   UserName: donnakeller
                      20:31:37.0921 1136   Windows directory: C:\WINDOWS
                      20:31:37.0921 1136   System windows directory: C:\WINDOWS
                      20:31:37.0921 1136   Processor architecture: Intel x86
                      20:31:37.0921 1136   Number of processors: 1
                      20:31:37.0921 1136   Page size: 0x1000
                      20:31:37.0921 1136   Boot type: Normal boot
                      20:31:37.0921 1136   ============================================================
                      20:31:40.0406 1136   Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
                      20:31:40.0546 1136   \Device\Harddisk0\DR0:
                      20:31:40.0546 1136   MBR used
                      20:31:40.0546 1136   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
                      20:31:40.0578 1136   Initialize success
                      20:31:40.0578 1136   ============================================================
                      20:31:49.0093 3616   ============================================================
                      20:31:49.0093 3616   Scan started
                      20:31:49.0093 3616   Mode: Manual;
                      20:31:49.0093 3616   ============================================================
                      20:31:49.0421 3616   !SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
                      20:31:49.0421 3616   !SASCORE - ok
                      20:31:49.0531 3616   61883 - ok
                      20:31:49.0578 3616   Abiosdsk - ok
                      20:31:49.0625 3616   abp480n5 - ok
                      20:31:49.0703 3616   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
                      20:31:49.0718 3616   ACPI - ok
                      20:31:49.0859 3616   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
                      20:31:49.0890 3616   ACPIEC - ok
                      20:31:49.0984 3616   adpu160m - ok
                      20:31:50.0109 3616   AdvancedSystemCareService5 (e410da575ff48d976b41670c6d262a82) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
                      20:31:50.0125 3616   AdvancedSystemCareService5 - ok
                      20:31:50.0296 3616   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
                      20:31:50.0312 3616   aec - ok
                      20:31:50.0437 3616   AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
                      20:31:50.0437 3616   AFD - ok
                      20:31:50.0546 3616   Aha154x - ok
                      20:31:50.0609 3616   aic78u2 - ok
                      20:31:50.0671 3616   aic78xx - ok
                      20:31:51.0015 3616   ALCXWDM         (0a24f3d25cde25a2eb6f2f9770fc471b) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
                      20:31:51.0328 3616   ALCXWDM - ok
                      20:31:51.0468 3616   Alerter         (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
                      20:31:51.0484 3616   Alerter - ok
                      20:31:51.0546 3616   ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
                      20:31:51.0562 3616   ALG - ok
                      20:31:51.0609 3616   AliIde - ok
                      20:31:51.0687 3616   AmdK7           (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
                      20:31:51.0687 3616   AmdK7 - ok
                      20:31:51.0828 3616   AmeLanPc - ok
                      20:31:51.0890 3616   amsint - ok
                      20:31:51.0937 3616   apphostsvc - ok
                      20:31:51.0968 3616   AppMgmt - ok
                      20:31:52.0000 3616   areschatserver - ok
                      20:31:52.0062 3616   asc - ok
                      20:31:52.0109 3616   asc3350p - ok
                      20:31:52.0156 3616   asc3550 - ok
                      20:31:52.0187 3616   asp.net - ok
                      20:31:52.0281 3616   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
                      20:31:52.0281 3616   AsyncMac - ok
                      20:31:52.0359 3616   atalk - ok
                      20:31:52.0437 3616   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
                      20:31:52.0453 3616   atapi - ok
                      20:31:52.0562 3616   Atdisk - ok
                      20:31:52.0640 3616   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
                      20:31:52.0640 3616   Atmarpc - ok
                      20:31:52.0750 3616   AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
                      20:31:52.0750 3616   AudioSrv - ok
                      20:31:52.0843 3616   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
                      20:31:52.0843 3616   audstub - ok
                      20:31:52.0968 3616   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
                      20:31:53.0000 3616   Beep - ok
                      20:31:53.0109 3616   BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
                      20:31:53.0125 3616   BITS - ok
                      20:31:53.0250 3616   Browser         (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
                      20:31:53.0281 3616   Browser - ok
                      20:31:53.0343 3616   bthport - ok
                      20:31:53.0437 3616   bvrp_pci - ok
                      20:31:53.0453 3616   CAM1210 - ok
                      20:31:53.0671 3616   catchme - ok
                      20:31:53.0812 3616   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
                      20:31:53.0843 3616   cbidf2k - ok
                      20:31:53.0953 3616   cd20xrnt - ok
                      20:31:54.0015 3616   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
                      20:31:54.0031 3616   Cdaudio - ok
                      20:31:54.0109 3616   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
                      20:31:54.0125 3616   Cdfs - ok
                      20:31:54.0265 3616   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
                      20:31:54.0265 3616   Cdrom - ok
                      20:31:54.0359 3616   Changer - ok
                      20:31:54.0406 3616   cis1284 - ok
                      20:31:54.0468 3616   CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
                      20:31:54.0468 3616   CiSvc - ok
                      20:31:54.0546 3616   ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
                      20:31:54.0562 3616   ClipSrv - ok
                      20:31:54.0609 3616   CmdIde - ok
                      20:31:54.0656 3616   COMSysApp - ok
                      20:31:54.0718 3616   Cpqarray - ok
                      20:31:54.0781 3616   CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
                      20:31:54.0796 3616   CryptSvc - ok
                      20:31:54.0890 3616   CrystalSysInfo - ok
                      20:31:54.0921 3616   CVPND - ok
                      20:31:55.0031 3616   dac2w2k - ok
                      20:31:55.0062 3616   dac960nt - ok
                      20:31:55.0203 3616   DcomLaunch      (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
                      20:31:55.0218 3616   DcomLaunch - ok
                      20:31:55.0312 3616   DfwWebAgent - ok
                      20:31:55.0390 3616   Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
                      20:31:55.0406 3616   Dhcp - ok
                      20:31:55.0500 3616   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
                      20:31:55.0515 3616   Disk - ok
                      20:31:55.0593 3616   dladresn - ok
                      20:31:55.0640 3616   dmadmin - ok
                      20:31:55.0765 3616   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
                      20:31:55.0828 3616   dmboot - ok
                      20:31:55.0984 3616   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
                      20:31:56.0000 3616   dmio - ok
                      20:31:56.0125 3616   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
                      20:31:56.0125 3616   dmload - ok
                      20:31:56.0218 3616   dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
                      20:31:56.0218 3616   dmserver - ok
                      20:31:56.0312 3616   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
                      20:31:56.0328 3616   DMusic - ok
                      20:31:56.0421 3616   Dnscache        (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
                      20:31:56.0421 3616   Dnscache - ok
                      20:31:56.0500 3616   Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
                      20:31:56.0500 3616   Dot3svc - ok
                      20:31:56.0640 3616   dpti2o - ok
                      20:31:56.0796 3616   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
                      20:31:56.0812 3616   drmkaud - ok
                      20:31:56.0890 3616   E1000 - ok
                      20:31:56.0953 3616   EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
                      20:31:56.0968 3616   EapHost - ok
                      20:31:57.0031 3616   enethusb - ok
                      20:31:57.0109 3616   ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
                      20:31:57.0125 3616   ERSvc - ok
                      20:31:57.0171 3616   Eventlog        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
                      20:31:57.0171 3616   Eventlog - ok
                      20:31:57.0281 3616   EventSystem     (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
                      20:31:57.0296 3616   EventSystem - ok
                      20:31:57.0390 3616   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
                      20:31:57.0421 3616   Fastfat - ok
                      20:31:57.0515 3616   FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
                      20:31:57.0531 3616   FastUserSwitchingCompatibility - ok
                      20:31:57.0671 3616   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
                      20:31:57.0671 3616   Fdc - ok
                      20:31:57.0796 3616   FET5X86V        (8787449f8ef116db0e8e06c3555746a7) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
                      20:31:57.0796 3616   FET5X86V - ok
                      20:31:57.0953 3616   FETNDIS         (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
                      20:31:57.0953 3616   FETNDIS - ok
                      20:31:58.0078 3616   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
                      20:31:58.0093 3616   Fips - ok
                      20:31:58.0281 3616   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
                      20:31:58.0312 3616   Flpydisk - ok
                      20:31:58.0437 3616   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
                      20:31:58.0437 3616   FltMgr - ok
                      20:31:58.0500 3616   fsbwsys - ok
                      20:31:58.0562 3616   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
                      20:31:58.0578 3616   Fs_Rec - ok
                      20:31:58.0625 3616   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
                      20:31:58.0640 3616   Ftdisk - ok
                      20:31:58.0703 3616   FVXSCSI - ok
                      20:31:58.0781 3616   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
                      20:31:58.0781 3616   GEARAspiWDM - ok
                      20:31:58.0937 3616   GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                      20:31:59.0000 3616   GoogleDesktopManager-051210-111108 - ok
                      20:31:59.0125 3616   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
                      20:31:59.0140 3616   Gpc - ok
                      20:31:59.0234 3616   gupdate - ok
                      20:31:59.0250 3616   gupdatem - ok
                      20:31:59.0312 3616   gusvc           (2d56477f53a9a0666458611039de6e5f) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      20:31:59.0500 3616   gusvc - ok
                      20:31:59.0718 3616   HCF_MSFT        (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
                      20:31:59.0750 3616   HCF_MSFT - ok
                      20:31:59.0828 3616   helpsvc - ok
                      20:31:59.0953 3616   HFACSVC - ok
                      20:31:59.0984 3616   HidServ - ok
                      20:32:00.0078 3616   HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
                      20:32:00.0093 3616   HidUsb - ok
                      20:32:00.0187 3616   hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
                      20:32:00.0187 3616   hkmsvc - ok
                      20:32:00.0250 3616   houdiniserver - ok
                      20:32:00.0312 3616   hpn - ok
                      20:32:00.0453 3616   hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
                      20:32:00.0468 3616   hpqcxs08 - ok
                      20:32:00.0515 3616   hpqddsvc        (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
                      20:32:00.0859 3616   hpqddsvc - ok
                      20:32:00.0953 3616   HPSLPSVC - ok
                      20:32:01.0015 3616   HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
                      20:32:01.0031 3616   HPZid412 - ok
                      20:32:01.0156 3616   HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
                      20:32:01.0156 3616   HPZipr12 - ok
                      20:32:01.0265 3616   HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
                      20:32:01.0296 3616   HPZius12 - ok
                      20:32:01.0437 3616   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
                      20:32:01.0437 3616   HTTP - ok
                      20:32:01.0593 3616   HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
                      20:32:01.0640 3616   HTTPFilter - ok
                      20:32:01.0687 3616   hwdatacard - ok
                      20:32:01.0734 3616   i2omgmt - ok
                      20:32:01.0812 3616   i2omp - ok
                      20:32:01.0890 3616   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
                      20:32:01.0890 3616   i8042prt - ok
                      20:32:01.0968 3616   iaimfp2 - ok
                      20:32:02.0015 3616   iksysflt - ok
                      20:32:02.0109 3616   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
                      20:32:02.0140 3616   Imapi - ok
                      20:32:02.0234 3616   ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
                      20:32:02.0250 3616   ImapiService - ok
                      20:32:02.0343 3616   ini910u - ok
                      20:32:02.0406 3616   IntelIde - ok
                      20:32:02.0484 3616   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
                      20:32:02.0484 3616   Ip6Fw - ok
                      20:32:02.0640 3616   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
                      20:32:02.0656 3616   IpFilterDriver - ok
                      20:32:02.0828 3616   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
                      20:32:02.0859 3616   IpInIp - ok
                      20:32:03.0000 3616   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
                      20:32:03.0000 3616   IpNat - ok
                      20:32:03.0125 3616   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
                      20:32:03.0203 3616   IPSec - ok
                      20:32:03.0281 3616   ipsraidn - ok
                      20:32:03.0359 3616   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
                      20:32:03.0375 3616   IRENUM - ok
                      20:32:03.0437 3616   irsir - ok
                      20:32:03.0468 3616   isamsmt - ok
                      20:32:03.0546 3616   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
                      20:32:03.0546 3616   isapnp - ok
                      20:32:03.0687 3616   JavaQuickStarterService (907f9055b52b6876052ef371711994d6) C:\Program Files\Java\jre6\bin\jqs.exe
                      20:32:03.0906 3616   JavaQuickStarterService - ok
                      20:32:04.0062 3616   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
                      20:32:04.0062 3616   Kbdclass - ok
                      20:32:04.0203 3616   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
                      20:32:04.0218 3616   kmixer - ok
                      20:32:04.0343 3616   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
                      20:32:04.0343 3616   KSecDD - ok
                      20:32:04.0406 3616   lanmanserver    (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
                      20:32:04.0421 3616   lanmanserver - ok
                      20:32:04.0500 3616   lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
                      20:32:04.0500 3616   lanmanworkstation - ok
                      20:32:04.0546 3616   lbrtfdc - ok
                      20:32:04.0656 3616   LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
                      20:32:04.0671 3616   LmHosts - ok
                      20:32:04.0703 3616   magictuneengine - ok
                      20:32:04.0828 3616   MBAMProtector - ok
                      20:32:04.0968 3616   MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
                      20:32:05.0187 3616   MBAMService - ok
                      20:32:05.0343 3616   mchInjDrv       (9971aa2d16cb558358d6f6f3b5055cba) C:\WINDOWS\system32\Drivers\mchInjDrv.sys
                      20:32:05.0359 3616   mchInjDrv - ok
                      20:32:05.0468 3616   Messenger       (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
                      20:32:05.0500 3616   Messenger - ok
                      20:32:05.0531 3616   mi-raysat_3dsmax9_32 - ok
                      20:32:05.0609 3616   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
                      20:32:05.0625 3616   mnmdd - ok
                      20:32:05.0718 3616   mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
                      20:32:05.0718 3616   mnmsrvc - ok
                      20:32:05.0828 3616   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
                      20:32:05.0828 3616   Modem - ok
                      20:32:05.0953 3616   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
                      20:32:05.0968 3616   Mouclass - ok
                      20:32:06.0078 3616   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
                      20:32:06.0093 3616   mouhid - ok
                      20:32:06.0234 3616   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
                      20:32:06.0234 3616   MountMgr - ok
                      20:32:06.0359 3616   MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
                      20:32:06.0375 3616   MpFilter - ok
                      20:32:06.0562 3616   MpKsl57838d2f   (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C03EC8F7-18DB-4347-B3D9-8615E8FE4F12}\MpKsl57838d2f.sys
                      20:32:06.0562 3616   MpKsl57838d2f - ok
                      20:32:06.0656 3616   mr2kserv - ok
                      20:32:06.0703 3616   mraid35x - ok
                      20:32:06.0781 3616   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
                      20:32:06.0796 3616   MRxDAV - ok
                      20:32:06.0953 3616   MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
                      20:32:06.0953 3616   MRxSmb - ok
                      20:32:07.0046 3616   MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
                      20:32:07.0078 3616   MSDTC - ok
                      20:32:07.0187 3616   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
                      20:32:07.0203 3616   Msfs - ok
                      20:32:07.0265 3616   MSIServer - ok
                      20:32:07.0359 3616   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
                      20:32:07.0359 3616   MSKSSRV - ok
                      20:32:07.0468 3616   MsMpSvc         (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
                      20:32:07.0500 3616   MsMpSvc - ok
                      20:32:07.0687 3616   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
                      20:32:07.0703 3616   MSPCLOCK - ok
                      20:32:07.0828 3616   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
                      20:32:07.0828 3616   MSPQM - ok
                      20:32:07.0953 3616   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
                      20:32:07.0953 3616   mssmbios - ok
                      20:32:08.0093 3616   Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
                      20:32:08.0093 3616   Mup - ok
                      20:32:08.0171 3616   MxlW2k - ok
                      20:32:08.0234 3616   napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
                      20:32:08.0250 3616   napagent - ok
                      20:32:08.0375 3616   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
                      20:32:08.0390 3616   NDIS - ok
                      20:32:08.0500 3616   NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
                      20:32:08.0500 3616   NdisTapi - ok
                      20:32:08.0609 3616   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
                      20:32:08.0609 3616   Ndisuio - ok
                      20:32:08.0750 3616   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
                      20:32:08.0781 3616   NdisWan - ok
                      20:32:08.0890 3616   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
                      20:32:08.0890 3616   NDProxy - ok
                      20:32:08.0984 3616   Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
                      20:32:09.0000 3616   Net Driver HPZ12 - ok
                      20:32:09.0078 3616   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
                      20:32:09.0078 3616   NetBIOS - ok
                      20:32:09.0218 3616   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
                      20:32:09.0218 3616   NetBT - ok
                      20:32:09.0328 3616   NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
                      20:32:09.0375 3616   NetDDE - ok
                      20:32:09.0390 3616   NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
                      20:32:09.0390 3616   NetDDEdsdm - ok
                      20:32:09.0515 3616   Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
                      20:32:09.0515 3616   Netlogon - ok
                      20:32:09.0609 3616   Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
                      20:32:09.0625 3616   Netman - ok
                      20:32:09.0765 3616   nimcdfxk - ok
                      20:32:09.0843 3616   Nla             (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
                      20:32:09.0859 3616   Nla - ok
                      20:32:10.0015 3616   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
                      20:32:10.0015 3616   Npfs - ok
                      20:32:10.0187 3616   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
                      20:32:10.0218 3616   Ntfs - ok
                      20:32:10.0312 3616   NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
                      20:32:10.0328 3616   NtLmSsp - ok
                      20:32:10.0406 3616   NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
                      20:32:10.0437 3616   NtmsSvc - ok
                      20:32:10.0578 3616   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
                      20:32:10.0578 3616   Null - ok
                      20:32:10.0718 3616   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
                      20:32:10.0718 3616   NwlnkFlt - ok
                      20:32:10.0843 3616   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
                      20:32:10.0843 3616   NwlnkFwd - ok
                      20:32:11.0000 3616   odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
                      20:32:11.0203 3616   odserv - ok
                      20:32:11.0343 3616   opcenum - ok
                      20:32:11.0437 3616   ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                      20:32:11.0640 3616   ose - ok
                      20:32:12.0031 3616   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
                      20:32:12.0046 3616   Parport - ok
                      20:32:12.0218 3616   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
                      20:32:12.0234 3616   PartMgr - ok
                      20:32:12.0390 3616   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
                      20:32:12.0390 3616   ParVdm - ok
                      20:32:12.0593 3616   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
                      20:32:12.0609 3616   PCI - ok
                      20:32:12.0968 3616   PCIDump - ok
                      20:32:13.0062 3616   PCIIde - ok
                      20:32:13.0171 3616   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
                      20:32:13.0171 3616   Pcmcia - ok
                      20:32:13.0265 3616   PDCOMP - ok
                      20:32:13.0312 3616   PDFRAME - ok
                      20:32:13.0375 3616   PDRELI - ok
                      20:32:13.0421 3616   PDRFRAME - ok
                      20:32:13.0468 3616   perc2 - ok
                      20:32:13.0515 3616   perc2hib - ok
                      20:32:13.0593 3616   PGPdisk - ok
                      20:32:13.0703 3616   PlugPlay        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
                      20:32:13.0703 3616   PlugPlay - ok
                      20:32:13.0796 3616   Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
                      20:32:13.0796 3616   Pml Driver HPZ12 - ok
                      20:32:13.0921 3616   PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
                      20:32:13.0921 3616   PolicyAgent - ok
                      20:32:14.0359 3616   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
                      20:32:14.0359 3616   PptpMiniport - ok
                      20:32:14.0421 3616   prosync1 - ok
                      20:32:14.0562 3616   ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
                      20:32:14.0562 3616   ProtectedStorage - ok
                      20:32:14.0968 3616   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
                      20:32:14.0968 3616   PSched - ok
                      20:32:15.0078 3616   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
                      20:32:15.0078 3616   Ptilink - ok
                      20:32:15.0203 3616   PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
                      20:32:15.0218 3616   PxHelp20 - ok
                      20:32:15.0296 3616   ql1080 - ok
                      20:32:15.0375 3616   Ql10wnt - ok
                      20:32:15.0453 3616   ql12160 - ok
                      20:32:15.0484 3616   ql1240 - ok
                      20:32:15.0546 3616   ql1280 - ok
                      20:32:15.0593 3616   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
                      20:32:15.0593 3616   RasAcd - ok
                      20:32:15.0671 3616   RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
                      20:32:15.0671 3616   RasAuto - ok
                      20:32:15.0828 3616   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
                      20:32:15.0875 3616   Rasl2tp - ok
                      20:32:15.0984 3616   RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
                      20:32:15.0984 3616   RasMan - ok
                      20:32:16.0109 3616   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
                      20:32:16.0125 3616   RasPppoe - ok
                      20:32:16.0250 3616   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
                      20:32:16.0250 3616   Raspti - ok
                      20:32:16.0359 3616   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
                      20:32:16.0375 3616   Rdbss - ok
                      20:32:16.0500 3616   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
                      20:32:16.0515 3616   RDPCDD - ok
                      20:32:16.0671 3616   RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
                      20:32:16.0671 3616   RDPWD - ok
                      20:32:16.0765 3616   RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
                      20:32:16.0781 3616   RDSessMgr - ok
                      20:32:16.0937 3616   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
                      20:32:16.0937 3616   redbook - ok
                      20:32:17.0031 3616   RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
                      20:32:17.0031 3616   RemoteAccess - ok
                      20:32:17.0125 3616   RpcLocator      (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
                      20:32:17.0140 3616   RpcLocator - ok
                      20:32:17.0171 3616   rpcnet - ok
                      20:32:17.0281 3616   RpcSs           (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
                      20:32:17.0281 3616   RpcSs - ok
                      20:32:17.0375 3616   RR2Mjpeg - ok
                      20:32:17.0437 3616   RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
                      20:32:17.0453 3616   RSVP - ok
                      20:32:17.0484 3616   rt73 - ok
                      20:32:17.0531 3616   s716bus - ok
                      20:32:17.0593 3616   SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
                      20:32:17.0593 3616   SamSs - ok
                      20:32:17.0687 3616   SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
                      20:32:17.0687 3616   SASDIFSV - ok
                      20:32:17.0718 3616   SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
                      20:32:17.0734 3616   SASKUTIL - ok
                      20:32:17.0906 3616   SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
                      20:32:17.0937 3616   SCardSvr - ok
                      20:32:18.0000 3616   Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
                      20:32:18.0000 3616   Schedule - ok
                      20:32:18.0093 3616   screadspool - ok
                      20:32:18.0203 3616   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
                      20:32:18.0203 3616   Secdrv - ok
                      20:32:18.0312 3616   seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
                      20:32:18.0328 3616   seclogon - ok
                      20:32:18.0406 3616   SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
                      20:32:18.0421 3616   SENS - ok
                      20:32:18.0500 3616   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
                      20:32:18.0500 3616   serenum - ok
                      20:32:18.0625 3616   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
                      20:32:18.0656 3616   Serial - ok
                      20:32:18.0765 3616   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
                      20:32:18.0781 3616   Sfloppy - ok
                      20:32:18.0859 3616   sfrem01 - ok
                      20:32:18.0937 3616   SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
                      20:32:18.0937 3616   SharedAccess - ok
                      20:32:19.0078 3616   ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
                      20:32:19.0078 3616   ShellHWDetection - ok
                      20:32:19.0187 3616   Simbad - ok
                      20:32:19.0234 3616   SNC - ok
                      20:32:19.0265 3616   Sparrow - ok
                      20:32:19.0343 3616   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
                      20:32:19.0343 3616   splitter - ok
                      20:32:19.0484 3616   Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
                      20:32:19.0484 3616   Spooler - ok
                      20:32:19.0609 3616   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
                      20:32:19.0609 3616   sr - ok
                      20:32:19.0703 3616   srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
                      20:32:19.0718 3616   srservice - ok
                      20:32:19.0843 3616   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
                      20:32:19.0859 3616   Srv - ok
                      20:32:19.0953 3616   SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
                      20:32:19.0968 3616   SSDPSRV - ok
                      20:32:20.0140 3616   stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
                      20:32:20.0156 3616   stisvc - ok
                      20:32:20.0250 3616   SunkFilt - ok
                      20:32:20.0328 3616   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
                      20:32:20.0328 3616   swenum - ok
                      20:32:20.0453 3616   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
                      20:32:20.0484 3616   swmidi - ok
                      20:32:20.0562 3616   SwPrv - ok
                      20:32:20.0640 3616   symc810 - ok
                      20:32:20.0687 3616   symc8xx - ok
                      20:32:20.0765 3616   sym_hi - ok
                      20:32:20.0812 3616   sym_u3 - ok
                      20:32:20.0890 3616   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
                      20:32:20.0906 3616   sysaudio - ok
                      20:32:21.0015 3616   SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
                      20:32:21.0031 3616   SysmonLog - ok
                      20:32:21.0171 3616   TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
                      20:32:21.0187 3616   TapiSrv - ok
                      20:32:21.0296 3616   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
                      20:32:21.0296 3616   Tcpip - ok
                      20:32:21.0437 3616   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
                      20:32:21.0437 3616   TDPIPE - ok
                      20:32:21.0578 3616   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
                      20:32:21.0578 3616   TDTCP - ok
                      20:32:21.0687 3616   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
                      20:32:21.0687 3616   TermDD - ok
                      20:32:21.0828 3616   TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
                      20:32:21.0859 3616   TermService - ok
                      20:32:22.0000 3616   Themes          (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
                      20:32:22.0031 3616   Themes - ok
                      20:32:22.0171 3616   TosIde - ok
                      20:32:22.0187 3616   TPM - ok
                      20:32:22.0218 3616   TPPWRIF - ok
                      20:32:22.0312 3616   TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
                      20:32:22.0312 3616   TrkWks - ok
                      20:32:22.0437 3616   TryAndDecideService - ok
                      20:32:22.0531 3616   uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
                      20:32:22.0546 3616   uagp35 - ok
                      20:32:22.0687 3616   uclauncherservice - ok
                      20:32:22.0781 3616   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
                      20:32:22.0781 3616   Udfs - ok
                      20:32:22.0890 3616   ultra - ok
                      20:32:22.0968 3616   UMWdf           (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
                      20:32:22.0968 3616   UMWdf - ok
                      20:32:23.0375 3616   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
                      20:32:23.0390 3616   Update - ok
                      20:32:23.0500 3616   upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
                      20:32:23.0515 3616   upnphost - ok
                      20:32:23.0687 3616   UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
                      20:32:23.0687 3616   UPS - ok
                      20:32:23.0859 3616   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
                      20:32:23.0859 3616   usbccgp - ok
                      20:32:23.0968 3616   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
                      20:32:23.0968 3616   usbehci - ok
                      20:32:24.0078 3616   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
                      20:32:24.0109 3616   usbhub - ok
                      20:32:24.0265 3616   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
                      20:32:24.0265 3616   usbprint - ok
                      20:32:24.0390 3616   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
                      20:32:24.0406 3616   usbscan - ok
                      20:32:24.0531 3616   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
                      20:32:24.0531 3616   USBSTOR - ok
                      20:32:24.0890 3616   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
                      20:32:24.0906 3616   usbuhci - ok
                      20:32:25.0062 3616   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
                      20:32:25.0078 3616   VgaSave - ok
                      20:32:25.0437 3616   viagfx          (0cc705db634a3bc355887e3d478dd386) C:\WINDOWS\system32\DRIVERS\vtmini.sys
                      20:32:25.0437 3616   viagfx - ok
                      20:32:25.0578 3616   ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
                      20:32:25.0593 3616   ViaIde - ok
                      20:32:25.0718 3616   videX32         (f95c0fcfbcbda6d8f202d2df4052f88d) C:\WINDOWS\system32\DRIVERS\videX32.sys
                      20:32:25.0718 3616   videX32 - ok
                      20:32:25.0875 3616   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
                      20:32:25.0875 3616   VolSnap - ok
                      20:32:26.0078 3616   VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
                      20:32:26.0093 3616   VSS - ok
                      20:32:26.0171 3616   vToolbarUpdater10.2.0 - ok
                      20:32:26.0296 3616   w32time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
                      20:32:26.0312 3616   w32time - ok
                      20:32:26.0593 3616   w550mdm - ok
                      20:32:26.0625 3616   w800bus - ok
                      20:32:26.0671 3616   wampmysqld - ok
                      20:32:26.0750 3616   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
                      20:32:26.0750 3616   Wanarp - ok
                      20:32:27.0109 3616   WDICA - ok
                      20:32:27.0187 3616   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
                      20:32:27.0203 3616   wdmaud - ok
                      20:32:27.0328 3616   WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
                      20:32:27.0328 3616   WebClient - ok
                      20:32:27.0390 3616   websensecommunicationagent - ok
                      20:32:27.0500 3616   winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
                      20:32:27.0734 3616   winmgmt - ok
                      20:32:27.0812 3616   winmtsrv - ok
                      20:32:27.0937 3616   WmdmPmSN        (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll
                      20:32:27.0953 3616   WmdmPmSN - ok
                      20:32:28.0093 3616   WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
                      20:32:28.0265 3616   WmiApSrv - ok
                      20:32:28.0625 3616   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
                      20:32:28.0640 3616   WS2IFSL - ok
                      20:32:28.0781 3616   wscsvc          (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
                      20:32:28.0796 3616   wscsvc - ok
                      20:32:28.0875 3616   wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
                      20:32:28.0875 3616   wuauserv - ok
                      20:32:29.0000 3616   WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
                      20:32:29.0046 3616   WZCSVC - ok
                      20:32:29.0171 3616   xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
                      20:32:29.0187 3616   xmlprov - ok
                      20:32:29.0328 3616   MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
                      20:32:29.0359 3616   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
                      20:32:29.0359 3616   \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
                      20:32:29.0406 3616   Boot (0x1200)   (75aa2e9be50e66c5a253561017a7f899) \Device\Harddisk0\DR0\Partition0
                      20:32:29.0421 3616   \Device\Harddisk0\DR0\Partition0 - ok
                      20:32:29.0421 3616   ============================================================
                      20:32:29.0421 3616   Scan finished
                      20:32:29.0421 3616   ============================================================
                      20:32:29.0453 3472   Detected object count: 1
                      20:32:29.0453 3472   Actual detected object count: 1
                      20:32:41.0890 3472   \Device\Harddisk0\DR0\# - copied to quarantine
                      20:32:41.0906 3472   \Device\Harddisk0\DR0 - copied to quarantine
                      20:32:42.0453 3472   \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
                      20:32:42.0468 3472   \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
                      20:32:42.0484 3472   \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
                      20:32:42.0531 3472   \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
                      20:32:42.0546 3472   \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
                      20:32:42.0593 3472   \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
                      20:32:43.0062 3472   \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
                      20:32:43.0265 3472   \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
                      20:32:43.0343 3472   \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
                      20:32:43.0593 3472   \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
                      20:32:43.0781 3472   \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
                      20:32:43.0921 3472   \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
                      20:32:44.0000 3472   \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
                      20:32:44.0093 3472   \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
                      20:32:44.0234 3472   \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
                      20:32:44.0265 3472   \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
                      20:32:44.0328 3472   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
                      20:32:44.0328 3472   \Device\Harddisk0\DR0 - ok
                      20:32:49.0468 3472   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
                      20:33:09.0093 0948   Deinitialize success


                      brc3404

                        Topic Starter


                        Rookie

                        • Experience: Beginner
                        • OS: Unknown
                        Re: Need help with an unknown infection.
                        « Reply #14 on: April 02, 2012, 07:28:20 PM »
                        Super Dave, according to instructions I wasnt sure if I needed to disable all anti virus as well as anti spyware/malware programs. When TDSS found the rootkit, an alert popped up from mse, saying 4 trojans were found. Under mse history "detected items" it lists 4 files Trojan:WinNT/Alureon.AA, Trojan:Win64/Alureon.gen!I, Trojan:Win32/Alureon.EN, Trojan:Win64/Alureon.gen!G     -  under "alert level" all 4 are severe     - under "date column" todays date and time    - under "action taken" all 4 files say removed. However, directly under the 4 files, are the same 4 files listed above, but under "action taken column" all 4 files say allowed. Sorry if thats too much info for you Super Dave, but it looks as if mse removed them, then immediately "re-allowed" them. At the bottom of mse history window it says
                        Items:
                        file:C:\TDSSKiller_Quarentine\02.04.2012_20.31.37\mbr0000\tdlfs0000\tsk0008.dta (it has this same file path for all 4 files, with the only thing  being different is the tsknumbers.dta for each of the 4 files. I wasnt sure if this would be useful info, but I figured it couldnt hurt to post it.
                        Thanks~!