Author Topic: Disc space stolen by ... (Read 30983 times)

marsky · « **on:** August 10, 2012, 10:46:43 AM »

Hello.
I got sort of problem as a mysticism with hard drive. It seems I feel the reasons. I did a several unsuccessful torrent downloads which ones was abruptly ended without an plan and warnings. It not very awful by itself but pity is that now disc are slowing boots and workout programs badly. Pentium 1.4, RAM 640, HDD 40. Also those torrent files occupy 2MG regardless I deleted all setups and visible downloads. What happened? If it possibly? Where I need to find stolen storage and how?
Thankful for support

Allan · « **Reply #1 on:** August 10, 2012, 10:49:40 AM »

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

marsky · « **Reply #2 on:** August 11, 2012, 01:57:04 PM »

Hello.
Here is log result for Superantispyware.
Well it seems one program are suspicious at least I don't know where it came from: /VideoFileDownload/ but icon has as a regular driver.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2012 at 09:16 PM

Application Version : 5.5.1012

Core Rules Database Version : 9044
Trace Rules Database Version: 6856

Scan type : Quick Scan
Total Scan Time : 00:14:24

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 451
Memory threats detected : 0
Registry items scanned : 28434
Registry threats detected : 1
File items scanned : 6454
File threats detected : 257

Adware.Tracking Cookie
   C:\Documents and Settings\user\Cookies\user@invitemedia[2].txt [ /invitemedia ]
   .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\PDHP20RR.txt [ *Blocked Russian URL* ]
   .clickonf5.org [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\30H28D60.txt [ /imrworldwide.com ]
   .clickonf5.org [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\JFO65VLN.txt [ /in.getclicky.com ]
   .avgtechnologies.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .kontera.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\SEXB3KGN.txt [ /fr.sitestat.com ]
   C:\Documents and Settings\user\Cookies\7BOLXYSC.txt [ /adbrite.com ]
   .xiti.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\MX7A86VJ.txt [ /2o7.net ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\C1VT012Y.txt [ *Blocked Russian URL* ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .pcworldcommunication.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .openstat.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\IOT2PO89.txt [ /fr.sitestat.com ]
   .adtech.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\ERN3PJS0.txt [ /ad.yieldmanager.com ]
   C:\Documents and Settings\user\Cookies\0GSQ7Y41.txt [ /clickbank.net ]
   .specificclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\OOWG0JSW.txt [ /revsci.net ]
   .realmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .realmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\WY22TESJ.txt [ /atdmt.com ]
   C:\Documents and Settings\user\Cookies\14Z3ULT8.txt [ /windowsmedia.com ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\AW8FIKYD.txt [ /lucidmedia.com ]
   .adinterax.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\GIJ5G35E.txt [ /www.windowsmedia.com ]
   C:\Documents and Settings\user\Cookies\ZR7W632X.txt [ /h.atdmt.com ]
   *Blocked Russian URL* [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\2G75I1T3.txt [ /doubleclick.net ]
   *Blocked Russian URL* [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   *Blocked Russian URL* [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   www.etracker.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\H0TDXTTQ.txt [ /accounts.google.com ]
   .2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\Documents and Settings\user\Cookies\7D5YOFG2.txt [ /c.atdmt.com ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .apmebf.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .ru4.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   openx.jeetyetmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   adserver.twitpic.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .liveperson.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .clickbank.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   C:\DOCUMENTS AND SETTINGS\USER\Cookies\X28YS9Z0.txt [ Cookie:[email protected]/adServe/banners ]
   .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   adx.kat.ph [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .ru4.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .888media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ox.ads4clicks.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .1sadx.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .histats.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .histats.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .adnetwork.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   newonlinemediaget.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   newonlinemediaget.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   newonlinemediaget.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   newonlinemediaget.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   newonlinemediaget.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   newonlinemediaget.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   counters.gigya.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   www.pcmightymax.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .pcmightymax.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .pcmightymax.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .pcmightymax.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .pcmightymax.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   pcmightymax.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   pcmightymax.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .pcmightymax.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .pcmightymax.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   *Blocked Russian URL* [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   *Blocked Russian URL* [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   fr.sitestat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   fr.sitestat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   fr.sitestat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   fr.sitestat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   fr.sitestat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .gntbcstglobal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .statoil.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .statoil.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .statoil.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .statoil.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   *Blocked Russian URL* [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   *Blocked Russian URL* [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .bwincom.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .xiti.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .xiti.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .xiti.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .xiti.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .xiti.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .xiti.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   7.rotator.trafficbee.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   7.rotator.trafficbee.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   7.rotator.trafficbee.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   wmedia.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   wmedia.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   wmedia.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .indieclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   optimize.indieclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .fastclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .77tracking.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .77tracking.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .77tracking.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .dmtracker.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .statcounter.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   e2.emediate.se [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   e2.emediate.se [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .viasatsatelliteservices.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   supremeadserver.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   adserver.adreactor.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .myroitracking.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .clicksor.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .clicksor.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .clicksor.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .clicksor.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .clicksor.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .1click-downloader.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .1click-downloader.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .1click-downloader.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   www.1click-downloader.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .apmebf.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .bravenet.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .quartermedia.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .quartermedia.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .adinterax.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .moviesclick123.blogspot.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .moviesclick123.blogspot.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .moviesclick123.blogspot.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .clickbank.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .statcounter.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .clicks2count.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .mm.chitika.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   *Blocked Russian URL* [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .overture.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .overture.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .spylog.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   accounts.google.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   accounts.google.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

PUP.PC MightyMax
   C:\Documents and Settings\user\Application Data\PCMM2009\diagnostic\last-scan
   C:\Documents and Settings\user\Application Data\PCMM2009\diagnostic
   C:\Documents and Settings\user\Application Data\PCMM2009\pcmm2009-configuration
   C:\Documents and Settings\user\Application Data\PCMM2009
   C:\Documents and Settings\user\Application Data\PCMM2012\diagnostic\trace.log
   C:\Documents and Settings\user\Application Data\PCMM2012\diagnostic
   C:\Documents and Settings\user\Application Data\PCMM2012

Disabled.SecurityCenterOption
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

marsky · « **Reply #3 on:** August 12, 2012, 05:00:58 AM »

... as well next one MBAM log.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-458FAFC743 [administrator]

2012.08.12. 13:18:57
mbam-log-2012-08-12 (13-18-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174657
Time elapsed: 11 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 7f5e3c4e462f2ab43817cacc89c01371 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\TSearch (Adware.TSearch) -> Quarantined and deleted successfully.

Files Detected: 8
C:\Documents and Settings\All Users\Application Data\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> No action taken.
C:\Documents and Settings\All Users\Application Data\OptimizerPro\updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\Program Files\TSearch\client.py (Adware.TSearch) -> Quarantined and deleted successfully.
C:\Program Files\TSearch\easydownload.exe (Adware.TSearch) -> Quarantined and deleted successfully.
C:\Program Files\TSearch\header.bmp (Adware.TSearch) -> Quarantined and deleted successfully.
C:\Program Files\TSearch\libtorrent.pyd (Adware.TSearch) -> Quarantined and deleted successfully.
C:\Program Files\TSearch\python25.dll (Adware.TSearch) -> Quarantined and deleted successfully.
C:\Program Files\TSearch\results (Adware.TSearch) -> Quarantined and deleted successfully.

(end)

p.s. But it is looks like I need addintional help to download DDS because link isn't opened for me (browser opening Untitled tab). And second 'Here' link opening some spanish website.

SuperDave · « **Reply #4 on:** August 12, 2012, 05:59:29 PM »

Please run MBAM again. There's one infection that was not cleaned.
Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
***************************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

marsky · « **Reply #5 on:** August 13, 2012, 01:36:52 PM »

Hi.
Did second scan MBAM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-458FAFC743 [administrator]

2012.08.13. 19:37:08
mbam-log-2012-08-13 (19-37-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174586
Time elapsed: 8 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\All Users\Application Data\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\Uninstall.exe21040985.del (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\20391811.Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\20633739.Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)

... so Security Check log too ...

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2012
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Out of date HijackThis installed!
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
CCleaner
Auslogics Registry Cleaner
JavaFX 2.1.1
Java(TM) 7 Update 5
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````[/u]

... accept please. But log ComboFix.txt don't ready to analyse. Laptop stops its work as Windows Recovery Console starts scan. Computer clock stops its run too at scan moment. After first scan Windows Security Essential showed potential threat detected Adware:win32/Adkubru which was quarantined. Second attempting in vain too. What can I do?

SuperDave · « **Reply #6 on:** August 13, 2012, 04:45:14 PM »

You really should turn on the Windows Firewall.
Also, you are evidently running two AV's which is a no-no. Either AVG Anti-Virus Free Edition 2012
or Microsoft Security Essentials will have to be disabled/uninstalled.

Quote

But log ComboFix.txt don't ready to analyse. Laptop stops its work as Windows Recovery Console starts scan. Computer clock stops its run too at scan moment. After first scan Windows Security Essential showed potential threat detected Adware:win32/Adkubru which was quarantined. Second attempting in vain too. What can I do?

Delete ComboFix from your desktop and download this one. It's the same program but you will need to rename it before downloading it.

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click PCHelpForum.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

marsky · « **Reply #7 on:** August 14, 2012, 07:58:35 AM »

Hi.
It is somewhat interest. I cannot to execute scan to end. When scan have been starting ComboFix show that AVG antivirus is running but it shell scan at risk and I am letting scan because AVG deleted as two month ago. How can I disable previous antivirus?

SuperDave · « **Reply #8 on:** August 14, 2012, 05:40:19 PM »

Quote

How can I disable previous antivirus?

Use this AVG removal tool and then try to run ComboFix.

AVG Antivirus - AVG Antivirus Remover utility

marsky · « **Reply #9 on:** August 15, 2012, 04:30:56 PM »

Why cannot I finish Combofix scan? I disabled all antiviruses I haven't any known me explanation why Combofix hanging up during scan process. Where is the problem with virus, computer or Combofix?

SuperDave · « **Reply #10 on:** August 15, 2012, 04:41:55 PM »

It could be a number of things that's preventing ComboFix from running to completion.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

marsky · « **Reply #11 on:** August 16, 2012, 12:25:48 PM »

Kas file hasn't any detected virus/malware threat. Tool did scan of 59 653 files. What does it show?

SuperDave · « **Reply #12 on:** August 16, 2012, 06:33:52 PM »

Please try to run ComboFix in Safe Mode.

marsky · « **Reply #13 on:** August 18, 2012, 02:12:26 AM »

I had applied possibly all pointed steps but haven't Combofix scan log. Scan was held up 15 hrs indicating the working hard drive and as final "accord" got concrete freeze. How can to advance process?

SuperDave · « **Reply #14 on:** August 18, 2012, 04:33:29 PM »

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

marsky · « **Reply #15 on:** August 20, 2012, 06:52:29 AM »

Master, the log of aswMBR was done for several seconds. Hope it shows something clearer.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 15:32:55
-----------------------------
15:32:55.472 OS Version: Windows 5.1.2600 Service Pack 3
15:32:55.472 Number of processors: 1 586 0xD06
15:32:55.472 ComputerName: USER-458FAFC743 UserName: user
15:33:39.435 Initialize success
15:34:16.358 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:34:16.358 Disk 0 Vendor: HTS424040M9AT00 MA2OA71A Size: 38154MB BusType: 3
15:34:16.368 Disk 0 MBR read successfully
15:34:16.378 Disk 0 MBR scan
15:34:16.378 Disk 0 Windows XP default MBR code
15:34:16.378 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 18002 MB offset 63
15:34:16.378 Disk 0 Partition - 00 0F Extended LBA 20151 MB offset 36869175
15:34:16.398 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20151 MB offset 36869238
15:34:16.408 Disk 0 scanning sectors +78140160
15:34:16.658 Disk 0 scanning C:\WINDOWS\system32\drivers
15:34:29.957 Service scanning
15:34:56.095 Modules scanning
15:35:56.051 Disk 0 trace - called modules:
15:35:56.071 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
15:35:56.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82715800]
15:35:56.422 3 CLASSPNP.SYS[f88e3fd7] -> nt!IofCallDriver -> \Device\00000083[0x82791030]
15:35:56.432 5 ACPI.sys[f883a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8278bd98]
15:35:56.442 Scan finished successfully
15:36:30.581 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\My Documents\MBR.dat"
15:36:30.581 The log file has been saved successfully to "C:\Documents and Settings\user\My Documents\aswMBR.txt"

SuperDave · « **Reply #16 on:** August 20, 2012, 05:02:17 PM »

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

marsky · « **Reply #17 on:** August 21, 2012, 09:14:01 AM »

Here is the aswMBR log. I did it for several seconds.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 15:32:55
-----------------------------
15:32:55.472 OS Version: Windows 5.1.2600 Service Pack 3
15:32:55.472 Number of processors: 1 586 0xD06
15:32:55.472 ComputerName: USER-458FAFC743 UserName: user
15:33:39.435 Initialize success
15:34:16.358 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:34:16.358 Disk 0 Vendor: HTS424040M9AT00 MA2OA71A Size: 38154MB BusType: 3
15:34:16.368 Disk 0 MBR read successfully
15:34:16.378 Disk 0 MBR scan
15:34:16.378 Disk 0 Windows XP default MBR code
15:34:16.378 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 18002 MB offset 63
15:34:16.378 Disk 0 Partition - 00 0F Extended LBA 20151 MB offset 36869175
15:34:16.398 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20151 MB offset 36869238
15:34:16.408 Disk 0 scanning sectors +78140160
15:34:16.658 Disk 0 scanning C:\WINDOWS\system32\drivers
15:34:29.957 Service scanning
15:34:56.095 Modules scanning
15:35:56.051 Disk 0 trace - called modules:
15:35:56.071 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
15:35:56.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82715800]
15:35:56.422 3 CLASSPNP.SYS[f88e3fd7] -> nt!IofCallDriver -> \Device\00000083[0x82791030]
15:35:56.432 5 ACPI.sys[f883a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8278bd98]
15:35:56.442 Scan finished successfully
15:36:30.581 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\My Documents\MBR.dat"
15:36:30.581 The log file has been saved successfully to "C:\Documents and Settings\user\My Documents\aswMBR.txt"

marsky · « **Reply #18 on:** August 21, 2012, 12:24:20 PM »

One moment please.

marsky · « **Reply #19 on:** August 21, 2012, 12:28:26 PM »

One moment please

marsky · « **Reply #20 on:** August 21, 2012, 12:46:29 PM »

Ok. Thanks for next scan indeed.

Here is a RogueKiller scan log. Seems that malware which was detected and as could be deleted by MBAM are sitting in computer, I found via Windows File Search those bad files and their behavior was crazy: 2 000 same files and so far and far.

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date: 08/21/2012 21:32:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{141E45F2-3E8B-497A-935A-E046568BBFE7} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{D8E804D1-0979-425F-974D-5297D9FAE23F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{141E45F2-3E8B-497A-935A-E046568BBFE7} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D8E804D1-0979-425F-974D-5297D9FAE23F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[177] : NtQueryValueKey @ 0x8056A499 -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xF8974258)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS424040M9AT00 +++++
--- User ---
[MBR] a70762bce466f0e9ee06df85a9e42891
[BSP] 12e302e69f6a77aceb1e5beec2b04f4e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 18002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 36869175 | Size: 20151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

SuperDave · « **Reply #21 on:** August 21, 2012, 04:43:00 PM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

marsky · « **Reply #22 on:** August 22, 2012, 07:42:56 AM »

Please next one scan with TDSSKiller. I can't imagine some problem for several second considering with Combofix which haven't gone at all.

16:32:46.0170 2352 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
16:32:47.0692 2352 ============================================================
16:32:47.0692 2352 Current date / time: 2012/08/22 16:32:47.0692
16:32:47.0692 2352 SystemInfo:
16:32:47.0692 2352
16:32:47.0692 2352 OS Version: 5.1.2600 ServicePack: 3.0
16:32:47.0692 2352 Product type: Workstation
16:32:47.0692 2352 ComputerName: USER-458FAFC743
16:32:47.0692 2352 UserName: user
16:32:47.0692 2352 Windows directory: C:\WINDOWS
16:32:47.0692 2352 System windows directory: C:\WINDOWS
16:32:47.0692 2352 Processor architecture: Intel x86
16:32:47.0692 2352 Number of processors: 1
16:32:47.0692 2352 Page size: 0x1000
16:32:47.0692 2352 Boot type: Normal boot
16:32:47.0692 2352 ============================================================
16:32:50.0937 2352 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:32:50.0957 2352 ============================================================
16:32:50.0957 2352 \Device\Harddisk0\DR0:
16:32:50.0957 2352 MBR partitions:
16:32:50.0957 2352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23293F8
16:32:50.0977 2352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2329476, BlocksNum 0x275BE8A
16:32:50.0977 2352 ============================================================
16:32:51.0027 2352 C: <-> \Device\Harddisk0\DR0\Partition1
16:32:51.0097 2352 D: <-> \Device\Harddisk0\DR0\Partition2
16:32:51.0097 2352 ============================================================
16:32:51.0097 2352 Initialize success
16:32:51.0097 2352 ============================================================
16:33:34.0699 1060 ============================================================
16:33:34.0699 1060 Scan started
16:33:34.0699 1060 Mode: Manual;
16:33:34.0699 1060 ============================================================
16:33:36.0752 1060 ================ Scan system memory ========================
16:33:36.0752 1060 System memory - ok
16:33:36.0762 1060 ================ Scan services =============================
16:33:36.0913 1060 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:33:36.0913 1060 !SASCORE - ok
16:33:37.0083 1060 Abiosdsk - ok
16:33:37.0093 1060 abp480n5 - ok
16:33:37.0153 1060 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:33:37.0153 1060 ACPI - ok
16:33:37.0183 1060 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:33:37.0183 1060 ACPIEC - ok
16:33:37.0273 1060 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:33:37.0283 1060 AdobeFlashPlayerUpdateSvc - ok
16:33:37.0293 1060 adpu160m - ok
16:33:37.0353 1060 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:33:37.0353 1060 aec - ok
16:33:37.0413 1060 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:33:37.0413 1060 AFD - ok
16:33:37.0433 1060 Aha154x - ok
16:33:37.0443 1060 aic78u2 - ok
16:33:37.0453 1060 aic78xx - ok
16:33:37.0724 1060 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:33:37.0994 1060 ALCXWDM - ok
16:33:38.0034 1060 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:33:38.0124 1060 Alerter - ok
16:33:38.0164 1060 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:33:38.0174 1060 ALG - ok
16:33:38.0184 1060 AliIde - ok
16:33:38.0194 1060 amsint - ok
16:33:38.0255 1060 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:33:38.0335 1060 AppMgmt - ok
16:33:38.0365 1060 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:33:38.0385 1060 Arp1394 - ok
16:33:38.0405 1060 asc - ok
16:33:38.0415 1060 asc3350p - ok
16:33:38.0425 1060 asc3550 - ok
16:33:38.0535 1060 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:33:38.0635 1060 aspnet_state - ok
16:33:38.0675 1060 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:33:38.0675 1060 AsyncMac - ok
16:33:38.0725 1060 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:33:38.0725 1060 atapi - ok
16:33:38.0735 1060 Atdisk - ok
16:33:38.0775 1060 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:33:38.0795 1060 Atmarpc - ok
16:33:38.0845 1060 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:33:38.0845 1060 AudioSrv - ok
16:33:38.0916 1060 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:33:38.0936 1060 audstub - ok
16:33:39.0326 1060 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
16:33:39.0586 1060 AVGIDSAgent - ok
16:33:39.0657 1060 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
16:33:39.0677 1060 AVGIDSDriver - ok
16:33:39.0697 1060 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
16:33:39.0697 1060 AVGIDSFilter - ok
16:33:39.0717 1060 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:33:39.0717 1060 AVGIDSHX - ok
16:33:39.0767 1060 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
16:33:39.0767 1060 AVGIDSShim - ok
16:33:39.0837 1060 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:33:39.0867 1060 Avgldx86 - ok
16:33:39.0907 1060 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:33:39.0907 1060 Avgmfx86 - ok
16:33:39.0937 1060 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:33:39.0937 1060 Avgrkx86 - ok
16:33:39.0997 1060 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:33:40.0027 1060 Avgtdix - ok
16:33:40.0067 1060 [ 493F32BA712319CA1B720E6A17EC38D7 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
16:33:40.0097 1060 avgtp - ok
16:33:40.0147 1060 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:33:40.0147 1060 avgwd - ok
16:33:40.0207 1060 [ BF9C01A3040D75BFB95BEFFA216173DF ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:33:40.0207 1060 b57w2k - ok
16:33:40.0277 1060 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:33:40.0308 1060 Beep - ok
16:33:40.0358 1060 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:33:40.0408 1060 BITS - ok
16:33:40.0478 1060 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:33:40.0478 1060 Browser - ok
16:33:40.0658 1060 catchme - ok
16:33:40.0688 1060 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:33:40.0718 1060 cbidf2k - ok
16:33:40.0738 1060 cd20xrnt - ok
16:33:40.0768 1060 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:33:40.0798 1060 Cdaudio - ok
16:33:40.0848 1060 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:33:40.0858 1060 Cdfs - ok
16:33:40.0928 1060 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:33:40.0958 1060 Cdrom - ok
16:33:41.0009 1060 [ 61305C679E5766A03A09C0E966939206 ] CFRMD C:\WINDOWS\system32\DRIVERS\CFRMD.sys
16:33:41.0009 1060 CFRMD - ok
16:33:41.0019 1060 Changer - ok
16:33:41.0069 1060 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:33:41.0139 1060 CiSvc - ok
16:33:41.0199 1060 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:33:41.0249 1060 ClipSrv - ok
16:33:41.0329 1060 [ BEDDE57D8AF6509AF32E74A87583E89C ] CLPSLauncher C:\Program Files\Common Files\Comodo\launcher_service.exe
16:33:41.0329 1060 CLPSLauncher - ok
16:33:41.0379 1060 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:33:41.0449 1060 clr_optimization_v2.0.50727_32 - ok
16:33:41.0539 1060 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:33:41.0539 1060 clr_optimization_v4.0.30319_32 - ok
16:33:41.0579 1060 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:33:41.0599 1060 CmBatt - ok
16:33:41.0619 1060 CmdIde - ok
16:33:41.0649 1060 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:33:41.0649 1060 Compbatt - ok
16:33:41.0659 1060 COMSysApp - ok
16:33:41.0679 1060 Cpqarray - ok
16:33:41.0740 1060 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:33:41.0740 1060 CryptSvc - ok
16:33:41.0760 1060 dac2w2k - ok
16:33:41.0770 1060 dac960nt - ok
16:33:41.0840 1060 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:33:41.0850 1060 DcomLaunch - ok
16:33:41.0920 1060 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:33:41.0920 1060 Dhcp - ok
16:33:41.0980 1060 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:33:41.0980 1060 Disk - ok
16:33:41.0990 1060 dmadmin - ok
16:33:42.0060 1060 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:33:42.0190 1060 dmboot - ok
16:33:42.0350 1060 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:33:42.0471 1060 dmio - ok
16:33:42.0521 1060 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:33:42.0551 1060 dmload - ok
16:33:42.0601 1060 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:33:42.0621 1060 dmserver - ok
16:33:42.0661 1060 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:33:42.0661 1060 DMusic - ok
16:33:42.0711 1060 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:33:42.0721 1060 Dnscache - ok
16:33:42.0781 1060 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:33:42.0821 1060 Dot3svc - ok
16:33:42.0831 1060 dpti2o - ok
16:33:42.0901 1060 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:33:42.0911 1060 drmkaud - ok
16:33:42.0951 1060 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:33:43.0021 1060 EapHost - ok
16:33:43.0061 1060 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:33:43.0061 1060 ERSvc - ok
16:33:43.0112 1060 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:33:43.0122 1060 Eventlog - ok
16:33:43.0192 1060 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:33:43.0192 1060 EventSystem - ok
16:33:43.0242 1060 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:33:43.0272 1060 Fastfat - ok
16:33:43.0332 1060 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:33:43.0362 1060 FastUserSwitchingCompatibility - ok
16:33:43.0402 1060 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:33:43.0442 1060 Fdc - ok
16:33:43.0472 1060 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:33:43.0482 1060 Fips - ok
16:33:43.0502 1060 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:33:43.0532 1060 Flpydisk - ok
16:33:43.0582 1060 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:33:43.0582 1060 FltMgr - ok
16:33:43.0672 1060 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:33:43.0672 1060 FontCache3.0.0.0 - ok
16:33:43.0712 1060 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:33:43.0722 1060 Fs_Rec - ok
16:33:43.0752 1060 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:33:43.0752 1060 Ftdisk - ok
16:33:43.0813 1060 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:33:43.0853 1060 Gpc - ok
16:33:43.0953 1060 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:33:43.0953 1060 helpsvc - ok
16:33:43.0963 1060 HidServ - ok
16:33:44.0013 1060 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:33:44.0073 1060 hkmsvc - ok
16:33:44.0083 1060 hpn - ok
16:33:44.0143 1060 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
16:33:44.0143 1060 HSFHWICH - ok
16:33:44.0233 1060 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
16:33:44.0263 1060 HSF_DPV - ok
16:33:44.0313 1060 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:33:44.0323 1060 HTTP - ok
16:33:44.0373 1060 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:33:44.0393 1060 HTTPFilter - ok
16:33:44.0403 1060 i2omgmt - ok
16:33:44.0413 1060 i2omp - ok
16:33:44.0474 1060 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:33:44.0494 1060 i8042prt - ok
16:33:44.0604 1060 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:33:44.0634 1060 ialm - ok
16:33:44.0744 1060 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:33:44.0784 1060 idsvc - ok
16:33:44.0834 1060 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:33:44.0914 1060 Imapi - ok
16:33:44.0944 1060 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:33:44.0954 1060 ImapiService - ok
16:33:44.0964 1060 ini910u - ok
16:33:45.0024 1060 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:33:45.0034 1060 IntelIde - ok
16:33:45.0084 1060 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:33:45.0084 1060 intelppm - ok
16:33:45.0114 1060 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:33:45.0165 1060 Ip6Fw - ok
16:33:45.0215 1060 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:33:45.0215 1060 IpFilterDriver - ok
16:33:45.0255 1060 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:33:45.0295 1060 IpInIp - ok
16:33:45.0335 1060 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:33:45.0345 1060 IpNat - ok
16:33:45.0405 1060 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:33:45.0405 1060 IPSec - ok
16:33:45.0465 1060 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
16:33:45.0475 1060 irda - ok
16:33:45.0565 1060 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:33:45.0625 1060 IRENUM - ok
16:33:45.0675 1060 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
16:33:45.0675 1060 Irmon - ok
16:33:45.0695 1060 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:33:45.0705 1060 isapnp - ok
16:33:45.0795 1060 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:33:45.0805 1060 JavaQuickStarterService - ok
16:33:45.0855 1060 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:33:45.0886 1060 Kbdclass - ok
16:33:45.0936 1060 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:33:45.0946 1060 kmixer - ok
16:33:45.0986 1060 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:33:45.0996 1060 KSecDD - ok
16:33:46.0046 1060 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:33:46.0046 1060 LanmanServer - ok
16:33:46.0106 1060 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:33:46.0106 1060 lanmanworkstation - ok
16:33:46.0116 1060 lbrtfdc - ok
16:33:46.0216 1060 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:33:46.0236 1060 LmHosts - ok
16:33:46.0286 1060 [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
16:33:46.0286 1060 massfilter - ok
16:33:46.0336 1060 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
16:33:46.0356 1060 MBAMSwissArmy - ok
16:33:46.0406 1060 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:33:46.0406 1060 mdmxsdk - ok
16:33:46.0446 1060 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:33:46.0466 1060 Messenger - ok
16:33:46.0506 1060 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:33:46.0516 1060 mnmdd - ok
16:33:46.0577 1060 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:33:46.0607 1060 mnmsrvc - ok
16:33:46.0657 1060 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:33:46.0657 1060 Modem - ok
16:33:46.0677 1060 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:33:46.0717 1060 Mouclass - ok
16:33:46.0757 1060 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:33:46.0777 1060 MountMgr - ok
16:33:46.0837 1060 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:33:46.0837 1060 MpFilter - ok
16:33:46.0857 1060 mraid35x - ok
16:33:46.0877 1060 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:33:46.0877 1060 MRxDAV - ok
16:33:46.0957 1060 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:33:46.0967 1060 MRxSmb - ok
16:33:47.0007 1060 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:33:47.0047 1060 MSDTC - ok
16:33:47.0117 1060 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:33:47.0117 1060 Msfs - ok
16:33:47.0127 1060 MSIServer - ok
16:33:47.0197 1060 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:33:47.0227 1060 MSKSSRV - ok
16:33:47.0318 1060 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:33:47.0318 1060 MsMpSvc - ok
16:33:47.0368 1060 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:33:47.0398 1060 MSPCLOCK - ok
16:33:47.0418 1060 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:33:47.0468 1060 MSPQM - ok
16:33:47.0518 1060 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:33:47.0518 1060 mssmbios - ok
16:33:47.0578 1060 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:33:47.0578 1060 Mup - ok
16:33:47.0638 1060 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:33:47.0688 1060 napagent - ok
16:33:47.0748 1060 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:33:47.0758 1060 NDIS - ok
16:33:47.0798 1060 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:33:47.0798 1060 NdisTapi - ok
16:33:47.0818 1060 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:33:47.0818 1060 Ndisuio - ok
16:33:47.0828 1060 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:33:47.0878 1060 NdisWan - ok
16:33:47.0959 1060 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:33:47.0969 1060 NDProxy - ok
16:33:47.0999 1060 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:33:48.0009 1060 NetBIOS - ok
16:33:48.0029 1060 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:33:48.0079 1060 NetBT - ok
16:33:48.0119 1060 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:33:48.0119 1060 NetDDE - ok
16:33:48.0139 1060 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:33:48.0139 1060 NetDDEdsdm - ok
16:33:48.0239 1060 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:33:48.0239 1060 Netlogon - ok
16:33:48.0299 1060 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:33:48.0309 1060 Netman - ok
16:33:48.0359 1060 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:33:48.0379 1060 NetTcpPortSharing - ok
16:33:48.0409 1060 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:33:48.0419 1060 NIC1394 - ok
16:33:48.0459 1060 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:33:48.0469 1060 Nla - ok
16:33:48.0499 1060 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:33:48.0509 1060 Npfs - ok
16:33:48.0529 1060 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
16:33:48.0549 1060 NSCIRDA - ok
16:33:48.0609 1060 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:33:48.0660 1060 Ntfs - ok
16:33:48.0690 1060 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:33:48.0690 1060 NtLmSsp - ok
16:33:48.0760 1060 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:33:48.0770 1060 NtmsSvc - ok
16:33:48.0820 1060 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:33:48.0840 1060 Null - ok
16:33:48.0880 1060 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:33:48.0980 1060 NwlnkFlt - ok
16:33:49.0020 1060 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:33:49.0020 1060 NwlnkFwd - ok
16:33:49.0050 1060 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:33:49.0050 1060 ohci1394 - ok
16:33:49.0110 1060 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:33:49.0120 1060 Parport - ok
16:33:49.0130 1060 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:33:49.0130 1060 PartMgr - ok
16:33:49.0150 1060 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:33:49.0220 1060 ParVdm - ok
16:33:49.0260 1060 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:33:49.0260 1060 PCI - ok
16:33:49.0270 1060 PCIDump - ok
16:33:49.0290 1060 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:33:49.0290 1060 PCIIde - ok
16:33:49.0300 1060 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:33:49.0310 1060 Pcmcia - ok
16:33:49.0320 1060 PDCOMP - ok
16:33:49.0341 1060 PDFRAME - ok
16:33:49.0351 1060 PDRELI - ok
16:33:49.0361 1060 PDRFRAME - ok
16:33:49.0381 1060 perc2 - ok
16:33:49.0391 1060 perc2hib - ok
16:33:49.0491 1060 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\Brombic\pev.3XE
16:33:49.0501 1060 PEVSystemStart - ok
16:33:49.0531 1060 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:33:49.0531 1060 PlugPlay - ok
16:33:49.0541 1060 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:33:49.0551 1060 PolicyAgent - ok
16:33:49.0591 1060 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:33:49.0621 1060 PptpMiniport - ok
16:33:49.0631 1060 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:33:49.0641 1060 ProtectedStorage - ok
16:33:49.0671 1060 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:33:49.0711 1060 PSched - ok
16:33:49.0771 1060 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:33:49.0801 1060 Ptilink - ok
16:33:49.0811 1060 ql1080 - ok
16:33:49.0831 1060 Ql10wnt - ok
16:33:49.0841 1060 ql12160 - ok
16:33:49.0851 1060 ql1240 - ok
16:33:49.0871 1060 ql1280 - ok
16:33:49.0911 1060 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:33:49.0911 1060 RasAcd - ok
16:33:49.0961 1060 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:33:49.0971 1060 RasAuto - ok
16:33:50.0011 1060 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:33:50.0031 1060 Rasirda - ok
16:33:50.0072 1060 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:33:50.0102 1060 Rasl2tp - ok
16:33:50.0152 1060 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:33:50.0162 1060 RasMan - ok
16:33:50.0232 1060 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:33:50.0282 1060 RasPppoe - ok
16:33:50.0342 1060 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:33:50.0362 1060 Raspti - ok
16:33:50.0412 1060 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:33:50.0422 1060 Rdbss - ok
16:33:50.0452 1060 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:33:50.0452 1060 RDPCDD - ok
16:33:50.0522 1060 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:33:50.0602 1060 rdpdr - ok
16:33:50.0652 1060 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:33:50.0652 1060 RDPWD - ok
16:33:50.0702 1060 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:33:50.0712 1060 RDSessMgr - ok
16:33:50.0753 1060 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:33:50.0773 1060 redbook - ok
16:33:50.0813 1060 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:33:50.0863 1060 RemoteAccess - ok
16:33:50.0923 1060 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:33:50.0963 1060 RemoteRegistry - ok
16:33:51.0013 1060 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:33:51.0033 1060 RpcLocator - ok
16:33:51.0083 1060 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:33:51.0093 1060 RpcSs - ok
16:33:51.0153 1060 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:33:51.0163 1060 RSVP - ok
16:33:51.0193 1060 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:33:51.0193 1060 SamSs - ok
16:33:51.0303 1060 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:33:52.0125 1060 SASDIFSV - ok
16:33:52.0165 1060 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:33:52.0805 1060 SASKUTIL - ok
16:33:52.0846 1060 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:33:52.0886 1060 SCardSvr - ok
16:33:52.0966 1060 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:33:52.0976 1060 Schedule - ok
16:33:53.0016 1060 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:33:53.0056 1060 Secdrv - ok
16:33:53.0096 1060 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:33:53.0096 1060 seclogon - ok
16:33:53.0126 1060 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:33:53.0126 1060 SENS - ok
16:33:53.0156 1060 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:33:53.0196 1060 serenum - ok
16:33:53.0236 1060 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:33:53.0236 1060 Serial - ok
16:33:53.0326 1060 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:33:53.0356 1060 Sfloppy - ok
16:33:53.0406 1060 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:33:53.0416 1060 SharedAccess - ok
16:33:53.0446 1060 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:33:53.0446 1060 ShellHWDetection - ok
16:33:53.0466 1060 Simbad - ok
16:33:53.0486 1060 Sparrow - ok
16:33:53.0547 1060 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:33:53.0547 1060 splitter - ok
16:33:53.0587 1060 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:33:53.0597 1060 Spooler - ok
16:33:53.0647 1060 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:33:53.0647 1060 sr - ok
16:33:53.0697 1060 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:33:53.0707 1060 srservice - ok
16:33:53.0757 1060 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:33:53.0767 1060 Srv - ok
16:33:53.0827 1060 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:33:53.0827 1060 SSDPSRV - ok
16:33:53.0897 1060 [ 5813D453EF8CE49D607C255CF128ACEB ] STAC97 C:\WINDOWS\system32\drivers\stac97.sys
16:33:53.0897 1060 STAC97 - ok
16:33:53.0977 1060 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:33:53.0987 1060 stisvc - ok
16:33:54.0047 1060 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:33:54.0067 1060 swenum - ok
16:33:54.0097 1060 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:33:54.0097 1060 swmidi - ok
16:33:54.0107 1060 SwPrv - ok
16:33:54.0127 1060 symc810 - ok
16:33:54.0137 1060 symc8xx - ok
16:33:54.0147 1060 sym_hi - ok
16:33:54.0167 1060 sym_u3 - ok
16:33:54.0218 1060 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:33:54.0218 1060 sysaudio - ok
16:33:54.0308 1060 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:33:54.0348 1060 SysmonLog - ok
16:33:54.0388 1060 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:33:54.0398 1060 TapiSrv - ok
16:33:54.0468 1060 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:33:54.0478 1060 Tcpip - ok
16:33:54.0528 1060 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:33:54.0568 1060 TDPIPE - ok
16:33:54.0598 1060 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:33:54.0598 1060 TDTCP - ok
16:33:54.0628 1060 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:33:54.0648 1060 TermDD - ok
16:33:54.0708 1060 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:33:54.0718 1060 TermService - ok
16:33:54.0738 1060 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:33:54.0738 1060 Themes - ok
16:33:54.0798 1060 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:33:54.0818 1060 TlntSvr - ok
16:33:54.0838 1060 TosIde - ok
16:33:54.0888 1060 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:33:54.0898 1060 TrkWks - ok
16:33:55.0009 1060 [ AAF458CC200326BEF602B5339400BF86 ] tvnserver C:\Program Files\Common Files\Comodo\tvnserver.exe
16:33:55.0039 1060 tvnserver - ok
16:33:55.0079 1060 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:33:55.0099 1060 Udfs - ok
16:33:55.0109 1060 ultra - ok
16:33:55.0169 1060 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:33:55.0179 1060 Update - ok
16:33:55.0329 1060 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:33:55.0349 1060 upnphost - ok
16:33:55.0379 1060 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:33:55.0399 1060 UPS - ok
16:33:55.0429 1060 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:33:55.0449 1060 usbccgp - ok
16:33:55.0499 1060 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:33:55.0559 1060 usbehci - ok
16:33:55.0600 1060 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:33:55.0630 1060 usbhub - ok
16:33:55.0670 1060 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:33:55.0670 1060 usbstor - ok
16:33:55.0690 1060 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:33:55.0730 1060 usbuhci - ok
16:33:55.0770 1060 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
16:33:55.0770 1060 usb_rndisx - ok
16:33:55.0830 1060 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:33:55.0830 1060 VgaSave - ok
16:33:55.0840 1060 ViaIde - ok
16:33:55.0870 1060 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:33:55.0870 1060 VolSnap - ok
16:33:55.0920 1060 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:33:55.0960 1060 VSS - ok
16:33:56.0070 1060 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
16:33:56.0100 1060 vToolbarUpdater12.2.0 - ok
16:33:56.0421 1060 [ F0608F3B5B6D16F4870E867F9D069B6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
16:33:56.0571 1060 w29n51 - ok
16:33:56.0631 1060 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:33:56.0641 1060 W32Time - ok
16:33:56.0671 1060 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:33:56.0691 1060 Wanarp - ok
16:33:56.0701 1060 WDICA - ok
16:33:56.0741 1060 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:33:56.0751 1060 wdmaud - ok
16:33:56.0801 1060 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:33:56.0811 1060 WebClient - ok
16:33:56.0881 1060 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:33:56.0901 1060 winachsf - ok
16:33:57.0012 1060 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:33:57.0022 1060 winmgmt - ok
16:33:57.0052 1060 wltrysvc - ok
16:33:57.0102 1060 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:33:57.0102 1060 WmdmPmSN - ok
16:33:57.0172 1060 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:33:57.0182 1060 Wmi - ok
16:33:57.0252 1060 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:33:57.0342 1060 WmiApSrv - ok
16:33:57.0642 1060 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:33:57.0672 1060 WMPNetworkSvc - ok
16:33:57.0773 1060 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:33:57.0803 1060 WPFFontCache_v0400 - ok
16:33:57.0863 1060 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:33:57.0923 1060 WS2IFSL - ok
16:33:57.0973 1060 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:33:57.0973 1060 wscsvc - ok
16:33:58.0023 1060 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:33:58.0023 1060 wuauserv - ok
16:33:58.0073 1060 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:33:58.0073 1060 WudfPf - ok
16:33:58.0103 1060 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:33:58.0103 1060 WudfRd - ok
16:33:58.0133 1060 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:33:58.0143 1060 WudfSvc - ok
16:33:58.0273 1060 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:33:58.0414 1060 WZCSVC - ok
16:33:58.0464 1060 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:33:58.0464 1060 xmlprov - ok
16:33:58.0504 1060 [ F319AB77CB703DDDE78E53C45D9E0C72 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
16:33:58.0514 1060 ZTEusbmdm6k - ok
16:33:58.0574 1060 [ F319AB77CB703DDDE78E53C45D9E0C72 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
16:33:58.0574 1060 ZTEusbnmea - ok
16:33:58.0594 1060 [ F319AB77CB703DDDE78E53C45D9E0C72 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
16:33:58.0594 1060 ZTEusbser6k - ok
16:33:58.0624 1060 ================ Scan global ===============================
16:33:58.0674 1060 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:33:58.0724 1060 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:33:58.0754 1060 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:33:58.0774 1060 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:33:58.0774 1060 [Global] - ok
16:33:58.0784 1060 ================ Scan MBR ==================================
16:33:58.0814 1060 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:33:59.0024 1060 \Device\Harddisk0\DR0 - ok
16:33:59.0034 1060 ================ Scan VBR ==================================
16:33:59.0034 1060 [ B0A277C21AF35A1054C5E6B4D56FA92F ] \Device\Harddisk0\DR0\Partition1
16:33:59.0044 1060 \Device\Harddisk0\DR0\Partition1 - ok
16:33:59.0064 1060 [ 13DC5E28E76E04050F7165E082BCB4FF ] \Device\Harddisk0\DR0\Partition2
16:33:59.0075 1060 \Device\Harddisk0\DR0\Partition2 - ok
16:33:59.0075 1060 ============================================================
16:33:59.0075 1060 Scan finished
16:33:59.0075 1060 ============================================================
16:33:59.0095 3300 Detected object count: 0
16:33:59.0095 3300 Actual detected object count: 0

SuperDave · « **Reply #23 on:** August 22, 2012, 01:23:00 PM »

Quote

Seems that malware which was detected and as could be deleted by MBAM are sitting in computer, I found via Windows File Search those bad files and their behavior was crazy: 2 000 same files and so far and far.

They must be in quarantine. You can open MBAM and manage the quarantine folders.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

marsky · « **Reply #24 on:** August 23, 2012, 03:41:55 PM »

ESETOnline Scanner is ready and at once as I can see those threats have the same sort of origins ( not only ) considering with MBAM log but they has a differences. What a type of the clatters are creating in computer HDD? What can you apply to clean all threats simultaneously and safely from machine?

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=562a31639aa9934492c18507235ce0bc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-23 09:12:26
# local_time=2012-08-24 12:12:26 (+0200, FLE Daylight Time)
# country="Latvia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 975617 975617 0 0
# compatibility_mode=1024 16777175 100 0 704171 704171 0 0
# compatibility_mode=5891 16776869 42 92 10585 13490825 0 0
# compatibility_mode=8192 67108863 100 0 10638 10638 0 0
# scanned=31821
# found=6
# cleaned=0
# scan_time=3668
C:\Documents and Settings\user\Application Data\AVG\Rescue\PC Tuneup 2011\120702190836444.rsc   a variant of Win32/SpeedingUpMyPC application (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\user\My Documents\Downloads\Prometheus_2012_CAM_RIP_XVID_AT_rar_downloader_2762b.exe   probably a variant of Win32/ExpressFiles application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\ExpressFiles\ExpressFiles.exe   a variant of Win32/ExpressFiles.A application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\ExpressFiles\uninstall.exe   probably a variant of Win32/ExpressFiles application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\Uninstall Information\ib_uninst_0\uninstall.exe   Win32/InstallBrain application (unable to clean)   00000000000000000000000000000000   I
C:\Program Files\Uninstall Information\ib_uninst_479\uninstall.exe   Win32/InstallBrain application (unable to clean)   00000000000000000000000000000000   I

SuperDave · « **Reply #25 on:** August 23, 2012, 04:35:05 PM »

Quote

What can you apply to clean all threats simultaneously and safely from machine?

Each of these tools target different types of malware. That's why we run more than one. Exactly the same reason why it's wise to have a good, up-to-date AV, a program to protect against other types of malware and a third-party firewall.
Please try to uninstall C:\Program Files\ExpressFiles and C:\Program Files\Uninstall Information and run ESET again.

marsky · « **Reply #26 on:** August 24, 2012, 09:46:41 AM »

Freely to delete ExpressFiles not succeeded because of such Error deleting file or folder: Cannot delete FEUpdater: Access is denied. Make sure disk is not full or wright protected and that the file is not currently in use. Hence Uninstall Information I even hadn't been trying to touch sake for both. What will here be true things run to avoid ban?

SuperDave · « **Reply #27 on:** August 24, 2012, 04:45:40 PM »

Did you try going to Control Panel, Add/Remove and uninstall them from there?

marsky · « **Reply #28 on:** August 27, 2012, 03:05:38 PM »

Yes, through Control Panel deleted programs and folders from c:/ which you pointed plus TorrentSearch where was filedownload.exe, etc. Executed repeated ESET scan looks in optimistic way. What do you think need to do else to restore disc space? Secondly please advise me way how I need to uninstall Windows Recovery Console from computer correctly?

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=562a31639aa9934492c18507235ce0bc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-27 08:48:43
# local_time=2012-08-27 11:48:43 (+0200, FLE Daylight Time)
# country="Latvia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1321220 1321220 0 0
# compatibility_mode=1024 16777175 100 0 1049774 1049774 0 0
# compatibility_mode=8192 67108863 100 0 3803 3803 0 0
# scanned=29758
# found=0
# cleaned=0
# scan_time=2243

SuperDave · « **Reply #29 on:** August 27, 2012, 04:33:35 PM »

Quote

What do you think need to do else to restore disc space? Secondly please advise me way how I need to uninstall Windows Recovery Console from computer correctly?

It appears that your computer is clear of infections. How much free space do you have on your HDD? Click "My Computer, right-click the C drive and give me the information from there.

Please go to this site to learn how to remove the Recovery Console.

marsky · « **Reply #30 on:** August 28, 2012, 03:44:00 PM »

Oho. Now I got a row of problems with system which completely unclear.
Firstly as I got your last so positive answer about absent infections I tried to uninstall all scanners which were downloaded earlier and did it one by one. Latest program was TDSSkiller with which I did scan with full enabled options and its found two threats else which were deleted by me and TDSSkiller too. So after reboot computer show Found new hardware wizard! Devise Manager showing yellow question sign as Unknown devise! Through internet finding is unsuccessful. How can I restore or replace lost devise?
Secondly Windows Recovery Console is a strong nut because of 'cmdcons' not being deleted showing massage 'Access is denied. If file in use. Disk full. etc' What is right way to act in this obstacles?
Thirdly computer used space: 9.50, free space: 8.07, capacity: 17.05 of C:/. May I delete previous Windows updates like Frameworks 2, 3.5? It seems me that huge space of disk could to occupy update between all slightly downloaded

SuperDave · « **Reply #31 on:** August 28, 2012, 04:58:38 PM »

Quote

So after reboot computer show Found new hardware wizard! Devise Manager showing yellow question sign as Unknown devise! Through internet finding is unsuccessful. How can I restore or replace lost devise?

Please check your Device Manager to see if there are any yellow warning icons. Right-click My Computer, Hardware and click Device Manager. Do you see any yellow warnings?

Quote

Thirdly computer used space: 9.50, free space: 8.07, capacity: 17.05 of C:/

This doesn't add up. You said in your first post that your HDD was 40Gb. What Windows are your running; XP, Vista or Windows 7?

marsky · « **Reply #32 on:** August 29, 2012, 10:09:54 AM »

yes I'm seeing yellow question in Device Manager ( Unknown device ). If you don't wanna to see what I am writing you exactly data of my C:/ drive ( as D:/ drive is full ) where space is risen, how must I read your recommendations?

marsky · « **Reply #33 on:** August 29, 2012, 11:51:20 AM »

Quote from: marsky on August 29, 2012, 10:09:54 AM

yes I'm seeing yellow question in Device Manager ( Unknown device ). If you don't wanna to see what I am writing you exactly data of my C:/ drive ( as D:/ drive is full ) where space is risen, how must I read your recommendations? I have XP.

SuperDave · « **Reply #34 on:** August 29, 2012, 01:38:23 PM »

I need you to post some screenshots of your computer. First, the harddrive. Click "My Computer, right-click the C drive and take a screen shot of that screen. The instructions are below on how to do this. Next, the Device Manager. Right-click My Computer, Hardware and click Device Manager.

How to post screenshots or images

marsky · « **Reply #35 on:** August 30, 2012, 03:04:31 PM »

Screenshot of disc http://imageshack.us/photo/my-images/59/discad.jpg When I did System Restore of Windows yellow question disappeared from Device Manager. Accordingly screenshot of my computer Device Manager haven't sense but I did screenshot of website where reflected exact location of yellow question in Device Manager http://imageshack.us/photo/my-images/16/devicemanagert.jpg Please you after as infections mostly deleted from machine observe risen disc space and disbalanced Windows essentially. ( many programs which were deleted now are giving errors because of System Restore. Let me say I think RogueKiller work completely unsatisfied because of it completely upset Start and Menu settings ) How possibly to tune up this problems?

SuperDave · « **Reply #36 on:** August 30, 2012, 06:27:28 PM »

You can go to the same place where you found the information about the free space and click on Disk Cleanup. This will free up more space.

Quote

Please you after as infections mostly deleted from machine observe risen disc space and disbalanced Windows essentially. ( many programs which were deleted now are giving errors because of System Restore. Let me say I think RogueKiller work completely unsatisfied because of it completely upset Start and Menu settings ) How possibly to tune up this problems?

I don't understand what you're try to tell me but I'm sure that your computer is clean.

marsky · « **Reply #37 on:** August 31, 2012, 01:49:29 PM »

Ok bad files we moreless deleted. But most need to know me what does occupy space of disk? How possibly to reduce those unknown download expansions?

SuperDave · « **Reply #38 on:** August 31, 2012, 07:17:12 PM »

Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.

marsky · « **Reply #39 on:** September 01, 2012, 03:56:03 AM »

If you know Combofix upset system folders and I need to uninstall Windows Recovery Console. The way you refered earlier does not work properly ( I had came in system as Administrator in Safe Mode and had been deleting file cmdcons without result getting ban - Access is Denied, now I am being shocked the file cmdcons changed name on Config.Msi and is empty). Please comment it somewhat?

µTorrent
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3.4
Auslogics Registry Cleaner
Auslogics Registry Defrag
AVG 2012
AVG 2012
AVG 2012
CCleaner
C-Major Audio
Compatibility Pack for the 2007 Office system
Conexant D480 MDC V.92 Modem
Dell Wireless WLAN Card
ESET Online Scanner v3
Google Earth Plug-in
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Intel(R) Extreme Graphics 2 Driver
Java(TM) 7 Update 5
JavaFX 2.1.1
K-Lite Codec Pack 2.48 Full
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Security Client
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobile Office
Opera 11.62
PartyPoker
Plus500
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB941569)
SUPERAntiSpyware
System Checkup 3.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 2.0.3
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR archiver
XML Paper Specification Shared Components Language Pack 1.0
YTD Video Downloader 3.9

SuperDave · « **Reply #40 on:** September 01, 2012, 04:47:19 PM »

You can uninstall these to give you more space on your HDD.

µTorrent
Auslogics Registry Cleaner
Auslogics Registry Defrag
ESET Online Scanner v3
HijackThis 2.0.2

marsky · « **Reply #41 on:** September 05, 2012, 12:18:47 PM »

OK. Thank you for time. Your last tip have a middle level of urgency. Can you sake for successful cooperation leave some tip whether have had an option correctly to reduce Windows Updates?
Thank you one more.

SuperDave · « **Reply #42 on:** September 05, 2012, 05:22:05 PM »

Quote

Can you sake for successful cooperation leave some tip whether have had an option correctly to reduce Windows Updates?

I'm sorry but I don't understand what you want to do.

marsky · « **Reply #43 on:** September 06, 2012, 02:53:39 PM »

Computer Hope Forum

News:

Author Topic: Disc space stolen by ... (Read 30983 times)

marsky

Allan

marsky

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

marsky

marsky

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky

SuperDave

marsky