Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: brc3404 on March 28, 2012, 05:32:30 PM
-
Thanks in advance for taking the time to read this. Im running windows xp home service pack 3. Computer was sending fictious emails from my aol account. Uninstalled AVG Free 12 using avg uninstall tool and successfully reinstalled AVG Free 12. After running first scan, An "infection detected" message from AVG came up. After that, an infection message was coming up about every 5 seconds. So many that it bogged down the computer trying to clear them all. Some items were quarenteened successfully while others failed. While lookking through add/remove programs, I noticed what is called Contextual Tool Bar, when I attempted to uninstall it, AVG infection detected" message appeared. Each time I attempt to uninstall this virus, a different named infection comes us. Im sure this tool bar is just partially the problem, and not entirely to blame. A side note to the add/remove programs, It shows NUMEROUS windows XP updates and hot fixes. Is this normal for all these to show under the add/remove programs? I thought it was suppose to only show the most recent update performed?? I attempted to get msinfo , however reveived an error message. I then went into services and found that help and support had been set to manual. When tring to start the service again, I got another error message. I ran full scans with Computer Care 5, and Antimalware Bytes doing whatever those scans recommended. I tried to install GMER.EXE to run a scan and create a log, error message received upon trying to install, but then GMER started scanning on its own (only a partial system scan). It seems as if every advice I try to follow to clean this thing, it counters my every move ??? Any suggestions? Im using teamviewer (remote connection) software to fix this computer for my mother, as Im 3 states away from her currently. Sorry for the book, I appreciate ANY time in this matter.
-Brett
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
A side note to the add/remove programs, It shows NUMEROUS windows XP updates and hot fixes. Is this normal for all these to show under the add/remove programs?
You can disable this by checking the box at the top marked "Show updates".
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
Super Dave, Im post the superanti log. I have a log from malware bytes from 3 days ago I can also post. If you prefer I dont post that one, I will post the fresh anti malware bytes log sometime later today. Also, I think I made a slight mistake by trying to run dds whithout disabling my AVG, Computer Care 5 , and while the malware bytes scan was running, The dds didnt finish, it may have even locked the computer desktop up. Let me know, and THANKS!!!!!!
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/30/2012 at 02:14 AM
Application Version : 5.0.1146
Core Rules Database Version : 8402
Trace Rules Database Version: 6214
Scan type : Complete Scan
Total Scan Time : 01:56:25
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 447
Memory threats detected : 0
Registry items scanned : 34072
Registry threats detected : 25
File items scanned : 63839
File threats detected : 670
Adware.ShopAtHomeSelect
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\InprocServer32
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\InprocServer32#ThreadingModel
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\ProgID
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\Programmable
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\TypeLib
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}
HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
HKCR\ToolBand.ShopAtHomeIEHelper.1
HKCR\ToolBand.ShopAtHomeIEHelper.1\CLSID
HKCR\ToolBand.ShopAtHomeIEHelper
HKCR\ToolBand.ShopAtHomeIEHelper\CLSID
HKCR\ToolBand.ShopAtHomeIEHelper\CurVer
HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}
HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0
HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\0
HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\0\win32
HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\FLAGS
HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\HELPDIR
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}
HKU\S-1-5-21-1482476501-573735546-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Adware.SelectRebates
C:\Program Files\SELECTREBATES\SRebates.dll
C:\Program Files\SELECTREBATES\Toolbar\ShopAtHomeToolbar1.dll
C:\Program Files\SELECTREBATES\Toolbar
C:\Program Files\SELECTREBATES
Adware.Tracking Cookie
C:\Documents and Settings\donnakeller\Cookies\donnakeller@247realmedia[2].txt [ /247realmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@2o7[1].txt [ /2o7 ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@2o7[2].txt [ /2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /a.websponsors ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /a1.interclick ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /a1.interclick ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /a1.interclick ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /a1.interclick ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /accessvg.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ad.burstdirectads ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ad.sbnation ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ad.wsod ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ad.wsod ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /ad.wsod ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ad.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ad.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /ad.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /ad.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adbrite[1].txt [ /adbrite ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adbrite[2].txt [ /adbrite ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adbureau[1].txt [ /adbureau ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adbureau[2].txt [ /adbureau ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adcentriconline[1].txt [ /adcentriconline ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adecn[1].txt [ /adecn ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adecn[3].txt [ /adecn ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adinterax[1].txt [ /adinterax ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adlegend[1].txt [ /adlegend ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adlegend[2].txt [ /adlegend ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adlegend[3].txt [ /adlegend ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ads-vrx.adbrite ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ads.addynamix ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ads.associatedcontent ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /ads.associatedcontent ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ads.bridgetrack ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ads.bridgetrack ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /ads.bridgetrack ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /ads.bridgetrack ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][6].txt [ /ads.bridgetrack ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ads.cellfish ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ads.cnn ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ads.cnn ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /ads.cnn ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ads.financialcontent ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ads.lockedonmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][10].txt [ /ads.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ads.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ads.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /ads.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /ads.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /ads.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][6].txt [ /ads.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][7].txt [ /ads.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][8].txt [ /ads.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][9].txt [ /ads.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ads.trutv ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ads.undertone ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ads.undertone ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /ads.undertone ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ads.widgetbucks ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /ads.widgetbucks ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ads.xapads ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /adserver.adtechus ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /adserver.adtechus ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /adserver.adtechus ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adtech[1].txt [ /adtech ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertise[1].txt [ /advertise ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertising[1].txt [ /advertising ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertising[2].txt [ /advertising ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertising[3].txt [ /advertising ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertising[4].txt [ /advertising ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@advertising[5].txt [ /advertising ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@adxpose[2].txt [ /adxpose ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /aff.primaryads ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /amfam.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /amfam.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /amfam.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /analytics.intrepidstats ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@andomedia[1].txt [ /andomedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[1].txt [ /apmebf ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[2].txt [ /apmebf ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[3].txt [ /apmebf ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[4].txt [ /apmebf ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[5].txt [ /apmebf ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[6].txt [ /apmebf ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@apmebf[7].txt [ /apmebf ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ar.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ar.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /ar.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /ar.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /ar.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][6].txt [ /ar.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][7].txt [ /ar.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][8].txt [ /ar.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][9].txt [ /ar.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /associatedcontent.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /associatedcontent.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /at.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /at.atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /at.atwola ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@atdmt[1].txt [ /atdmt ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@atdmt[2].txt [ /atdmt ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[1].txt [ /atwola ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[2].txt [ /atwola ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[3].txt [ /atwola ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[4].txt [ /atwola ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[5].txt [ /atwola ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@atwola[6].txt [ /atwola ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /avgtechnologies.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /avgtechnologies.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@azjmp[1].txt [ /azjmp ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@azjmp[3].txt [ /azjmp ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /bonneville.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@bravenet[1].txt [ /bravenet ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@bravenet[2].txt [ /bravenet ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@brittanymurphymedia[1].txt [ /brittanymurphymedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /bruceclay.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /bs.serving-sys ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@burstnet[1].txt [ /burstnet ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@burstnet[2].txt [ /burstnet ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@burstnet[3].txt [ /burstnet ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /c7.zedo ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@casalemedia[1].txt [ /casalemedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /cb.adbureau ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /cb.adbureau ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /cbcnewmedia.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /cbs.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /cbsdigitalmedia.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /cdn4.specificclick ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /cdn4.specificclick ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /cdn4.specificclick ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /cdn4.specificclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@centralmediaserver[2].txt [ /centralmediaserver ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@centralmediaserver[3].txt [ /centralmediaserver ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@centralmediaserver[4].txt [ /centralmediaserver ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@centralmediaserver[5].txt [ /centralmediaserver ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /checkngo.122.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@chitika[1].txt [ /chitika ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@chitika[2].txt [ /chitika ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@chitika[4].txt [ /chitika ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@chitika[5].txt [ /chitika ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /click.mediadome ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /click.onlinepaysys ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@click2go[2].txt [ /click2go ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /cms.trafficmp ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@collective-media[1].txt [ /collective-media ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@collective-media[2].txt [ /collective-media ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@collective-media[3].txt [ /collective-media ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][11].txt [ /content.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /content.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /content.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /content.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /content.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /content.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][6].txt [ /content.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][7].txt [ /content.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][8].txt [ /content.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][9].txt [ /content.yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /counter.surfcounters ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /csc.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /data.coremetrics ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /dc.tremormedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /discounts.shopathome ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@dmtracker[1].txt [ /dmtracker ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /dominionenterprises.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /dominionenterprises.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@doubleclick[1].txt [ /doubleclick ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /eas.apm.emediate ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ecnext.advertserve ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /edge.ru4 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /edge.ru4 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /edge.ru4 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /edge.ru4 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ehg-airtran.hitbox ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /ehg-airtran.hitbox ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /ehg-airtran.hitbox ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ehg-findlaw.hitbox ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ehg-gaddispartners.hitbox ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ehg-myspaceinc.hitbox ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ehg-viacom.hitbox ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /elephantgroup.122.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@ero-advertising[2].txt [ /ero-advertising ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@eyewonder[1].txt [ /eyewonder ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@eyewonder[2].txt [ /eyewonder ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@eyewonder[3].txt [ /eyewonder ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@eyewonder[4].txt [ /eyewonder ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /f.blogads ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@fastclick[1].txt [ /fastclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@fastclick[3].txt [ /fastclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@femaleinfertilitycenter[1].txt [ /femaleinfertilitycenter ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@findlaw[2].txt [ /findlaw ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /google.lucidmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@hitbox[2].txt [ /hitbox ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /iacas.adbureau ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /iacas.adbureau ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /imp.bid.ace.advertising ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@imrworldwide[2].txt [ /imrworldwide ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@imrworldwide[3].txt [ /imrworldwide ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@imrworldwide[4].txt [ /imrworldwide ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /indigio.122.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@insight-com[1].txt [ /insight-com ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@insightexpressai[1].txt [ /insightexpressai ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@insightexpressai[2].txt [ /insightexpressai ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@insightexpressai[3].txt [ /insightexpressai ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@insightexpressai[5].txt [ /insightexpressai ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@insightexpressai[6].txt [ /insightexpressai ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@interclick[1].txt [ /interclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@interclick[2].txt [ /interclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@interclick[4].txt [ /interclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@interclick[5].txt [ /interclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@intermundomedia[2].txt [ /intermundomedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@intermundomedia[3].txt [ /intermundomedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@invitemedia[1].txt [ /invitemedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@invitemedia[2].txt [ /invitemedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@invitemedia[3].txt [ /invitemedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@invitemedia[4].txt [ /invitemedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@invitemedia[5].txt [ /invitemedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@ishowernaked2[1].txt [ /ishowernaked2 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /jibjab.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@kanoodle[1].txt [ /kanoodle ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@kanoodle[3].txt [ /kanoodle ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@kontera[2].txt [ /kontera ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@kontera[3].txt [ /kontera ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /kroger.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /kronos.bravenetmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@lfstmedia[1].txt [ /lfstmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@lfstmedia[2].txt [ /lfstmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@lfstmedia[3].txt [ /lfstmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@lfstmedia[5].txt [ /lfstmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@lfstmedia[6].txt [ /lfstmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@linksynergy[1].txt [ /linksynergy ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@linksynergy[3].txt [ /linksynergy ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@liveperson[4].txt [ /liveperson ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@lockedonmedia[1].txt [ /lockedonmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@lockedonmedia[3].txt [ /lockedonmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /login.tracking101 ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@lucidmedia[2].txt [ /lucidmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@lucidmedia[3].txt [ /lucidmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@lynxtrack[1].txt [ /lynxtrack ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /media.adfrontiers ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /media.adfrontiers ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /media.adfrontiers ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /media.causes ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /media.causes ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /media.formatdynamics ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[2].txt [ /media6degrees ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[3].txt [ /media6degrees ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[4].txt [ /media6degrees ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[5].txt [ /media6degrees ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[6].txt [ /media6degrees ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[8].txt [ /media6degrees ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@media6degrees[9].txt [ /media6degrees ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@mediaplex[1].txt [ /mediaplex ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@mediaplex[2].txt [ /mediaplex ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@mediaplex[3].txt [ /mediaplex ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@mediaplex[5].txt [ /mediaplex ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /microsoftsto.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /movieticketscom.122.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /msnbc.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /msnbc.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /msnportal.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /myaccount.santanderconsumerusa ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /neoedge.adbureau ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /network.realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /network.realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /network.realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /network.realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /network.realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][7].txt [ /network.realmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@nextag[2].txt [ /nextag ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /oasn03.247realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /oasn04.247realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /oasn04.247realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /oasn04.247realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /oasn04.247realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /oasn04.247realmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][6].txt [ /oasn04.247realmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@onlinediscountmart[1].txt [ /onlinediscountmart ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /optimize.indieclick ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /ordie.adbureau ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@overture[2].txt [ /overture ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /partners.trafficz ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /paypal.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@peoplefinders[1].txt [ /peoplefinders ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@peoplefinders[2].txt [ /peoplefinders ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@*censored*.122.2o7[1].txt [ /*censored*.122.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /pluckit.demandmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /pluckit.demandmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@pointroll[1].txt [ /pointroll ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@pointroll[3].txt [ /pointroll ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@pointroll[4].txt [ /pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /pview.findlaw ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@qksrv[2].txt [ /qksrv ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@qnsr[1].txt [ /qnsr ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@questionmarket[2].txt [ /questionmarket ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@questionmarket[3].txt [ /questionmarket ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@questionmarket[4].txt [ /questionmarket ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@realmedia[1].txt [ /realmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@revsci[2].txt [ /revsci ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /richmedia.yahoo ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /richmedia.yahoo ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /richmedia.yahoo ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /rotator.adjuggler ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /rotator.hadj7.adjuggler ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@ru4[2].txt [ /ru4 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /sales.liveperson ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /sales.liveperson ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /server.iad.liveperson ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /server.iad.liveperson ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@serving-sys[1].txt [ /serving-sys ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@serving-sys[2].txt [ /serving-sys ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@smartadserver[1].txt [ /smartadserver ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@socialmedia[1].txt [ /socialmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@socialmedia[3].txt [ /socialmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificclick[1].txt [ /specificclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificclick[2].txt [ /specificclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificclick[3].txt [ /specificclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificclick[4].txt [ /specificclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificclick[5].txt [ /specificclick ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[1].txt [ /specificmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[2].txt [ /specificmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[3].txt [ /specificmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[4].txt [ /specificmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[6].txt [ /specificmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[7].txt [ /specificmedia ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@specificmedia[8].txt [ /specificmedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /stat.onestat ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@statcounter[1].txt [ /statcounter ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@statcounter[3].txt [ /statcounter ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@statcounter[4].txt [ /statcounter ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /stats.paypal ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /statsadv.dada ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /statse.webtrendslive ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@steelhousemedia[1].txt [ /steelhousemedia ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /superpages.122.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /t.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /t.pointroll ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /tacoda.at.atwola ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@tacoda[1].txt [ /tacoda ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@tacoda[2].txt [ /tacoda ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /track.opinion-reward-center ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /tracking.foxnews ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /tracking.foxnews ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@trafficmp[1].txt [ /trafficmp ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@trafficmp[2].txt [ /trafficmp ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@traveladvertising[2].txt [ /traveladvertising ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@tribalfusion[2].txt [ /tribalfusion ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /trvlnet.adbureau ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /usairways.112.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /ussearch.122.2o7 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /viacom.adbureau ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /videoegg.adbureau ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@websponsors[1].txt [ /websponsors ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /www.burstbeacon ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /www.burstbeacon ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /www.burstbeacon ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /www.burstnet ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /www.burstnet ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /www.burstnet ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /www.burstnet ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /www.epitrack ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /www.femaleinfertilitycenter ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][10].txt [ /www.googleadservices ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][11].txt [ /www.googleadservices ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /www.googleadservices ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /www.googleadservices ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /www.googleadservices ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][4].txt [ /www.googleadservices ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][5].txt [ /www.googleadservices ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][8].txt [ /www.googleadservices ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][9].txt [ /www.googleadservices ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /www.kntrack ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /www.linktrack66 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /www.linktrack66 ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /www.peoplefinders ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][3].txt [ /www.peoplefinders ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][2].txt [ /www.qksrv ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /www.socialtrack ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /www.tltrack ]
C:\Documents and Settings\donnakeller\Cookies\[email protected][1].txt [ /www.yourapprovaltracker ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@xiti[1].txt [ /xiti ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@yieldmanager[1].txt [ /yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@yieldmanager[2].txt [ /yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@yieldmanager[4].txt [ /yieldmanager ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@zedo[1].txt [ /zedo ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@zedo[2].txt [ /zedo ]
C:\Documents and Settings\donnakeller\Cookies\donnakeller@zitracker[1].txt [ /zitracker ]
C:\Documents and Settings\donnakeller\Cookies\QDMBR4MF.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\donnakeller\Cookies\6OB0Z37E.txt [ /eyewonder.com ]
C:\Documents and Settings\donnakeller\Cookies\NSQFNEJL.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\donnakeller\Cookies\V3J3YF7G.txt [ /at.atwola.com ]
C:\Documents and Settings\donnakeller\Cookies\XZP7H6Y1.txt [ /avgtechnologies.112.2o7.net ]
C:\Documents and Settings\donnakeller\Cookies\Z5L64FMY.txt [ /accounts.google.com ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@adecn[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@doubleclick[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@questionmarket[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@ero-advertising[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@interclick[2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\[email protected][3].txt [ Cookie:[email protected]/pagead/conversion/1061471219/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@invitemedia[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\KIDS\Cookies\kids@collective-media[1].txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CCMIDCCP.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0LKSEJRH.txt [ Cookie:[email protected]/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3VREA4FQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\G4P3JC4H.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\D38MFERX.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7VF7Q2PJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7X9J2MYF.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4JQROSKN.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8ZZMWNVQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\I5I3ME6G.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\17BQFRJG.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CGLOQQR3.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\K5S1C926.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\OW1Q84DX.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\PCFMX8PU.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\U4T7CGXQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\UGHA5JTP.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\AU0GSM5M.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\O1J4WJ08.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0JCREE0A.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XEQ17ZY9.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\P0AVSL2L.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NQSOW06M.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\93SVYGAW.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\JCR8I69Z.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\Z5XIVQQU.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\LBC907BX.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0ND1ZSMP.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NY1QZM0S.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\677WV0I2.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\URHG8182.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3XYT0RJI.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZBNT20YN.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\2TNYGB45.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\5GCMHQL5.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ERUMVWDJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\E9C5HGGU.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\VVMAE16M.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\50QS5IWJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\69OZ0X52.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NQRJ7BF8.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7ILCRZPW.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\58UYEJO0.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\9LCFC5UG.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3IZS37G3.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0GJQ2NDZ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\TTP7LH9D.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\VJAHYPHW.txt [ Cookie:[email protected]/test/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZYLKPAL3.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ONZ4O01N.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZA64QIO7.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\M01SZ7WB.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FI0VNUDJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ATCBLLDZ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\5WGHFCFG.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\1B3KEFGE.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\KD33LRVY.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\9X6D65SL.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NG074300.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SZ1O4NQQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\92353JB4.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SJIZVR67.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SIZGQ520.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XZV321RD.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\6SM8EGJW.txt [ Cookie:[email protected]/adsense/support ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\KIX6BOCP.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\02VJIP3F.txt [ Cookie:[email protected]/adsense/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CPKYLE67.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\HMHW71FF.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\GMW27E86.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\QBSQ1GRJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8HPTZYU1.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\63UG7H80.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8XI6ZY00.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\9Y3ZEPNG.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\I2FD5E7D.txt [ Cookie:[email protected]/adserving ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4PYWR7DW.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\13FQ2RV6.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BOD6IH18.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\UKLLHO05.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\E7MVHL7B.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3N12GX7E.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8NOBZOJH.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\AI79CQ0Q.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\YCYXQL5D.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7J5BC3HH.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BOB4UZA3.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\VE3X8AIM.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\50BU1BUA.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\45SHNI7Q.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\1IS6XLRK.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\18LJ3CYF.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3DHDG9BC.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\JF58LRMM.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FNQRV7D1.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\6B9RIB0N.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\RWJL8ZRM.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CPLS1NHB.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FRAYMNT0.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\DQSAH17F.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NN64F36W.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SXQ8IMRL.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\V20PN69N.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\YL24BI2I.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\AM23TTFK.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\QTOX7FO1.txt [ Cookie:[email protected]/ads-clicktrack/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\OS8G5XI0.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\A8PPXG0Z.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\JU5BOGTJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\DL70EMJS.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BJ28KKKI.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\6V1Q13OQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\YJDS2EOD.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\26FO3EDG.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BKSKIEGI.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8RGJ7BB5.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0RO31MQ9.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FJRN9MPO.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\TBW95FWD.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CPJD3X9A.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\1BXWR81D.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\DF9B6BRH.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4MDBDADW.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0OQIXHU3.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\AO7ZTS8F.txt [ Cookie:[email protected]/ ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.specificmedia.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
tracking.foundry42.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
tracking.foundry42.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\DONNAKELLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CY3WHKTF.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\DONNAKEL
-
Super Dave, please disregard my previous about providing a anti malware bytes log from a few days ago (it was a quick scan) Il post the results of the anti malware bytes FULL SCAN later on today. Thanks!
-
Download Combofix from any of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Super Dave,
Ive ran into a bit of a speed bump. Before running combo, i tried disabling my anti virus. (AVG Free 12). It will only allow me to temporarily disable for no longer than 15 mins, then you have to refresh the timer. In doing this, as you mentioned it probley would, the computer locked up while running combo fix. Any suggestions on how to completely shut down avg untill i wanna turn it back on? Also Im using team viewer (remote control software) to perform these actions on the infected computer. Should i not be doing this?
Brett
-
I ran msconfig and unchecked the avg tray from the startup. On re start of windows, avg didnt not appear. However tried running combo fix and i get a warning message that it detects avg 12 scanner/security running. then it goes onto warn about causing damage to the cmputer if it continues scanning. Only option for disabling avg protection is for a maximum of 15 mins. Without bringing avg up and resetting the disable timer every 15 mins, im not sure how im going to get this combofix scan to complete?
Please let me know
Brett
-
Do your computer a favour and download and install MSE from the list below. Once MSE is installed and activated, please uninstall AVG.
Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
Let's see what security is running on that computer.
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
McAfee UnInstaller
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
Java(TM) 6 Update 20
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.13) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
-
Super Dave, i was able to complete the anti malware bytes scan.....
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.31.14
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
donnakeller :: DONNA [administrator]
Protection: Disabled
3/31/2012 11:09:15 PM
mbam-log-2012-03-31 (23-09-15).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291479
Time elapsed: 1 hour(s), 19 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Ok, sorry I went back and reread our entire thread and noticed i missed a step. I will download mse, uninstall avg 12 and hopefully that will allow me to run combofix. I didnt notice this before, only dowlnloaded and ran security check. If all goes well, I will post combofix log around 6pm eastern today. Thanks
Brett
-
Super Dave,
I uninstalled Avg, and installed Mse. Attempted to run combofix twice. 2 different combo fix scans, both times it has locked up windows completely. Combofix says creating a restore point, and then no confirmation. Within 5 mins a beep is heard. It says infected Rootkit.0 It has inserted itself into tcp/ip stack This is a particulary difficult infection. Next, within several minutes another beep, scanning for infected files, this typically doesnt take more than 10 minutes. However, scan times for badly infected machines may easily double. No more than 5 mins after this message, it states rootkit is detected. Be patient as this may take some moments. If for any reason your unable to connect to internet after running combofix, reboot once and see if that fixes it. If not fixed, run combofix one more time. At this point, it FREEZES! Any kind advice before I throw this machine from a 2 story building......grrrrrrrrr lol. Just a thugh the combofix program im running has a blue background. Is there a more recent one I can use?
Thanks'
Brett
-
Ok. Just hold off on ComboFix for now and try running this scan.
Please download TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick TDSSKiller.exe to run the tool
- Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
- After the scan has finished, click the Close button
- Click the Report button and copy/paste the contents of it into your next reply
- Note:It will also create a log in the C:\ directory.
-
20:31:37.0296 1136 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
20:31:37.0921 1136 ============================================================
20:31:37.0921 1136 Current date / time: 2012/04/02 20:31:37.0921
20:31:37.0921 1136 SystemInfo:
20:31:37.0921 1136
20:31:37.0921 1136 OS Version: 5.1.2600 ServicePack: 3.0
20:31:37.0921 1136 Product type: Workstation
20:31:37.0921 1136 ComputerName: DONNA
20:31:37.0921 1136 UserName: donnakeller
20:31:37.0921 1136 Windows directory: C:\WINDOWS
20:31:37.0921 1136 System windows directory: C:\WINDOWS
20:31:37.0921 1136 Processor architecture: Intel x86
20:31:37.0921 1136 Number of processors: 1
20:31:37.0921 1136 Page size: 0x1000
20:31:37.0921 1136 Boot type: Normal boot
20:31:37.0921 1136 ============================================================
20:31:40.0406 1136 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:31:40.0546 1136 \Device\Harddisk0\DR0:
20:31:40.0546 1136 MBR used
20:31:40.0546 1136 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
20:31:40.0578 1136 Initialize success
20:31:40.0578 1136 ============================================================
20:31:49.0093 3616 ============================================================
20:31:49.0093 3616 Scan started
20:31:49.0093 3616 Mode: Manual;
20:31:49.0093 3616 ============================================================
20:31:49.0421 3616 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:31:49.0421 3616 !SASCORE - ok
20:31:49.0531 3616 61883 - ok
20:31:49.0578 3616 Abiosdsk - ok
20:31:49.0625 3616 abp480n5 - ok
20:31:49.0703 3616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:31:49.0718 3616 ACPI - ok
20:31:49.0859 3616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:31:49.0890 3616 ACPIEC - ok
20:31:49.0984 3616 adpu160m - ok
20:31:50.0109 3616 AdvancedSystemCareService5 (e410da575ff48d976b41670c6d262a82) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
20:31:50.0125 3616 AdvancedSystemCareService5 - ok
20:31:50.0296 3616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:31:50.0312 3616 aec - ok
20:31:50.0437 3616 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:31:50.0437 3616 AFD - ok
20:31:50.0546 3616 Aha154x - ok
20:31:50.0609 3616 aic78u2 - ok
20:31:50.0671 3616 aic78xx - ok
20:31:51.0015 3616 ALCXWDM (0a24f3d25cde25a2eb6f2f9770fc471b) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:31:51.0328 3616 ALCXWDM - ok
20:31:51.0468 3616 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:31:51.0484 3616 Alerter - ok
20:31:51.0546 3616 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:31:51.0562 3616 ALG - ok
20:31:51.0609 3616 AliIde - ok
20:31:51.0687 3616 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:31:51.0687 3616 AmdK7 - ok
20:31:51.0828 3616 AmeLanPc - ok
20:31:51.0890 3616 amsint - ok
20:31:51.0937 3616 apphostsvc - ok
20:31:51.0968 3616 AppMgmt - ok
20:31:52.0000 3616 areschatserver - ok
20:31:52.0062 3616 asc - ok
20:31:52.0109 3616 asc3350p - ok
20:31:52.0156 3616 asc3550 - ok
20:31:52.0187 3616 asp.net - ok
20:31:52.0281 3616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:31:52.0281 3616 AsyncMac - ok
20:31:52.0359 3616 atalk - ok
20:31:52.0437 3616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:31:52.0453 3616 atapi - ok
20:31:52.0562 3616 Atdisk - ok
20:31:52.0640 3616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:31:52.0640 3616 Atmarpc - ok
20:31:52.0750 3616 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:31:52.0750 3616 AudioSrv - ok
20:31:52.0843 3616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:31:52.0843 3616 audstub - ok
20:31:52.0968 3616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:31:53.0000 3616 Beep - ok
20:31:53.0109 3616 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:31:53.0125 3616 BITS - ok
20:31:53.0250 3616 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:31:53.0281 3616 Browser - ok
20:31:53.0343 3616 bthport - ok
20:31:53.0437 3616 bvrp_pci - ok
20:31:53.0453 3616 CAM1210 - ok
20:31:53.0671 3616 catchme - ok
20:31:53.0812 3616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:31:53.0843 3616 cbidf2k - ok
20:31:53.0953 3616 cd20xrnt - ok
20:31:54.0015 3616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:31:54.0031 3616 Cdaudio - ok
20:31:54.0109 3616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:31:54.0125 3616 Cdfs - ok
20:31:54.0265 3616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:31:54.0265 3616 Cdrom - ok
20:31:54.0359 3616 Changer - ok
20:31:54.0406 3616 cis1284 - ok
20:31:54.0468 3616 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:31:54.0468 3616 CiSvc - ok
20:31:54.0546 3616 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:31:54.0562 3616 ClipSrv - ok
20:31:54.0609 3616 CmdIde - ok
20:31:54.0656 3616 COMSysApp - ok
20:31:54.0718 3616 Cpqarray - ok
20:31:54.0781 3616 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:31:54.0796 3616 CryptSvc - ok
20:31:54.0890 3616 CrystalSysInfo - ok
20:31:54.0921 3616 CVPND - ok
20:31:55.0031 3616 dac2w2k - ok
20:31:55.0062 3616 dac960nt - ok
20:31:55.0203 3616 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:31:55.0218 3616 DcomLaunch - ok
20:31:55.0312 3616 DfwWebAgent - ok
20:31:55.0390 3616 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:31:55.0406 3616 Dhcp - ok
20:31:55.0500 3616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:31:55.0515 3616 Disk - ok
20:31:55.0593 3616 dladresn - ok
20:31:55.0640 3616 dmadmin - ok
20:31:55.0765 3616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:31:55.0828 3616 dmboot - ok
20:31:55.0984 3616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:31:56.0000 3616 dmio - ok
20:31:56.0125 3616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:31:56.0125 3616 dmload - ok
20:31:56.0218 3616 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:31:56.0218 3616 dmserver - ok
20:31:56.0312 3616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:31:56.0328 3616 DMusic - ok
20:31:56.0421 3616 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:31:56.0421 3616 Dnscache - ok
20:31:56.0500 3616 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:31:56.0500 3616 Dot3svc - ok
20:31:56.0640 3616 dpti2o - ok
20:31:56.0796 3616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:31:56.0812 3616 drmkaud - ok
20:31:56.0890 3616 E1000 - ok
20:31:56.0953 3616 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:31:56.0968 3616 EapHost - ok
20:31:57.0031 3616 enethusb - ok
20:31:57.0109 3616 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:31:57.0125 3616 ERSvc - ok
20:31:57.0171 3616 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:31:57.0171 3616 Eventlog - ok
20:31:57.0281 3616 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:31:57.0296 3616 EventSystem - ok
20:31:57.0390 3616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:31:57.0421 3616 Fastfat - ok
20:31:57.0515 3616 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:31:57.0531 3616 FastUserSwitchingCompatibility - ok
20:31:57.0671 3616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:31:57.0671 3616 Fdc - ok
20:31:57.0796 3616 FET5X86V (8787449f8ef116db0e8e06c3555746a7) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
20:31:57.0796 3616 FET5X86V - ok
20:31:57.0953 3616 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:31:57.0953 3616 FETNDIS - ok
20:31:58.0078 3616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:31:58.0093 3616 Fips - ok
20:31:58.0281 3616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:31:58.0312 3616 Flpydisk - ok
20:31:58.0437 3616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:31:58.0437 3616 FltMgr - ok
20:31:58.0500 3616 fsbwsys - ok
20:31:58.0562 3616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:31:58.0578 3616 Fs_Rec - ok
20:31:58.0625 3616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:31:58.0640 3616 Ftdisk - ok
20:31:58.0703 3616 FVXSCSI - ok
20:31:58.0781 3616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:31:58.0781 3616 GEARAspiWDM - ok
20:31:58.0937 3616 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:31:59.0000 3616 GoogleDesktopManager-051210-111108 - ok
20:31:59.0125 3616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:31:59.0140 3616 Gpc - ok
20:31:59.0234 3616 gupdate - ok
20:31:59.0250 3616 gupdatem - ok
20:31:59.0312 3616 gusvc (2d56477f53a9a0666458611039de6e5f) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:31:59.0500 3616 gusvc - ok
20:31:59.0718 3616 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
20:31:59.0750 3616 HCF_MSFT - ok
20:31:59.0828 3616 helpsvc - ok
20:31:59.0953 3616 HFACSVC - ok
20:31:59.0984 3616 HidServ - ok
20:32:00.0078 3616 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:32:00.0093 3616 HidUsb - ok
20:32:00.0187 3616 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:32:00.0187 3616 hkmsvc - ok
20:32:00.0250 3616 houdiniserver - ok
20:32:00.0312 3616 hpn - ok
20:32:00.0453 3616 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:32:00.0468 3616 hpqcxs08 - ok
20:32:00.0515 3616 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:32:00.0859 3616 hpqddsvc - ok
20:32:00.0953 3616 HPSLPSVC - ok
20:32:01.0015 3616 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:32:01.0031 3616 HPZid412 - ok
20:32:01.0156 3616 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:32:01.0156 3616 HPZipr12 - ok
20:32:01.0265 3616 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:32:01.0296 3616 HPZius12 - ok
20:32:01.0437 3616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:32:01.0437 3616 HTTP - ok
20:32:01.0593 3616 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:32:01.0640 3616 HTTPFilter - ok
20:32:01.0687 3616 hwdatacard - ok
20:32:01.0734 3616 i2omgmt - ok
20:32:01.0812 3616 i2omp - ok
20:32:01.0890 3616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:32:01.0890 3616 i8042prt - ok
20:32:01.0968 3616 iaimfp2 - ok
20:32:02.0015 3616 iksysflt - ok
20:32:02.0109 3616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:32:02.0140 3616 Imapi - ok
20:32:02.0234 3616 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:32:02.0250 3616 ImapiService - ok
20:32:02.0343 3616 ini910u - ok
20:32:02.0406 3616 IntelIde - ok
20:32:02.0484 3616 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:32:02.0484 3616 Ip6Fw - ok
20:32:02.0640 3616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:32:02.0656 3616 IpFilterDriver - ok
20:32:02.0828 3616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:32:02.0859 3616 IpInIp - ok
20:32:03.0000 3616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:32:03.0000 3616 IpNat - ok
20:32:03.0125 3616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:32:03.0203 3616 IPSec - ok
20:32:03.0281 3616 ipsraidn - ok
20:32:03.0359 3616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:32:03.0375 3616 IRENUM - ok
20:32:03.0437 3616 irsir - ok
20:32:03.0468 3616 isamsmt - ok
20:32:03.0546 3616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:32:03.0546 3616 isapnp - ok
20:32:03.0687 3616 JavaQuickStarterService (907f9055b52b6876052ef371711994d6) C:\Program Files\Java\jre6\bin\jqs.exe
20:32:03.0906 3616 JavaQuickStarterService - ok
20:32:04.0062 3616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:32:04.0062 3616 Kbdclass - ok
20:32:04.0203 3616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:32:04.0218 3616 kmixer - ok
20:32:04.0343 3616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:32:04.0343 3616 KSecDD - ok
20:32:04.0406 3616 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:32:04.0421 3616 lanmanserver - ok
20:32:04.0500 3616 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:32:04.0500 3616 lanmanworkstation - ok
20:32:04.0546 3616 lbrtfdc - ok
20:32:04.0656 3616 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:32:04.0671 3616 LmHosts - ok
20:32:04.0703 3616 magictuneengine - ok
20:32:04.0828 3616 MBAMProtector - ok
20:32:04.0968 3616 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:32:05.0187 3616 MBAMService - ok
20:32:05.0343 3616 mchInjDrv (9971aa2d16cb558358d6f6f3b5055cba) C:\WINDOWS\system32\Drivers\mchInjDrv.sys
20:32:05.0359 3616 mchInjDrv - ok
20:32:05.0468 3616 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:32:05.0500 3616 Messenger - ok
20:32:05.0531 3616 mi-raysat_3dsmax9_32 - ok
20:32:05.0609 3616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:32:05.0625 3616 mnmdd - ok
20:32:05.0718 3616 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:32:05.0718 3616 mnmsrvc - ok
20:32:05.0828 3616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:32:05.0828 3616 Modem - ok
20:32:05.0953 3616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:32:05.0968 3616 Mouclass - ok
20:32:06.0078 3616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:32:06.0093 3616 mouhid - ok
20:32:06.0234 3616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:32:06.0234 3616 MountMgr - ok
20:32:06.0359 3616 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:32:06.0375 3616 MpFilter - ok
20:32:06.0562 3616 MpKsl57838d2f (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C03EC8F7-18DB-4347-B3D9-8615E8FE4F12}\MpKsl57838d2f.sys
20:32:06.0562 3616 MpKsl57838d2f - ok
20:32:06.0656 3616 mr2kserv - ok
20:32:06.0703 3616 mraid35x - ok
20:32:06.0781 3616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:32:06.0796 3616 MRxDAV - ok
20:32:06.0953 3616 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:32:06.0953 3616 MRxSmb - ok
20:32:07.0046 3616 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:32:07.0078 3616 MSDTC - ok
20:32:07.0187 3616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:32:07.0203 3616 Msfs - ok
20:32:07.0265 3616 MSIServer - ok
20:32:07.0359 3616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:32:07.0359 3616 MSKSSRV - ok
20:32:07.0468 3616 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:32:07.0500 3616 MsMpSvc - ok
20:32:07.0687 3616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:32:07.0703 3616 MSPCLOCK - ok
20:32:07.0828 3616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:32:07.0828 3616 MSPQM - ok
20:32:07.0953 3616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:32:07.0953 3616 mssmbios - ok
20:32:08.0093 3616 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:32:08.0093 3616 Mup - ok
20:32:08.0171 3616 MxlW2k - ok
20:32:08.0234 3616 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:32:08.0250 3616 napagent - ok
20:32:08.0375 3616 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:32:08.0390 3616 NDIS - ok
20:32:08.0500 3616 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:32:08.0500 3616 NdisTapi - ok
20:32:08.0609 3616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:32:08.0609 3616 Ndisuio - ok
20:32:08.0750 3616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:32:08.0781 3616 NdisWan - ok
20:32:08.0890 3616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:32:08.0890 3616 NDProxy - ok
20:32:08.0984 3616 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
20:32:09.0000 3616 Net Driver HPZ12 - ok
20:32:09.0078 3616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:32:09.0078 3616 NetBIOS - ok
20:32:09.0218 3616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:32:09.0218 3616 NetBT - ok
20:32:09.0328 3616 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:32:09.0375 3616 NetDDE - ok
20:32:09.0390 3616 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:32:09.0390 3616 NetDDEdsdm - ok
20:32:09.0515 3616 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:32:09.0515 3616 Netlogon - ok
20:32:09.0609 3616 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:32:09.0625 3616 Netman - ok
20:32:09.0765 3616 nimcdfxk - ok
20:32:09.0843 3616 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:32:09.0859 3616 Nla - ok
20:32:10.0015 3616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:32:10.0015 3616 Npfs - ok
20:32:10.0187 3616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:32:10.0218 3616 Ntfs - ok
20:32:10.0312 3616 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:32:10.0328 3616 NtLmSsp - ok
20:32:10.0406 3616 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:32:10.0437 3616 NtmsSvc - ok
20:32:10.0578 3616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:32:10.0578 3616 Null - ok
20:32:10.0718 3616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:32:10.0718 3616 NwlnkFlt - ok
20:32:10.0843 3616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:32:10.0843 3616 NwlnkFwd - ok
20:32:11.0000 3616 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:32:11.0203 3616 odserv - ok
20:32:11.0343 3616 opcenum - ok
20:32:11.0437 3616 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:32:11.0640 3616 ose - ok
20:32:12.0031 3616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:32:12.0046 3616 Parport - ok
20:32:12.0218 3616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:32:12.0234 3616 PartMgr - ok
20:32:12.0390 3616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:32:12.0390 3616 ParVdm - ok
20:32:12.0593 3616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:32:12.0609 3616 PCI - ok
20:32:12.0968 3616 PCIDump - ok
20:32:13.0062 3616 PCIIde - ok
20:32:13.0171 3616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:32:13.0171 3616 Pcmcia - ok
20:32:13.0265 3616 PDCOMP - ok
20:32:13.0312 3616 PDFRAME - ok
20:32:13.0375 3616 PDRELI - ok
20:32:13.0421 3616 PDRFRAME - ok
20:32:13.0468 3616 perc2 - ok
20:32:13.0515 3616 perc2hib - ok
20:32:13.0593 3616 PGPdisk - ok
20:32:13.0703 3616 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:32:13.0703 3616 PlugPlay - ok
20:32:13.0796 3616 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
20:32:13.0796 3616 Pml Driver HPZ12 - ok
20:32:13.0921 3616 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:32:13.0921 3616 PolicyAgent - ok
20:32:14.0359 3616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:32:14.0359 3616 PptpMiniport - ok
20:32:14.0421 3616 prosync1 - ok
20:32:14.0562 3616 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:32:14.0562 3616 ProtectedStorage - ok
20:32:14.0968 3616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:32:14.0968 3616 PSched - ok
20:32:15.0078 3616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:32:15.0078 3616 Ptilink - ok
20:32:15.0203 3616 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:32:15.0218 3616 PxHelp20 - ok
20:32:15.0296 3616 ql1080 - ok
20:32:15.0375 3616 Ql10wnt - ok
20:32:15.0453 3616 ql12160 - ok
20:32:15.0484 3616 ql1240 - ok
20:32:15.0546 3616 ql1280 - ok
20:32:15.0593 3616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:32:15.0593 3616 RasAcd - ok
20:32:15.0671 3616 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:32:15.0671 3616 RasAuto - ok
20:32:15.0828 3616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:32:15.0875 3616 Rasl2tp - ok
20:32:15.0984 3616 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:32:15.0984 3616 RasMan - ok
20:32:16.0109 3616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:32:16.0125 3616 RasPppoe - ok
20:32:16.0250 3616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:32:16.0250 3616 Raspti - ok
20:32:16.0359 3616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:32:16.0375 3616 Rdbss - ok
20:32:16.0500 3616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:32:16.0515 3616 RDPCDD - ok
20:32:16.0671 3616 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:32:16.0671 3616 RDPWD - ok
20:32:16.0765 3616 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:32:16.0781 3616 RDSessMgr - ok
20:32:16.0937 3616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:32:16.0937 3616 redbook - ok
20:32:17.0031 3616 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:32:17.0031 3616 RemoteAccess - ok
20:32:17.0125 3616 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:32:17.0140 3616 RpcLocator - ok
20:32:17.0171 3616 rpcnet - ok
20:32:17.0281 3616 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:32:17.0281 3616 RpcSs - ok
20:32:17.0375 3616 RR2Mjpeg - ok
20:32:17.0437 3616 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:32:17.0453 3616 RSVP - ok
20:32:17.0484 3616 rt73 - ok
20:32:17.0531 3616 s716bus - ok
20:32:17.0593 3616 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:32:17.0593 3616 SamSs - ok
20:32:17.0687 3616 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:32:17.0687 3616 SASDIFSV - ok
20:32:17.0718 3616 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:32:17.0734 3616 SASKUTIL - ok
20:32:17.0906 3616 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:32:17.0937 3616 SCardSvr - ok
20:32:18.0000 3616 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:32:18.0000 3616 Schedule - ok
20:32:18.0093 3616 screadspool - ok
20:32:18.0203 3616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:32:18.0203 3616 Secdrv - ok
20:32:18.0312 3616 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:32:18.0328 3616 seclogon - ok
20:32:18.0406 3616 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
20:32:18.0421 3616 SENS - ok
20:32:18.0500 3616 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:32:18.0500 3616 serenum - ok
20:32:18.0625 3616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:32:18.0656 3616 Serial - ok
20:32:18.0765 3616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:32:18.0781 3616 Sfloppy - ok
20:32:18.0859 3616 sfrem01 - ok
20:32:18.0937 3616 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:32:18.0937 3616 SharedAccess - ok
20:32:19.0078 3616 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:32:19.0078 3616 ShellHWDetection - ok
20:32:19.0187 3616 Simbad - ok
20:32:19.0234 3616 SNC - ok
20:32:19.0265 3616 Sparrow - ok
20:32:19.0343 3616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:32:19.0343 3616 splitter - ok
20:32:19.0484 3616 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:32:19.0484 3616 Spooler - ok
20:32:19.0609 3616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:32:19.0609 3616 sr - ok
20:32:19.0703 3616 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:32:19.0718 3616 srservice - ok
20:32:19.0843 3616 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:32:19.0859 3616 Srv - ok
20:32:19.0953 3616 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:32:19.0968 3616 SSDPSRV - ok
20:32:20.0140 3616 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:32:20.0156 3616 stisvc - ok
20:32:20.0250 3616 SunkFilt - ok
20:32:20.0328 3616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:32:20.0328 3616 swenum - ok
20:32:20.0453 3616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:32:20.0484 3616 swmidi - ok
20:32:20.0562 3616 SwPrv - ok
20:32:20.0640 3616 symc810 - ok
20:32:20.0687 3616 symc8xx - ok
20:32:20.0765 3616 sym_hi - ok
20:32:20.0812 3616 sym_u3 - ok
20:32:20.0890 3616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:32:20.0906 3616 sysaudio - ok
20:32:21.0015 3616 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:32:21.0031 3616 SysmonLog - ok
20:32:21.0171 3616 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:32:21.0187 3616 TapiSrv - ok
20:32:21.0296 3616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:32:21.0296 3616 Tcpip - ok
20:32:21.0437 3616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:32:21.0437 3616 TDPIPE - ok
20:32:21.0578 3616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:32:21.0578 3616 TDTCP - ok
20:32:21.0687 3616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:32:21.0687 3616 TermDD - ok
20:32:21.0828 3616 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:32:21.0859 3616 TermService - ok
20:32:22.0000 3616 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:32:22.0031 3616 Themes - ok
20:32:22.0171 3616 TosIde - ok
20:32:22.0187 3616 TPM - ok
20:32:22.0218 3616 TPPWRIF - ok
20:32:22.0312 3616 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:32:22.0312 3616 TrkWks - ok
20:32:22.0437 3616 TryAndDecideService - ok
20:32:22.0531 3616 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
20:32:22.0546 3616 uagp35 - ok
20:32:22.0687 3616 uclauncherservice - ok
20:32:22.0781 3616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:32:22.0781 3616 Udfs - ok
20:32:22.0890 3616 ultra - ok
20:32:22.0968 3616 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
20:32:22.0968 3616 UMWdf - ok
20:32:23.0375 3616 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:32:23.0390 3616 Update - ok
20:32:23.0500 3616 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:32:23.0515 3616 upnphost - ok
20:32:23.0687 3616 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:32:23.0687 3616 UPS - ok
20:32:23.0859 3616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:32:23.0859 3616 usbccgp - ok
20:32:23.0968 3616 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:32:23.0968 3616 usbehci - ok
20:32:24.0078 3616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:32:24.0109 3616 usbhub - ok
20:32:24.0265 3616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:32:24.0265 3616 usbprint - ok
20:32:24.0390 3616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:32:24.0406 3616 usbscan - ok
20:32:24.0531 3616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:32:24.0531 3616 USBSTOR - ok
20:32:24.0890 3616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:32:24.0906 3616 usbuhci - ok
20:32:25.0062 3616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:32:25.0078 3616 VgaSave - ok
20:32:25.0437 3616 viagfx (0cc705db634a3bc355887e3d478dd386) C:\WINDOWS\system32\DRIVERS\vtmini.sys
20:32:25.0437 3616 viagfx - ok
20:32:25.0578 3616 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:32:25.0593 3616 ViaIde - ok
20:32:25.0718 3616 videX32 (f95c0fcfbcbda6d8f202d2df4052f88d) C:\WINDOWS\system32\DRIVERS\videX32.sys
20:32:25.0718 3616 videX32 - ok
20:32:25.0875 3616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:32:25.0875 3616 VolSnap - ok
20:32:26.0078 3616 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:32:26.0093 3616 VSS - ok
20:32:26.0171 3616 vToolbarUpdater10.2.0 - ok
20:32:26.0296 3616 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:32:26.0312 3616 w32time - ok
20:32:26.0593 3616 w550mdm - ok
20:32:26.0625 3616 w800bus - ok
20:32:26.0671 3616 wampmysqld - ok
20:32:26.0750 3616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:32:26.0750 3616 Wanarp - ok
20:32:27.0109 3616 WDICA - ok
20:32:27.0187 3616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:32:27.0203 3616 wdmaud - ok
20:32:27.0328 3616 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:32:27.0328 3616 WebClient - ok
20:32:27.0390 3616 websensecommunicationagent - ok
20:32:27.0500 3616 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:32:27.0734 3616 winmgmt - ok
20:32:27.0812 3616 winmtsrv - ok
20:32:27.0937 3616 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll
20:32:27.0953 3616 WmdmPmSN - ok
20:32:28.0093 3616 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:32:28.0265 3616 WmiApSrv - ok
20:32:28.0625 3616 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:32:28.0640 3616 WS2IFSL - ok
20:32:28.0781 3616 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:32:28.0796 3616 wscsvc - ok
20:32:28.0875 3616 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:32:28.0875 3616 wuauserv - ok
20:32:29.0000 3616 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:32:29.0046 3616 WZCSVC - ok
20:32:29.0171 3616 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:32:29.0187 3616 xmlprov - ok
20:32:29.0328 3616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:32:29.0359 3616 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
20:32:29.0359 3616 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
20:32:29.0406 3616 Boot (0x1200) (75aa2e9be50e66c5a253561017a7f899) \Device\Harddisk0\DR0\Partition0
20:32:29.0421 3616 \Device\Harddisk0\DR0\Partition0 - ok
20:32:29.0421 3616 ============================================================
20:32:29.0421 3616 Scan finished
20:32:29.0421 3616 ============================================================
20:32:29.0453 3472 Detected object count: 1
20:32:29.0453 3472 Actual detected object count: 1
20:32:41.0890 3472 \Device\Harddisk0\DR0\# - copied to quarantine
20:32:41.0906 3472 \Device\Harddisk0\DR0 - copied to quarantine
20:32:42.0453 3472 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:32:42.0468 3472 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
20:32:42.0484 3472 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
20:32:42.0531 3472 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
20:32:42.0546 3472 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
20:32:42.0593 3472 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
20:32:43.0062 3472 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
20:32:43.0265 3472 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
20:32:43.0343 3472 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
20:32:43.0593 3472 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:32:43.0781 3472 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:32:43.0921 3472 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:32:44.0000 3472 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:32:44.0093 3472 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
20:32:44.0234 3472 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
20:32:44.0265 3472 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
20:32:44.0328 3472 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
20:32:44.0328 3472 \Device\Harddisk0\DR0 - ok
20:32:49.0468 3472 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
20:33:09.0093 0948 Deinitialize success
-
Super Dave, according to instructions I wasnt sure if I needed to disable all anti virus as well as anti spyware/malware programs. When TDSS found the rootkit, an alert popped up from mse, saying 4 trojans were found. Under mse history "detected items" it lists 4 files Trojan:WinNT/Alureon.AA, Trojan:Win64/Alureon.gen!I, Trojan:Win32/Alureon.EN, Trojan:Win64/Alureon.gen!G - under "alert level" all 4 are severe - under "date column" todays date and time - under "action taken" all 4 files say removed. However, directly under the 4 files, are the same 4 files listed above, but under "action taken column" all 4 files say allowed. Sorry if thats too much info for you Super Dave, but it looks as if mse removed them, then immediately "re-allowed" them. At the bottom of mse history window it says
Items:
file:C:\TDSSKiller_Quarentine\02.04.2012_20.31.37\mbr0000\tdlfs0000\tsk0008.dta (it has this same file path for all 4 files, with the only thing being different is the tsknumbers.dta for each of the 4 files. I wasnt sure if this would be useful info, but I figured it couldnt hurt to post it.
Thanks~!
-
Re-run MBAM:
Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
********************************************************
Please try running ComboFix again and post the log, if successful.
-
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.04.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
donnakeller :: DONNA [administrator]
Protection: Disabled
4/3/2012 9:40:06 PM
mbam-log-2012-04-03 (21-40-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |
Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227258
Time elapsed: 26 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Finally, a log from Combofix ;D
ComboFix 12-03-30.06 - donnakeller 04/03/2012 22:31:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.687 [GMT -4:00]
Running from: c:\documents and settings\donnakeller\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\donnakeller\Application Data\Mozilla\Firefox\Profiles\cy3whktf.default\searchplugins\bing-zugo.xml
c:\documents and settings\donnakeller\Application Data\PriceGong
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\1.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\83.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\a.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\b.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\c.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\d.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\e.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\f.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\g.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\h.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\i.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\j.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\k.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\l.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\m.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\n.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\o.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\p.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\q.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\r.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\s.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\t.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\u.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\v.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\w.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\x.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\y.txt
c:\documents and settings\donnakeller\Application Data\PriceGong\Data\z.txt
c:\documents and settings\donnakeller\Application Data\Toolbar4
c:\documents and settings\donnakeller\WINDOWS
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\37841a1008243a4c.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\435a26ecf9452ea5.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\8e95f788b664f88b.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\bba3e843c2b7b474.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dd8cff256a1cdad8.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\dds_log_ad13.cmd
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 01:40 . 2012-03-13 23:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDE759DC-3945-4FF0-8086-499178D5213E}\mpengine.dll
2012-04-03 00:32 . 2012-04-03 00:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 00:20 . 2012-03-13 23:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-01 23:54 . 2012-04-01 23:54 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-30 04:09 . 2012-03-30 04:09 -------- d-----w- c:\documents and settings\donnakeller\Application Data\SUPERAntiSpyware.com
2012-03-30 04:08 . 2012-03-30 04:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-30 04:08 . 2012-03-30 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-26 04:40 . 2008-04-13 17:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-03-26 04:40 . 2008-04-13 17:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-03-25 06:53 . 2012-03-25 06:53 -------- d-----w- c:\documents and settings\donnakeller\Application Data\AVG Secure Search
2012-03-25 06:07 . 2012-03-25 06:07 -------- d-----w- C:\AVGTemp
2012-03-20 04:40 . 2012-03-20 04:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-20 03:54 . 2012-03-20 03:54 -------- d-----w- c:\program files\VS Revo Group
2012-03-20 03:49 . 2010-02-19 03:45 1079272 ----a-w- c:\program files\revosetup.exe
2012-03-19 03:02 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-19 03:02 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-19 02:57 . 2012-03-19 02:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-03-19 02:49 . 2012-03-19 02:52 -------- d-----w- c:\program files\TCPOptimizer
2012-03-18 20:50 . 2011-12-30 21:03 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-03-18 20:15 . 2012-03-18 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2012-03-18 20:14 . 2012-03-18 20:14 -------- d-----w- c:\documents and settings\donnakeller\Application Data\IObit
2012-03-18 20:14 . 2012-03-18 20:14 -------- d-----w- c:\program files\IObit
2012-03-18 20:03 . 2012-04-01 23:46 -------- d-----w- c:\documents and settings\donnakeller\Application Data\TeamViewer
2012-03-12 04:32 . 2012-03-12 04:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-12 03:38 . 2012-03-12 03:38 356556 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-03-05 03:59 . 2012-03-05 03:59 -------- d-----w- c:\documents and settings\donnakeller\Application Data\Malwarebytes
2012-03-05 03:59 . 2012-03-05 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-05 03:22 . 2012-03-25 07:53 -------- d-----w- c:\documents and settings\Administrator
2012-03-05 03:20 . 2012-03-13 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ---ha-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2009-10-03 07:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-09 16:20 . 2007-12-24 14:00 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys
2010-08-06 16:31 . 2009-11-15 20:28 119808 ---ha-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-01-16 49152]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\donnakeller\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-2-14 390432]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-06 16:31 30192 ---ha-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-12 04:38 136176 ----atw- c:\documents and settings\donnakeller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-22 04:33 68856 ---ha-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\GPhotos.scr"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\WINDOWS\\system32\\msfeedssync.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\Picasa3\\PicasaUpdater.exe"=
"c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
"c:\\WINDOWS\\system32\\wscript.exe"=
"c:\\Documents and Settings\\donnakeller\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\donnakeller\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 5\\ASC.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 5\\AutoUpdate.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpHost.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\VS Revo Group\\Revo Uninstaller\\revouninstaller.exe"=
.
R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [1/28/2009 3:28 PM 2560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [3/18/2012 4:14 PM 497496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 7:15 PM 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/20/2012 12:40 AM 652360]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/22/2008 12:34 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 7:15 PM 135664]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dladresn
nimcdfxk
isamsmt
mr2kserv
CVPND
E1000
atalk
screadspool
rt73
s716bus
opcenum
rpcnet
FVXSCSI
websensecommunicationagent
mi-raysat_3dsmax9_32
houdiniserver
HPSLPSVC
iksysflt
61883
bvrp_pci
CrystalSysInfo
iaimfp2
w550mdm
wampmysqld
irsir
MxlW2k
TPPWRIF
DfwWebAgent
hwdatacard
CAM1210
bthport
TryAndDecideService
SunkFilt
cis1284
AmeLanPc
PGPdisk
prosync1
sfrem01
RR2Mjpeg
winmtsrv
w800bus
uclauncherservice
ipsraidn
apphostsvc
SNC
TPM
fsbwsys
magictuneengine
HFACSVC
enethusb
areschatserver
asp.net
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 04:39]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 04:39]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-573735546-682003330-1004Core.job
- c:\documents and settings\donnakeller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 04:38]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-573735546-682003330-1004UA.job
- c:\documents and settings\donnakeller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 04:38]
.
2012-04-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-04-04 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-04-04 c:\windows\Tasks\User_Feed_Synchronization-{1E05FE6E-10DE-4035-830E-8D851BC6B289}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.joobers.com/
uSearchAssistant = hxxp://search.joobers.com/toolbar/SearchAssistant
uCustomizeSearch = hxxp://search.joobers.com/toolbar/CustomizeSearch
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cnet.com\download
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\donnakeller\Application Data\Mozilla\Firefox\Profiles\cy3whktf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: vShare: vshareus@toolbar - %profile%\extensions\vshareus@toolbar
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: PHPNukeEN Community Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - %profile%\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
FF - Ext: WhiteSmoke Bar Community Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - %profile%\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\documents and settings\All Users\Application Data\AVG Secure Search\10.0.0.7
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-NWEReboot - (no file)
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
AddRemove-648f1ec7 - c:\windows\system32\648f1ec7.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 22:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2756)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\VTTimer.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\GPhotos.scr
.
**************************************************************************
.
Completion time: 2012-04-03 22:52:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 02:52
.
Pre-Run: 6,865,932,288 bytes free
Post-Run: 6,980,030,464 bytes free
.
- - End Of File - - BE106CED2EAA598FC57971758C7ACBAB
-
P2P - I see you have P2P software installed on your machine. (LimeWire)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***************************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F563D000
Module End: F5655000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7C5D000
Module End: F7C5F000
Hidden: Yes
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\
Status: Hidden
Object: C:\Program Files\AVG\AVG2012\
Status: Hidden
Object: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\
Status: Hidden
Object: C:\Program Files\Google\Common\Google Updater\
Status: Hidden
Object: C:\Program Files\Google\Update\
Status: Hidden
Object: C:\Program Files\Java\jre6\bin\
Status: Hidden
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
-
How's your computer running now?
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Super Dave,
After the online scan, it gave me 2 options (optional) if i desired before clicking finished. 1st was delete eset from your computer.
The 2nd was delete threat files. Based on the log, it appears they were deleted, I didnt choose either of them options as your instructions didnt mention to. As ar as the computers performance goes, its defitnely running a bit better. Last night the start menu>accessories reappeared. Previsouly it was mia ubder the start menu. Before getting assistance with you on this site, I was informed to run msinfo32. At that time nothing happened when i typed it in run. So that led me to services > help and support. I tried to manually start the service and got an error. Ive just tried both of those options again with the exact same result. Nothing comes up when i type in run>msinfo32 and i get an error when trying to start help and support in services. Im not sure if the help and support was damaged by the infection, but thought this info might help. Also I have pending windows updates Ive yet to install because I didnt want to change anything while weve been working at this. Is it safe to do so now? A pop up to upgrade to internet explorer 8 keeps coming up, but according to i.e, im already running i.e 8? The contexual toolbar which was in add/remove programs previously alerted me with threat detections (from avg) everytime i attempted to uninstall it from there. That tool bar is now gone from the add/remove programs :D which according to a google search, it was not a good file for my computer! Other than that, anything else I can take a look at to see if computer is indeed running better? Thanks A MILLION!
C:\Documents and Settings\donnakeller\Desktop\music\boom boom boom (rare track).snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Documents and Settings\donnakeller\Desktop\music\boom boom came out in 2009 greatest hit 2009.wma probably a variant of Win32/Agent.CFDFCZI trojan cleaned by deleting - quarantined
C:\Documents and Settings\donnakeller\Desktop\music\prom queen lil wanye 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Program Files\vShare\imedix-silent.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\System Volume Information\_restore{B5B2433D-7C5E-4FF8-8417-FE18E7328867}\RP1\A0000006.exe Win32/InstallBrain application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B5B2433D-7C5E-4FF8-8417-FE18E7328867}\RP19\A0006180.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_20.31.37\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_20.31.37\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_20.31.37\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan cleaned by deleting - quarantined
-
Update: Shortly after posting my previous reply msinfo32 did come up, but it took some time to do so. Help and support also came up, but under services is still saying its stopped. When i try to start it, I still get error message.
Thanks
-
Also I have pending windows updates Ive yet to install because I didnt want to change anything while weve been working at this. Is it safe to do so now? A pop up to upgrade to internet explorer 8 keeps coming up, but according to i.e, im already running i.e 8? The contexual toolbar which was in add/remove programs previously alerted me with threat detections (from avg) everytime i attempted to uninstall it from there. That tool bar is now gone from the add/remove programs which according to a google search, it was not a good file for my computer! Other than that, anything else I can take a look at to see if computer is indeed running better?
Yes, go ahead and get your updates. After that is done we can do some cleanup.
As for msinfo32, it is just information about your computer. Not needed.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
*************************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Super Dave,
I cant thank you ENOUGH! Computer appears clean and is running like it should be!!!!!! I followed all steps :D My final question, and then you can lock this thread. Am I to delete the
sysprot folder, TDSKILLER, ANTI-MALLWARE BYTES, SPYWARE SWEEPER along with all the setup files for the other programs that I wont be keeping? Are all the logs now safe to delete?
Thanks!
-
Am I to delete the
sysprot folder, TDSKILLER, ANTI-MALLWARE BYTES, SPYWARE SWEEPER along with all the setup files for the other programs that I wont be keeping? Are all the logs now safe to delete?
If I were you the only two I would keep is SAS and MBAM. Update them and run them on a regular basis. Uninstall/delete all the rest.
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.