Author Topic: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED! (Read 11210 times)

johnkevinbebo · « **on:** September 07, 2010, 03:34:50 AM »

I didnt know that theres a new forum for this topic so I'm very sorry if I posted this twice already.

Ive done a lot of researching on this virus but nothing seems to COMPLETELY get rid of it, it keeps coming back! First, Adobe stops working, then it comes up and says my computer is infected and Anti-Virus Pro comes up, which Ive read is an anti-virus rogue. When it does this, I cannot run ANY .exe programs except internet explorer and google chrome. When I try to open something it says, "The Application cannot be executed. ____.exe is infected." . What can I do?!

Can u help me?

SuperDave · « **Reply #1 on:** September 07, 2010, 06:02:42 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.

***********************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***********************************
Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
Please post the log in your next reply.

johnkevinbebo · « **Reply #2 on:** September 07, 2010, 11:39:09 PM »

Rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Bernabe's on 09/07/2010 at 17:30:48.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Users\Bernabe's\Desktop\rkill.exe

Rkill completed on 09/07/2010 at 17:30:50.

johnkevinbebo · « **Reply #3 on:** September 07, 2010, 11:40:15 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/07/2010 at 07:04 PM

Application Version : 4.42.1000

Core Rules Database Version : 4951
Trace Rules Database Version: 2763

Scan type : Complete Scan
Total Scan Time : 01:06:44

Memory items scanned : 320
Memory threats detected : 0
Registry items scanned : 13280
Registry threats detected : 0
File items scanned : 119155
File threats detected : 648

Adware.Tracking Cookie
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@sextracker[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@apmebf[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][3].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@adultfriendfinder[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][3].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@collective-media[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@lucidmedia[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@fullsexmovies[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@adinterax[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@overture[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@media6degrees[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@realmedia[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@specificclick[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@fastclick[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@doubleclick[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@trafficholder[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@yieldmanager[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@liveperson[3].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@advertise[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@specificmedia[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@liveperson[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@adxpansion[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@invitemedia[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@atdmt[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@adbrite[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@zedo[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@tacoda[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@bluestreak[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@247realmedia[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@casalemedia[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@interclick[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@pro-market[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@revsci[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@questionmarket[1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe's@advertising[2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][2].txt
   C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Cookies\bernabe'[email protected][1].txt
   .at.atwola.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lfstmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .eyewonder.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .dmtracker.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .eyewonder.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adinterax.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .videoegg.adbureau.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .game-advertising-online.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   in.getclicky.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   rotator.adjuggler.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adserving.cpxinteractive.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adxpose.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adserving.cpxinteractive.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adtechus.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adtechus.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .edgeadx.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .edgeadx.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   eas.apm.emediate.eu [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atwola.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atwola.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad-g.doubleclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .googleads.g.doubleclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.doubleclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .oasn04.247realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .microsoftinternetexplorer.112.2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adinterax.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   eas.apm.emediate.eu [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lfstmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .amex-insights.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .weborama.fr [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .weborama.fr [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .weborama.fr [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.sellmeyourtraffic.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .crackle.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   static.freewebs.getclicky.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .e-2dj6wnkowmajgao.stats.esomniture.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   acewebtraffic.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .oasn04.247realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .network.realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   servedby.adxpower.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   rotator.adjuggler.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .googleads.g.doubleclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .www.burstnet.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   eas.apm.emediate.eu [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lstat.youku.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lstat.youku.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .stat.youku.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .toseeka.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   acewebtraffic.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.allotraffic.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .we.clicklike.co.uk [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .we.clicklike.co.uk [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fuckyeahjonghyun.tumblr.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fuckyeahjonghyun.tumblr.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fuckyeahjonghyun.tumblr.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   counter.search.bg [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adply.plymedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserving.omnigy.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserving.omnigy.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   statse.webtrendslive.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .msnportal.112.2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adserver.mmoguru.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   gotacha.rotator.hadj7.adjuggler.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   gotacha.rotator.hadj7.adjuggler.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   bet.burstnet.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .oasn04.247realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.tracking.callmeasurement.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.tracking.callmeasurement.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.tracking.callmeasurement.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media.adfrontiers.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adecn.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.findstuff.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kitaramedia.122.2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tracking.keywordmax.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .gayasianpornkings.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .gayasianpornkings.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .gayasianpornkings.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediabrandsww.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clearlink.122.2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   counter.top.dkd.lt [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   counter.top.dkd.lt [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   counter.top.chebra.lt [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   counter.top.chebra.lt [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media.adfrontiers.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   acewebtraffic.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .qksrv.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .build-up-track.co.cc [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .build-up-track.co.cc [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .steelhousemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .steelhousemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .steelhousemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .steelhousemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   straightboysfucking.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   straightboysfucking.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.straightboysfucking.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.straightboysfucking.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   straightandhorny.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .straightandhorny.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .straightandhorny.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adserver.gamesites200.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.zanox.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zanox.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vidego.multicastmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vidego.multicastmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .web-stat.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .web-stat.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .web-stat.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .web-stat.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .web-stat.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .web-stat.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .web-stat.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .oasn04.247realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clickbank.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   optimize.indieclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .myroitracking.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ordie.adbureau.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .exoclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .gaiainteractive.112.2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adlegend.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adlegend.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .shinystat.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .qksrv.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   stats.itsssl.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .entrepreneur.122.2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   googleads.g.doubleclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adjuggler.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lfstmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   googleads.g.doubleclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .metacafe.122.2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   network.realmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .chitika.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   dc.tremormedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   webstats.seoinc.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   webstats.seoinc.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   webstats.seoinc.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   webstats.seoinc.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn1.trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn1.trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   pixel.invitemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.addynamix.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.addynamix.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adtech.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adtech.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adtech.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.adtech.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificmedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   media.mtvnservices.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   media.mtvnservices.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   media.mtvnservices.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bluestreak.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.burstnet.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.burstbeacon.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstbeacon.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Bernabe's\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   cloud.video.unrulymedia.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   convoad.technoratimedia.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   crackle.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   dopetracks.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   media.heavy.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   media.mtvnservices.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   media.scanscout.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   media1.break.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   msnbcmedia.msn.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   objects.tremormedia.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   s0.2mdn.net [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QLP95395 ]
   s1.media.howtospendit.com [ C:\Users\Bernabe's\AppData\Roaming\Macromedia\Flash P

johnkevinbebo · « **Reply #4 on:** September 07, 2010, 11:41:12 PM »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

9/7/2010 7:43:04 PM
mbam-log-2010-09-07 (19-43-04).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 229824
Time elapsed: 29 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

johnkevinbebo · « **Reply #5 on:** September 07, 2010, 11:42:00 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:25 PM, on 9/7/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (filesize 1205560 bytes, MD5 764B1831B42DB6E4F68B9AEAED433A82)
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog1.dll (filesize 2166296 bytes, MD5 37810B173024D75560D08B5206893A02)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (filesize 75200 bytes, MD5 6D9042F1443A601DA8DC24D991EDDD0A)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (filesize 191792 bytes, MD5 69974B4FB022B6FB8691BF537B4C1A26)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 403840 bytes, MD5 D46ED7D33E847CD9E78E9F02910536B5)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 278192 bytes, MD5 389947CAD1A9C504DF6285AA1E7BE6F1)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (filesize 804136 bytes, MD5 7D52D1B380C1231FCEC11A707726A781)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (filesize 814648 bytes, MD5 42CB4EE0B0FC259C8AD20B460FA7D72A)
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (filesize 506720 bytes, MD5 21697F5C4A424E14A42E9E59C3E8A29F)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (filesize 41368 bytes, MD5 192E39C717013A0BD532B33AC29D6E7D)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (filesize 1067872 bytes, MD5 4A3AE89071321B4E4337DF5E63E946A7)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (filesize 158520 bytes, MD5 5DC423D89A927F04F7C562EEDD904012)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (filesize 1205560 bytes, MD5 764B1831B42DB6E4F68B9AEAED433A82)
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog1.dll (filesize 2166296 bytes, MD5 37810B173024D75560D08B5206893A02)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (filesize 1067872 bytes, MD5 4A3AE89071321B4E4337DF5E63E946A7)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 278192 bytes, MD5 389947CAD1A9C504DF6285AA1E7BE6F1)
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (filesize 506720 bytes, MD5 21697F5C4A424E14A42E9E59C3E8A29F)
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED (filesize 529256 bytes, MD5 D56EFA2023BF17D457F9ACDAD5F14689)
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 (filesize 1294136 bytes, MD5 0683803970A1375A2A632FEEA62D8D99)
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" (filesize 141608 bytes, MD5 869A67EE7C237DD9F9104854CAE0A9CD)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (filesize 35760 bytes, MD5 A32B25970003B6ABA027EFF8EEDA12A3)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (filesize 976832 bytes, MD5 0B232C77D822983397674AEEC9AB59DC)
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" (filesize 240480 bytes, MD5 04029B1659102E2EACC0A138B8966E29)
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume (filesize 288080 bytes, MD5 F8B91C91225E5CAA2B2F0370201021C0)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (filesize 421888 bytes, MD5 49385AFEE6EDFA0A0177BE6651AADD77)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO (filesize 264048 bytes, MD5 815CBBBAC9F4D44081955ABBC9544930)
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (filesize 39408 bytes, MD5 5D61BE7DB55B026A5D61A3EED09D0EAD)
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet (filesize 5244216 bytes, MD5 1B07EA92C5848259E2EF128F39223219)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (filesize 3872080 bytes, MD5 CCEAA8D97341E1335AFC353C03456288)
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bernabe's\AppData\Local\Google\Update\GoogleUpdate.exe" /c (filesize 136176 bytes, MD5 F02A533F517EB38333CB12A9E8963773)
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized (filesize 26192168 bytes, MD5 70B6D0C45256B688B7DBC10E922FB402)
O4 - HKCU\..\Run: [yescqxkq] C:\Users\Bernabe's\AppData\Local\wlyrffoin\ltvoqfuuqiw.exeC:\Users\Bernabe's\AppData\Local\wlyrffoin\ltvoqfuuqiw.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: GameRanger.lnk = C:\Users\Bernabe's\AppData\Roaming\GameRanger\GameRanger\Data\GameRanger.exe (filesize 1240800 bytes, MD5 9543FB4B5F190D49589DE94F1EA0321C)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (filesize 186192 bytes, MD5 F008B25C34C98E4F207B00852E25E97D)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (filesize 186192 bytes, MD5 F008B25C34C98E4F207B00852E25E97D)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (filesize 804136 bytes, MD5 7D52D1B380C1231FCEC11A707726A781)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (filesize 804136 bytes, MD5 7D52D1B380C1231FCEC11A707726A781)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (filesize 39464 bytes, MD5 AEF204E782BFA2C8448CB43A58960744)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (filesize 804136 bytes, MD5 7D52D1B380C1231FCEC11A707726A781)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (filesize 2135336 bytes, MD5 028FF74DAFDC7BB45C956A5EC8926CEE)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exeC:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\system32\NlsSrv32.exeC:\windows\system32\NlsSrv32.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\rselect\RSelSvc.exeC:\Program Files\TOSHIBA\rselect\RSelSvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SAS Core Service (SASCORE) - Unknown owner - C:\Users\Bernabe's\Desktop\SASCORE64.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exeC:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16820 bytes

SuperDave · « **Reply #6 on:** September 08, 2010, 11:16:47 AM »

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [yescqxkq] C:\Users\Bernabe's\AppData\Local\wlyrffoin\ltvoqfuuqiw.exeC:\Users\Bernabe's\AppData\Local\wlyrffoin\ltvoqfuuqiw.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

*********************************

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

johnkevinbebo · « **Reply #7 on:** September 08, 2010, 05:02:37 PM »

OTL logfile created on: 9/8/2010 1:03:10 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Bernabe's\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.94 Gb Total Space | 222.22 Gb Free Space | 77.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.22% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BERNABES-PC
Current User Name: Bernabe's
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/08 15:58:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Bernabe's\Desktop\OTL.exe

========== Modules (SafeList) ==========

MOD - [2010/09/08 15:58:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Bernabe's\Desktop\OTL.exe
MOD - [2009/07/13 15:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009/07/13 15:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 15:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\windows\SysNative\NlsSrv32.exe -- (nlsX86cc)
SRV:64bit: - [2009/08/27 10:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/21 06:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/08/04 08:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 15:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 12:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 06:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/07 06:38:24 | 000,065,904 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2009/03/27 15:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/08/23 14:20:17 | 002,854,488 | ---- | M] () [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3745.dll -- (Akamai)
SRV - [2010/06/10 18:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/28 04:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/08/17 07:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 16:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 16:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/07 10:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\NlsSrv32.exe -- (nlsX86cc)
SRV - [2009/03/10 15:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\gstkunic.sys -- (gstkunic)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\gstkserd3.sys -- (gstkserd3)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\gstkserd2.sys -- (gstkserd2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\gstkserd.sys -- (gstkserd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\gstknd5.sys -- (gstknd5) 3Gstick RmNet Network (NDIS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\gstkmdm.sys -- (gstkmdm)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\gstkmdfl.sys -- (gstkmdfl)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\gstkbus.sys -- (gstkbus) 3Gstick USB Composite Device (WDM)
DRV:64bit: - [2010/04/28 05:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/19 17:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 08:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 08:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/08/27 05:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/26 15:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/30 17:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 15:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/28 07:10:44 | 000,016,448 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\PMCF.sys -- (PMCF)
DRV:64bit: - [2009/07/24 12:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/21 11:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/14 12:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 15:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 15:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 13:36:22 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/13 13:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 11:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/04 16:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 05:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 13:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 07:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 14:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 16:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 10:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 15:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/22 19:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 10:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 05 93 64 9F 4D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/08/10 19:37:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/12 23:46:14 | 000,000,000 | ---D | M]

[2010/01/04 20:56:42 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\mozilla\Extensions
[2010/09/05 17:23:56 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\mozilla\Firefox\extensions
[2010/09/05 17:23:56 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Bernabe's\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

O1 HOSTS File: ([2010/06/03 17:26:23 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog1.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files (x86)\ToggleEN\tbTog1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\Bernabe's\AppData\Roaming\GameRanger\GameRanger\Data\GameRanger.exe (GameRanger Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ecdc12ef-ed14-11de-9fab-90e6ba02d3e3}\Shell - "" = AutoRun
O33 - MountPoints2\{ecdc12ef-ed14-11de-9fab-90e6ba02d3e3}\Shell\AutoRun\command - "" = E:\start.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/08 13:01:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Bernabe's\Desktop\OTL.exe
[2010/09/07 19:36:04 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Bernabe's\Desktop\HijackThisInstaller.exe
[2010/09/07 19:10:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/07 19:10:28 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bernabe's\Desktop\mbam-setup-1.46.exe
[2010/09/07 17:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/07 17:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/07 17:31:47 | 009,333,808 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Bernabe's\Desktop\SUPERAntiSpyware.exe
[2010/09/06 23:13:41 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Local\wlyrffoin
[2010/09/06 22:10:24 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/09/06 19:08:28 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\keel
[2010/09/06 19:04:33 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\oni
[2010/09/05 21:01:15 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\Documents\Tales Runner
[2010/09/05 17:26:10 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\TalesRunner
[2010/09/05 17:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gpotato
[2010/08/28 11:55:56 | 000,045,056 | ---- | C] (GamerzPlanet inc.) -- C:\Users\Bernabe's\Desktop\Aau Perfect Hack.exe
[2010/08/27 22:16:32 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\Desktop\My Images
[2010/08/23 20:57:52 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\Desktop\My Songs & Videos
[2010/08/20 09:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/13 17:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AhnLab
[2010/08/10 19:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/08/10 19:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Boost
[2010/08/10 19:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
[2010/08/08 00:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/08/08 00:58:46 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\SystemRequirementsLab
[2010/08/07 00:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/08/06 15:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/06 15:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/06 14:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/07/30 13:21:44 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\skypePM
[2010/07/30 13:17:58 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\Skype
[2010/07/30 13:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/07/30 13:17:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/07/30 13:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/07/30 13:15:55 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\InstallShield
[2010/07/28 12:00:20 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2010/07/28 11:59:28 | 000,021,504 | ---- | C] (Avnex) -- C:\windows\SysNative\drivers\vcsvad.sys
[2010/07/22 19:05:39 | 000,000,000 | --SD | C] -- C:\Users\Bernabe's\Documents\Mabinogi
[2010/07/20 19:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/07/20 18:08:23 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Local\PMB Files
[2010/07/20 18:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/07/20 18:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010/07/15 23:11:01 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\Documents\My Google Gadgets
[2010/07/02 15:15:43 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\PhotoshopCS4 Portable
[2010/06/29 16:16:52 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/06/27 00:52:35 | 000,000,000 | ---D | C] -- C:\98bd21af017a78370f
[2010/06/25 03:00:28 | 000,000,000 | ---D | C] -- C:\b4d21a534114781a7985774a36
[2010/06/17 21:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/17 21:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/17 21:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/14 16:16:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\windows\SysWow64\frapsvid.dll
[2010/06/14 16:16:22 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\windows\SysNative\frapsv64.dll
[2010/06/11 23:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RebelRO Full
[2010/06/11 13:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Gravity
[2010/06/11 09:42:34 | 000,000,000 | ---D | C] -- C:\CyberStep
[2010/06/10 17:17:44 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\Documents\HighAndes
[2010/06/10 17:17:44 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\HighAndes
[2010/06/10 17:17:44 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Local\HighAndes
[2010/06/10 17:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HighAndes
[2010/06/10 17:17:34 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\windows\SysWow64\NlsSrv32.exe
[2010/06/10 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\Blue Cat Audio

========== Files - Modified Within 90 Days ==========

[2010/09/08 15:58:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Bernabe's\Desktop\OTL.exe
[2010/09/08 13:02:16 | 002,621,440 | -HS- | M] () -- C:\Users\Bernabe's\ntuser.dat
[2010/09/08 12:46:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/09/08 12:45:51 | 3192,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/07 20:24:52 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bernabe's\Desktop\HijackThisInstaller.exe
[2010/09/07 20:24:18 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bernabe's\Desktop\mbam-setup-1.46.exe
[2010/09/07 20:22:52 | 009,333,808 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Bernabe's\Desktop\SUPERAntiSpyware.exe
[2010/09/07 19:57:12 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/09/07 19:54:59 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/07 19:54:59 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/07 19:53:22 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/07 19:53:22 | 000,000,302 | -H-- | M] () -- C:\windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/09/07 19:44:20 | 000,002,064 | ---- | M] () -- C:\Users\Bernabe's\Desktop\HijackThis.lnk
[2010/09/07 19:10:53 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 17:32:21 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/07 17:30:31 | 000,726,276 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/09/07 17:30:31 | 000,623,406 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/09/07 17:30:31 | 000,107,384 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/09/07 06:58:41 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-686985990-1959598884-796010101-1000UA.job
[2010/09/07 06:58:41 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/07 03:05:52 | 000,363,520 | ---- | M] () -- C:\Users\Bernabe's\Desktop\rkill.exe
[2010/09/06 22:10:25 | 000,000,573 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Fraps.lnk
[2010/09/06 20:29:00 | 000,000,506 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Bernabe's.job
[2010/09/06 19:49:00 | 000,000,872 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-686985990-1959598884-796010101-1000Core.job
[2010/09/06 19:03:38 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SplashFighters.ijji.lnk
[2010/09/06 19:03:38 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\ijji.lnk
[2010/09/06 19:03:38 | 000,000,879 | ---- | M] () -- C:\Users\Bernabe's\Application Data\Microsoft\Internet Explorer\Quick Launch\SplashFightersIjji.lnk
[2010/09/06 19:03:38 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\SplashFightersIjji.lnk
[2010/09/05 17:23:07 | 000,001,136 | ---- | M] () -- C:\Users\Bernabe's\Desktop\TalesRunner.lnk
[2010/09/05 17:21:13 | 1090,349,167 | ---- | M] () -- C:\Users\Bernabe's\Desktop\TalesRunnerSetup20100623.exe
[2010/08/28 09:49:48 | 000,001,634 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Google Chrome.lnk
[2010/08/25 22:25:32 | 000,002,312 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Internet Explorer.lnk
[2010/08/23 23:42:35 | 000,001,786 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Audition.lnk
[2010/08/20 09:38:02 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/16 15:27:22 | 000,037,376 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Perfect Booster.dll
[2010/08/15 13:06:03 | 000,001,041 | ---- | M] () -- C:\Users\Bernabe's\Desktop\RebelRO Patcher.lnk
[2010/08/13 06:32:49 | 000,376,008 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2010/08/07 00:24:20 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/06 15:01:52 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/06 14:57:08 | 000,000,629 | ---- | M] () -- C:\windows\SysNative\mapisvc.inf
[2010/08/06 14:57:00 | 000,002,515 | ---- | M] () -- C:\Users\Bernabe's\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/06 14:57:00 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/07/30 13:21:45 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/07/30 13:17:31 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/07/10 23:38:58 | 000,045,056 | ---- | M] (GamerzPlanet inc.) -- C:\Users\Bernabe's\Desktop\Aau Perfect Hack.exe
[2010/07/08 00:22:17 | 000,524,288 | -HS- | M] () -- C:\Users\Bernabe's\ntuser.dat{0d471813-8a72-11df-869f-c3b73dd791fd}.TMContainer00000000000000000002.regtrans-ms
[2010/07/08 00:22:17 | 000,524,288 | -HS- | M] () -- C:\Users\Bernabe's\ntuser.dat{0d471813-8a72-11df-869f-c3b73dd791fd}.TMContainer00000000000000000001.regtrans-ms
[2010/07/08 00:22:17 | 000,065,536 | -HS- | M] () -- C:\Users\Bernabe's\ntuser.dat{0d471813-8a72-11df-869f-c3b73dd791fd}.TM.blf
[2010/07/03 02:06:16 | 551,005,420 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/07/02 00:27:44 | 000,000,000 | -H-- | M] () -- C:\Users\Bernabe's\Desktop\Photoshop_12_LS1.exe.part
[2010/06/25 22:47:43 | 000,024,652 | ---- | M] () -- C:\Users\Bernabe's\Documents\My Movie1.wlmp
[2010/06/25 13:17:39 | 000,013,974 | ---- | M] () -- C:\Users\Bernabe's\Documents\My Movie.wlmp
[2010/06/14 16:16:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\windows\SysWow64\frapsvid.dll
[2010/06/14 16:16:22 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\windows\SysNative\frapsv64.dll
[2010/06/11 13:22:12 | 000,000,355 | ---- | M] () -- C:\Users\Bernabe's\Homegroup - Shortcut.lnk

========== Files Created - No Company Name ==========

[2010/09/07 19:44:20 | 000,002,064 | ---- | C] () -- C:\Users\Bernabe's\Desktop\HijackThis.lnk
[2010/09/07 19:10:53 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 17:32:02 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/07 17:30:11 | 000,363,520 | ---- | C] () -- C:\Users\Bernabe's\Desktop\rkill.exe
[2010/09/06 22:10:25 | 000,000,573 | ---- | C] () -- C:\Users\Bernabe's\Desktop\Fraps.lnk
[2010/09/06 19:03:38 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SplashFighters.ijji.lnk
[2010/09/06 19:03:38 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\ijji.lnk
[2010/09/06 19:03:38 | 000,000,879 | ---- | C] () -- C:\Users\Bernabe's\Application Data\Microsoft\Internet Explorer\Quick Launch\SplashFightersIjji.lnk
[2010/09/06 19:03:38 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\SplashFightersIjji.lnk
[2010/09/05 17:23:07 | 000,001,136 | ---- | C] () -- C:\Users\Bernabe's\Desktop\TalesRunner.lnk
[2010/09/05 16:44:29 | 1090,349,167 | ---- | C] () -- C:\Users\Bernabe's\Desktop\TalesRunnerSetup20100623.exe
[2010/08/28 11:55:56 | 000,037,376 | ---- | C] () -- C:\Users\Bernabe's\Desktop\Perfect Booster.dll
[2010/08/20 09:38:02 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/15 13:06:03 | 000,001,041 | ---- | C] () -- C:\Users\Bernabe's\Desktop\RebelRO Patcher.lnk
[2010/08/07 00:23:46 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/06 15:01:52 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/06 14:57:08 | 000,000,629 | ---- | C] () -- C:\windows\SysNative\mapisvc.inf
[2010/08/06 14:57:00 | 000,002,515 | ---- | C] () -- C:\Users\Bernabe's\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/06 14:57:00 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/07/30 13:21:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/30 13:17:31 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/07/08 22:17:51 | 000,002,312 | ---- | C] () -- C:\Users\Bernabe's\Desktop\Internet Explorer.lnk
[2010/07/07 23:20:50 | 000,524,288 | -HS- | C] () -- C:\Users\Bernabe's\ntuser.dat{0d471813-8a72-11df-869f-c3b73dd791fd}.TMContainer00000000000000000002.regtrans-ms
[2010/07/07 23:20:50 | 000,524,288 | -HS- | C] () -- C:\Users\Bernabe's\ntuser.dat{0d471813-8a72-11df-869f-c3b73dd791fd}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 23:20:50 | 000,065,536 | -HS- | C] () -- C:\Users\Bernabe's\ntuser.dat{0d471813-8a72-11df-869f-c3b73dd791fd}.TM.blf
[2010/07/02 00:27:44 | 000,000,000 | -H-- | C] () -- C:\Users\Bernabe's\Desktop\Photoshop_12_LS1.exe.part
[2010/06/29 16:16:49 | 551,005,420 | ---- | C] () -- C:\windows\MEMORY.DMP
[2010/06/25 22:47:43 | 000,024,652 | ---- | C] () -- C:\Users\Bernabe's\Documents\My Movie1.wlmp
[2010/06/25 13:17:39 | 000,013,974 | ---- | C] () -- C:\Users\Bernabe's\Documents\My Movie.wlmp
[2010/06/11 13:22:12 | 000,000,355 | ---- | C] () -- C:\Users\Bernabe's\Homegroup - Shortcut.lnk
[2010/05/24 20:31:40 | 000,003,584 | ---- | C] () -- C:\Users\Bernabe's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/22 19:59:08 | 000,000,621 | ---- | C] () -- C:\windows\SysWow64\Franklin Access Manager.ini
[2009/12/19 15:15:19 | 000,000,013 | RHS- | C] () -- C:\windows\SysWow64\drivers\fbd.sys
[2009/09/24 06:16:35 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/07/13 13:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 11:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/06/10 17:17:31 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\Blue Cat Audio
[2009/12/20 18:02:04 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\DragonicaSCB
[2010/01/30 13:13:27 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\GameRanger
[2010/06/10 17:17:44 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\HighAndes
[2010/08/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\SystemRequirementsLab
[2010/09/05 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\TalesRunner
[2010/04/12 17:35:14 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\TOSHIBA
[2009/12/19 21:03:31 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\Ulead Systems
[2009/12/19 15:14:59 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\WinBatch
[2010/07/27 08:12:30 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/07 19:53:22 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2010/06/16 22:46:29 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-20\desktop.ini
[2010/09/01 19:21:18 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$I03C9LC.gif
[2010/09/06 19:06:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$I4PQYHM.png
[2010/08/31 16:19:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$I5S5DVW.jpg
[2010/02/14 19:56:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IBX1K49.jpg
[2010/04/02 15:46:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IE4FYY0.lnk
[2010/08/27 22:34:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IELVZ6T.jpg
[2010/08/31 16:21:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IEUEMJE.jpg
[2010/08/27 22:34:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IF5QMZ3.jpg
[2010/06/19 11:23:48 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$ILJTP7C.jpg
[2010/09/03 18:05:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$ILN1OM8.gif
[2010/08/27 22:33:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IOOIG7S.jpg
[2010/08/31 16:21:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IRK5K7Q.jpg
[2010/08/27 22:33:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IUVF4EO.jpg
[2010/09/01 19:19:07 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IV1R7SM.gif
[2010/09/01 19:21:18 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IWFPHGE.gif
[2010/09/03 19:46:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IYBF07J.mp4
[2010/02/14 19:56:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$IZPM36L.jpg
[2010/09/01 19:18:40 | 000,004,834 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$R03C9LC.gif
[2010/09/06 18:28:17 | 000,130,412 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$R4PQYHM.png
[2010/08/31 16:15:45 | 000,019,523 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$R5S5DVW.jpg
[2010/01/31 13:58:16 | 000,037,883 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$RBX1K49.jpg
[2009/07/13 19:32:31 | 000,775,702 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$REUEMJE.jpg
[2010/09/03 18:05:14 | 000,000,105 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$RLN1OM8.gif
[2010/03/29 14:44:19 | 000,034,720 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$RRK5K7Q.jpg
[2010/09/01 19:18:40 | 000,004,834 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$RV1R7SM.gif
[2010/09/01 19:04:30 | 000,020,439 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$RWFPHGE.gif
[2010/09/03 19:16:01 | 020,223,748 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$RYBF07J.mp4
[2010/01/31 14:06:25 | 000,040,440 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\$RZPM36L.jpg
[2009/12/19 15:15:50 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-1000\desktop.ini
[2009/09/24 05:22:16 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-686985990-1959598884-796010101-500\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2009/07/13 15:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 15:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 15:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 15:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/13 15:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/13 15:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/13 15:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/13 15:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: BEEP.SYS >
[2009/07/13 14:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 15:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 15:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 15:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 15:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009/07/13 15:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/30 19:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/30 19:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/30 19:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/02 20:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/30 20:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/30 20:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 19:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/30 20:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 19:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 15:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 20:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/02 20:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTOR.SYS >
[2009/06/04 15:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 15:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 15:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 15:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 15:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: IMM32.DLL >
[2009/07/13 15:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=0DE3069D6E09BA262856EF31C941BEFE -- C:\Windows\SysWOW64\imm32.dll
[2009/07/13 15:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=0DE3069D6E09BA262856EF31C941BEFE -- C:\Windows\SysWOW64\imm32.dll
[2009/07/13 15:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=0DE3069D6E09BA262856EF31C941BEFE -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_c29fba0fc87cc5a4\imm32.dll
[2009/07/13 15:41:09 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=AA2C08CE85653B1A0D2E4AB407FA176C -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/07/13 15:41:13 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=5B4B379AD10DEDA4EDA01B8C6961B193 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[2009/07/13 15:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) MD5=606ECB76A424CC535407E7A24E2A34BC -- C:\Windows\SysWOW64\kernel32.dll
[2009/07/13 15:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) MD5=606ECB76A424CC535407E7A24E2A34BC -- C:\Windows\SysWOW64\kernel32.dll
[2009/07/13 15:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) MD5=606ECB76A424CC535407E7A24E2A34BC -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 15:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\SysWOW64\mswsock.dll
[2009/07/13 15:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\SysWOW64\mswsock.dll
[2009/07/13 15:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2009/07/13 15:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NDIS.SYS >
[2009/07/13 15:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 15:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 15:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 15:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 15:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/07/13 15:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 15:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 15:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2009/07/13 15:39:28 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=19117589BA265AAF89BEBE1E9040000C -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_83bbe97eac162e90\proquota.exe
[2009/07/13 15:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\SysWOW64\proquota.exe
[2009/07/13 15:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\SysWOW64\proquota.exe
[2009/07/13 15:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_279d4dfaf3b8bd5a\pr

johnkevinbebo · « **Reply #8 on:** September 08, 2010, 05:03:26 PM »

OTL Extras logfile created on: 9/8/2010 1:03:10 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Bernabe's\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.94 Gb Total Space | 222.22 Gb Free Space | 77.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.22% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BERNABES-PC
Current User Name: Bernabe's
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Bernabe's\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LTMOH" = LSI V92 MOH Application
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.03.02
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}" = Audition
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9FE10246-A876-4979-B345-CADE6863BD8E}" = TOSHIBA Supervisor Password
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5D8637D-FA1C-4CAD-91FC-4ADB1C284A21}" = TOSHIBA Hardware Setup
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Fraps" = Fraps
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallPath" = SplashFightersIjji
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NSS" = Norton Security Scan
"ToggleEN Toolbar" = ToggleEN Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"RebelRO Full" = RebelRO Full

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2010 10:07:42 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/27/2010 10:13:25 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/27/2010 10:13:25 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/27/2010 10:13:34 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/27/2010 10:13:34 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/27/2010 10:18:47 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/27/2010 10:18:47 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/27/2010 10:25:43 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/27/2010 10:25:43 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/27/2010 10:26:40 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 6/11/2010 6:39:30 AM | Computer Name = Bernabes-PC | Source = NetBT | ID = 4321
Description = The name "BERNABES-PC :0" could not be registered on the interface
with IP address 192.168.0.101. The computer with the IP address 192.168.0.100 did
not allow the name to be claimed by this computer.

Error - 6/11/2010 6:39:30 AM | Computer Name = Bernabes-PC | Source = NetBT | ID = 4321
Description = The name "BERNABES-PC :0" could not be registered on the interface
with IP address 192.168.0.101. The computer with the IP address 192.168.0.104 did
not allow the name to be claimed by this computer.

Error - 6/11/2010 6:40:04 AM | Computer Name = Bernabes-PC | Source = NetBT | ID = 4321
Description = The name "BERNABES-PC :0" could not be registered on the interface
with IP address 192.168.0.101. The computer with the IP address 192.168.0.100 did
not allow the name to be claimed by this computer.

Error - 6/11/2010 6:40:04 AM | Computer Name = Bernabes-PC | Source = NetBT | ID = 4321
Description = The name "BERNABES-PC :0" could not be registered on the interface
with IP address 192.168.0.101. The computer with the IP address 192.168.0.104 did
not allow the name to be claimed by this computer.

Error - 6/11/2010 6:42:01 AM | Computer Name = Bernabes-PC | Source = NetBT | ID = 4321
Description = The name "BERNABES-PC :0" could not be registered on the interface
with IP address 192.168.0.101. The computer with the IP address 192.168.0.104 did
not allow the name to be claimed by this computer.

Error - 6/11/2010 6:42:01 AM | Computer Name = Bernabes-PC | Source = NetBT | ID = 4321
Description = The name "BERNABES-PC :0" could not be registered on the interface
with IP address 192.168.0.101. The computer with the IP address 192.168.0.104 did
not allow the name to be claimed by this computer.

Error - 6/11/2010 2:55:39 PM | Computer Name = Bernabes-PC | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2

Error - 6/11/2010 2:55:49 PM | Computer Name = Bernabes-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 6/11/2010 5:00:33 PM | Computer Name = Bernabes-PC | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2

Error - 6/11/2010 5:00:45 PM | Computer Name = Bernabes-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

< End of report >

SuperDave · « **Reply #9 on:** September 08, 2010, 06:11:10 PM »

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. I do not need to see this report.

***************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

johnkevinbebo · « **Reply #10 on:** September 08, 2010, 08:51:46 PM »

C:\Users\Bernabe's\AppData\Local\wlyrffoin\ltvoqfuuqiw.exe a variant of Win32/Kryptik.GPD trojan cleaned by deleting - quarantined

Thats the ESET ^

johnkevinbebo · « **Reply #11 on:** September 08, 2010, 08:52:25 PM »

anymore step SuperDave? btw thank you very much!!!!1111

SuperDave · « **Reply #12 on:** September 09, 2010, 01:22:53 PM »

If you're happy, I'm happy. Let's do some clean-up

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*******************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.

****************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

************************************

Just in case you don't have a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**********************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

johnkevinbebo · « **Reply #13 on:** September 09, 2010, 07:12:46 PM »

Thank You very much Dave its working fine now and i downloaded your suggestions.

SuperDave · « **Reply #14 on:** September 18, 2010, 05:30:26 PM »

Resolved. Thread locked.

Computer Hope Forum

News:

Author Topic: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED! (Read 11210 times)

johnkevinbebo

APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

SuperDave

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

johnkevinbebo

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

johnkevinbebo

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

johnkevinbebo

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

johnkevinbebo

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

SuperDave

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

johnkevinbebo

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

johnkevinbebo

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

SuperDave

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

johnkevinbebo

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

johnkevinbebo

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

SuperDave

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

johnkevinbebo

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!

SuperDave

Re: APPLICATION IS EXECUTED. THE FILE XXXXXX MAY BE INFECTED!