Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!  (Read 30232 times)

0 Members and 1 Guest are viewing this topic.

Mr.Hopeless

    Topic Starter


    Rookie

    While I was on a business trip, somebody got my computer infected it seems. I first knew something was wrong when the the sound kept going out and I had to reset the sound settings to get the sound back on on. Since, other things were happening, including a pop-up, messages about wanting to make IE my default browser, etc. My computer has AVG Anti-Virus (Free Version 8, I'll be upgrading ASAP), and on three separate scans it found infections, including Trojan house Clicker.AJUP, Tracking cooking.Trafficmp, Tracking cooking.Overture, Virus FakeAlert, and the latest on separate scans Trojan horse Downloader.Tiny.BB.

    Whatever is going on, iexplore.exe keeps opening up, even after I End Process from the Windows Task Manager. It's rather disturbing. (Firefox is my default browser.)

    And one more thing I've found. hxxp://www.yadaying.com/index.php?aff_id=979 (on Windows Internet Explorer) is running in the background, and I don't know how to stop it from running.

    It seems there must be something lodged in the computer that's bringing about these infections, but I don't know where to start looking for it. At this point, I'm a bit afraid to turn that computer on (I'm using a different laptop). If anyone can get me started on this, I'd really appreciate it.

    For the record, that computer is running Windows XP.
    « Last Edit: July 07, 2010, 02:00:04 AM by DragonMaster Jay »

    Dr Jay

    • Malware Removal Specialist


    • Specialist
    • Moderator emeritus
    • Thanked: 119
    • Experience: Guru
    • OS: Windows 10
    Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
    « Reply #1 on: July 07, 2010, 02:00:32 AM »
    Hello, and welcome to Computer Hope.

    Please note the following information about the malware forum:
    • Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
    • Please do not attach logs or post them in Quote/Code boxes unless requested.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please download Malwarebytes Anti-Malware from Malwarebytes.org.
    Alternate link: BleepingComputer.com.
    (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

    Double Click mbam-setup.exe to install the application.

    (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
    ~Dr Jay

    Mr.Hopeless

      Topic Starter


      Rookie

      Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
      « Reply #2 on: July 07, 2010, 07:01:28 PM »
      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Database version: 4052

      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      7/7/2010 8:56:08 PM
      mbam-log-2010-07-07 (20-56-08).txt

      Scan type: Quick scan
      Objects scanned: 144970
      Time elapsed: 16 minute(s), 8 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)

      Dr Jay

      • Malware Removal Specialist


      • Specialist
      • Moderator emeritus
      • Thanked: 119
      • Experience: Guru
      • OS: Windows 10
      Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
      « Reply #3 on: July 07, 2010, 07:27:43 PM »
      Please visit this webpage for a tutorial on downloading and running ComboFix:

      http://www.bleepingcomputer.com/combofix/how-to-use-combofix

      See the area: Using ComboFix, and when done, post the log back here.
      ~Dr Jay

      Mr.Hopeless

        Topic Starter


        Rookie

        Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
        « Reply #4 on: July 07, 2010, 09:08:04 PM »
        ComboFix 10-07-06.05 - Brett 07/07/2010  22:53:31.1.1 - x86 MINIMAL
        Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.794 [GMT -4:00]
        Running from: c:\documents and settings\Brett\My Documents\Temp\ComboFix.exe
        AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
        FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

        WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\documents and settings\Brett\g2mdlhlpx.exe
        c:\documents and settings\Deborah\Favorites\DBLY1.exe
        c:\documents and settings\Deborah\Favorites\Launcher.exe
        c:\documents and settings\Deborah\g2mdlhlpx.exe
        c:\windows\settings.reg
        c:\windows\system32\bszip.dll
        c:\windows\system32\Data

        .
        (((((((((((((((((((((((((   Files Created from 2010-06-08 to 2010-07-08  )))))))))))))))))))))))))))))))
        .

        2010-07-07 01:16 . 2010-07-07 01:16   495616   ----a-w-   c:\windows\system32\igfxcfg.exe
        2010-07-05 00:31 . 2010-07-05 00:31   --------   d-sh--w-   c:\documents and settings\Deborah\IECompatCache
        2010-07-04 18:25 . 2010-07-04 18:25   --------   d-----w-   C:\$AVG
        2010-07-04 18:21 . 2010-07-04 18:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
        2010-07-04 03:41 . 2010-07-04 03:41   552   ----a-w-   c:\windows\system32\d3d8caps.dat
        2010-07-04 03:13 . 2010-07-04 03:13   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
        2010-07-02 04:45 . 2010-07-02 04:45   --------   d-----w-   c:\program files\Trend Micro
        2010-07-01 17:20 . 2010-07-01 17:20   --------   d-sh--w-   c:\documents and settings\NetworkService\PrivacIE
        2010-07-01 17:20 . 2010-07-01 17:20   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
        2010-07-01 17:20 . 2010-07-01 17:20   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
        2010-07-01 17:19 . 2010-07-01 17:19   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
        2010-06-13 04:47 . 2010-06-13 04:47   --------   d-----w-   c:\documents and settings\Brett\Application Data\ZipGenius
        2010-06-13 04:46 . 2010-06-13 04:46   --------   d-----w-   c:\program files\ZipGenius 6
        2010-06-08 18:33 . 2010-05-06 10:41   743424   ------w-   c:\windows\system32\dllcache\iedvtool.dll

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2010-07-07 01:45 . 2009-02-16 01:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2010-07-04 18:25 . 2009-02-16 03:30   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
        2010-07-04 18:25 . 2009-02-16 03:30   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
        2010-07-04 18:25 . 2009-02-16 03:30   29584   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
        2010-07-04 18:25 . 2009-02-16 03:30   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
        2010-07-04 18:21 . 2009-02-16 03:30   --------   d-----w-   c:\program files\AVG
        2010-07-04 16:52 . 2009-02-16 03:45   --------   d-----w-   c:\program files\CCleaner
        2010-07-04 16:50 . 2008-09-11 12:18   --------   d-----w-   c:\documents and settings\Brett\Application Data\Amazon
        2010-07-04 16:50 . 2008-09-11 12:18   --------   d-----w-   c:\program files\Amazon
        2010-07-04 16:49 . 2005-04-20 21:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
        2010-07-02 04:45 . 2010-07-02 04:45   388096   ----a-r-   c:\documents and settings\Brett\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
        2010-06-08 00:30 . 2010-06-08 00:30   57344   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
        2010-06-08 00:30 . 2010-06-08 00:30   56997   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
        2010-06-08 00:30 . 2010-06-08 00:30   56765   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
        2010-06-08 00:30 . 2010-06-08 00:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\DivX
        2010-06-08 00:30 . 2010-06-08 00:30   53600   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
        2010-06-08 00:30 . 2010-06-08 00:30   57715   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
        2010-06-08 00:29 . 2010-06-08 00:29   --------   d-----w-   c:\documents and settings\Brett\Application Data\DivX
        2010-06-08 00:29 . 2010-06-08 00:29   84062   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
        2010-06-08 00:29 . 2010-06-08 00:29   57054   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
        2010-06-08 00:29 . 2010-06-08 00:29   54166   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
        2010-06-08 00:29 . 2010-06-08 00:29   57532   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
        2010-06-08 00:29 . 2010-06-08 00:29   56458   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
        2010-06-08 00:29 . 2010-06-08 00:29   54174   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
        2010-06-08 00:29 . 2010-06-08 00:29   54153   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
        2010-06-08 00:29 . 2010-06-08 00:29   54128   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
        2010-06-08 00:29 . 2010-06-08 00:29   54644   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
        2010-06-08 00:29 . 2010-06-08 00:29   57409   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
        2010-04-27 18:40 . 2005-04-20 17:18   123888   ------w-   c:\windows\system32\pxcpyi64.exe
        2010-04-27 18:40 . 2005-04-20 17:18   126448   ------w-   c:\windows\system32\pxinsi64.exe
        2010-04-27 18:40 . 2004-08-02 07:03   45648   ------w-   c:\windows\system32\drivers\pxhelp20.sys
        2010-04-20 05:30 . 2004-08-10 17:50   285696   ----a-w-   c:\windows\system32\atmfd.dll
        2010-04-11 16:00 . 2010-04-11 16:00   3303568   ----a-w-   c:\documents and settings\All Users\Application Data\TaxCut\2009\Downloads\HRBlockNY.exe
        2010-04-11 15:39 . 2010-04-11 15:39   21195208   ----a-w-   c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US65016901xupd.exe
        .

        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Mozilla Quick Launch"="c:\program files\mozilla.org\Mozilla\Mozilla.exe" [2005-05-11 98192]
        "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
        "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-21 118784]
        "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 149280]
        "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
        "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
        "P17Helper"="P17.dll" [2004-06-10 60928]
        "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
        "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
        "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
        "SmcService"="c:\progra~1\COMPUT~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
        "EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
        "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
        "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
        "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
        "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
        "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-04 2065760]

        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
        2010-07-04 18:25   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
        @="Service"

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
        path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
        backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
        path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
        backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
        2007-01-01 21:22   3739648   ----a-w-   c:\program files\Google\Google Talk\googletalk.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
        2006-01-19 15:06   11776   ----a-w-   c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
        2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
        2005-12-08 23:54   155648   ----a-w-   c:\program files\QuickTime\qttask.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
        2004-01-07 06:01   110592   ----a-w-   c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
        "DisableMonitoring"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
        "DisableMonitoring"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "%windir%\\system32\\drivers\\svchost.exe"=
        "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
        "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
        "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "67:UDP"= 67:UDP:DHCP Discovery Service

        R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/15/2009 11:30 PM 216400]
        R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/15/2009 11:30 PM 243024]
        R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/4/2010 2:23 PM 308136]
        S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/21/2009 8:51 PM 133104]
        S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [11/20/2005 11:11 PM 17432]
        S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2/10/2006 5:27 PM 45840]
        .
        Contents of the 'Scheduled Tasks' folder

        2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
        - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 00:50]

        2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
        - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 00:50]

        2010-06-25 c:\windows\Tasks\Install.job
        - c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-06-24 18:18]
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = hxxp://www.yahoo.com/
        uInternet Connection Wizard,ShellNext = iexplore
        Trusted Zone: musicmatch.com\online
        FF - ProfilePath - c:\documents and settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\
        FF - prefs.js: browser.search.selectedEngine - Google
        FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
        FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
        FF - plugin: c:\documents and settings\Brett\Application Data\Move Networks\plugins\npqmp071505000010.dll
        FF - plugin: c:\documents and settings\Brett\Application Data\Move Networks\plugins\npqmp071701000002.dll
        FF - plugin: c:\documents and settings\Deborah\Application Data\Move Networks\plugins\npqmp071701000002.dll
        FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
        FF - plugin: c:\program files\Veetle\Player\npvlc.dll
        FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
        FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

        ---- FIREFOX POLICIES ----
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
        c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
        c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
        c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
        c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
        .
        - - - - ORPHANS REMOVED - - - -

        WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
        AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Brett\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2010-07-07 23:03
        Windows 5.1.2600 Service Pack 3 NTFS

        scanning hidden processes ... 

        scanning hidden autostart entries ...

        scanning hidden files ... 

        scan completed successfully
        hidden files: 0

        **************************************************************************

        [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
        "ImagePath"=""
        .
        --------------------- LOCKED REGISTRY KEYS ---------------------

        [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
        @Denied: (2) (LocalSystem)
        "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
           d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,1a,17,b4,52,54,7c,42,b2,a6,fd,\
        "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
           d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,1a,17,b4,52,54,7c,42,b2,a6,fd,\
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'explorer.exe'(3624)
        c:\windows\system32\WININET.dll
        c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
        c:\windows\system32\SSSensor.dll
        c:\windows\system32\ieframe.dll
        c:\windows\system32\webcheck.dll
        c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        c:\progra~1\SPYBOT~1\SDHelper.dll
        c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
        c:\windows\system32\PortableDeviceApi.dll
        .
        ------------------------ Other Running Processes ------------------------
        .
        c:\windows\system32\Ati2evxx.exe
        c:\program files\AVG\AVG9\avgchsvx.exe
        c:\program files\AVG\AVG9\avgrsx.exe
        c:\program files\Computer Defense\Sygate\SPF\smc.exe
        c:\program files\AVG\AVG9\avgcsrvx.exe
        c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
        c:\windows\system32\CTsvcCDA.EXE
        c:\program files\Java\jre6\bin\jqs.exe
        c:\program files\Dell Support Center\bin\sprtsvc.exe
        c:\windows\system32\MsPMSPSv.exe
        c:\program files\AVG\AVG9\avgnsx.exe
        c:\windows\system32\Rundll32.exe
        c:\program files\Internet Explorer\IEXPLORE.EXE
        c:\program files\Internet Explorer\IEXPLORE.EXE
        c:\program files\Mozilla Firefox\firefox.exe
        .
        **************************************************************************
        .
        Completion time: 2010-07-07  23:11:04 - machine was rebooted
        ComboFix-quarantined-files.txt  2010-07-08 03:11

        Pre-Run: 20,980,580,352 bytes free
        Post-Run: 20,480,839,680 bytes free

        - - End Of File - - 07495C7CAAE74387232C3FE48885798E

        Dr Jay

        • Malware Removal Specialist


        • Specialist
        • Moderator emeritus
        • Thanked: 119
        • Experience: Guru
        • OS: Windows 10
        Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
        « Reply #5 on: July 08, 2010, 12:51:48 PM »
        Please run a free online scan with the ESET Online Scanner
        • Tick the box next to YES, I accept the Terms of Use
        • Click Start
        • When asked, allow the ActiveX control to install
        • Click Start
        • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
        • Click Scan (This scan can take several hours, so please be patient)
        • Once the scan is completed, you may close the window
        • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
        • Copy and paste that log as a reply to this topic
        ~Dr Jay

        Mr.Hopeless

          Topic Starter


          Rookie

          Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
          « Reply #6 on: July 08, 2010, 12:44:40 PM »
          ESETSmartInstaller@High as downloader log:
          all ok
          esets_scanner_update returned -1 esets_gle=1
          # version=7
          # OnlineScannerApp.exe=1.0.0.1
          # OnlineScanner.ocx=1.0.0.6211
          # api_version=3.0.2
          # EOSSerial=109a82bd2f2d8043b7bac6a70eb93324
          # end=finished
          # remove_checked=true
          # archives_checked=true
          # unwanted_checked=true
          # unsafe_checked=false
          # antistealth_checked=true
          # utc_time=2010-07-08 11:03:48
          # local_time=2010-07-08 07:03:48 (-0500, Eastern Daylight Time)
          # country="United States"
          # lang=1033
          # osver=5.1.2600 NT Service Pack 3
          # compatibility_mode=512 16777215 100 0 0 0 0 0
          # compatibility_mode=1024 16777175 100 0 0 0 0 0
          # compatibility_mode=5892 16776574 100 100 110339766 138927839 0 0
          # compatibility_mode=8192 67108863 100 0 0 0 0 0
          # scanned=124280
          # found=1
          # cleaned=1
          # scan_time=13844
          C:\Documents and Settings\Deborah\Desktop\i386\GTDownDE_87.ocx   probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

          Dr Jay

          • Malware Removal Specialist


          • Specialist
          • Moderator emeritus
          • Thanked: 119
          • Experience: Guru
          • OS: Windows 10
          Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
          « Reply #7 on: July 08, 2010, 04:08:59 PM »
          Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
          • Select Start > All Programs > Accessories > System tools > System Restore.
          • On the dialogue box that appears select Create a Restore Point
          • Click NEXT
          • Enter a name e.g. Clean
          • Click CREATE
          You now have a clean restore point, to get rid of the bad ones:
          • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
          • In the Drop down box that appears select your main drive e.g. C
          • Click OK
          • The System will do some calculation and the display a dialogue box with TABS
          • Select the More Options Tab.
          • At the bottom will be a system restore box with a CLEANUP button click this
          • Accept the Warning and select OK again, the program will close and you are done
          To remove all of the tools we used and the files and folders they created, please do the following:
          Please download OTC.exe by OldTimer:
          • Save it to your Desktop.
          • Double click OTC.exe.
          • Click the CleanUp! button.
          • If you are prompted to Reboot during the cleanup, select Yes.
          • The tool will delete itself once it finishes.
          Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

          ==

          Please download TFC by OldTimer to your desktop
          • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
          • It will close all programs when run, so make sure you have saved all your work before you begin.
          • Click the Start
            button to begin the process. Depending on how often you clean temp
            files, execution time should be anywhere from a few seconds to a minute
            or two. Let it run uninterrupted to completion.
          • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
          ==

          Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
          • Save it to your Desktop.
          • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
          • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
          ~Dr Jay

          Mr.Hopeless

            Topic Starter


            Rookie

            Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
            « Reply #8 on: July 10, 2010, 08:40:28 PM »
            Results of screen317's Security Check version 0.99.4 
             Windows XP Service Pack 3 
             Internet Explorer 8 
            ``````````````````````````````
            Antivirus/Firewall Check:

             Windows Firewall Disabled! 
             AVG Free 9.0   
             ESET Online Scanner v3   
             Sygate Personal Firewall   
            ```````````````````````````````
            Anti-malware/Other Utilities Check:

             Out of date Spybot installed!
             Ad-Aware
             WinPatrol 2008 (Outdated! Latest version is WinPatrol 2009)[/b]
             Malwarebytes' Anti-Malware   
             CCleaner (remove only)   
             Lavasoft VX2 Cleaner   
             Java(TM) 6 Update 16 
             Java(TM) SE Runtime Environment 6 Update 1
             Java(TM) 6 Update 2 
             Java 2 Runtime Environment Standard Edition v1.3.1_17
             Java 2 Runtime Environment, SE v1.4.2_03
             Out of date Java installed!
             Adobe Flash Player 10.1.53.64 
            Adobe Reader 7.1.0
            Out of date Adobe Reader installed!
             Mozilla Firefox (3.6.6)
            ````````````````````````````````
            Process Check: 
            objlist.exe by Laurent

             Ad-Aware AAWService.exe is disabled!
             Ad-Aware AAWTray.exe is disabled!
             WinPatrol winpatrol.exe
             AVG avgwdsvc.exe
             AVG avgtray.exe
             AVG avgrsx.exe
             AVG avgnsx.exe
             AVG avgemc.exe
             BillP Studios WinPatrol winpatrol.exe 
            ````````````````````````````````
            DNS Vulnerability Check:

             GREAT! (Not vulnerable to DNS cache poisoning)

            ``````````End of Log````````````

            Dr Jay

            • Malware Removal Specialist


            • Specialist
            • Moderator emeritus
            • Thanked: 119
            • Experience: Guru
            • OS: Windows 10
            Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
            « Reply #9 on: July 10, 2010, 09:10:06 PM »
            Please download the newest version of Adobe Acrobat Reader from Adobe.com

            Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
            Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
            Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

            Once old versions are gone, please install the newest version.

            ==

            Please download the newest version of Java from Java.com.

            Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
            Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
            Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

            Once old versions are gone, please install the newest version.

            =======================================

            Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

            Software recommendations

            Firewall
            • Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
            • Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
            • PC Tools Firewall Plus: free and excellent firewall.
            AntiSpyware
            • SpywareBlaster
              SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
            • Spybot - Search & Destroy.
              Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
            NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

            Resident Protection help
            A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

            Securing your computer
            • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
            • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
            Please consider using an alternate browser
            Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

            If you are interested:
            See this page for more info about malware and prevention.
            ~Dr Jay

            Mr.Hopeless

              Topic Starter


              Rookie

              Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
              « Reply #10 on: July 11, 2010, 11:52:34 AM »
              Thanks for all of your help so far.

              I've updated Adobe Acrobat Reader and Java.

              Before I follow up with the Firewall and AntiSpyware software, two things:

              1.) I still have problems with my computer (as I'm typing this, there is an Internet Explorer pop-up window saying "Internet Explorer is not currently your default browser. Would you like to make it your default browser?" (I never opened IE, and I rarely ever use it.)  If I close IExplere.exe from the Task Manger, it just opens right back up again.  I get this pop-up window when I first turn on the modem after starting up the computer.  I also get warnings from WinPatrol that says:

              Scotty the Windows Watchdog is on patrol and has detected a change to one of your file type associations [.URL].
              The program currently associated with this file type is:
              Run a DLL as an APP
              Microsoft Corporation
              C:\WINDOWS\system32\rundll32.exe C:\WIDOWS\system32\ieframe.dll,OpenURL %l
              A change was made to use the following program for this file type.
              Run a DLL as an App
              Microsoft Corporation
              rundll32.exe ieframe.dll,OpenURL %l
              Is this change ok?
              (I always say no.)

              2.) I'm concerned about having too many firewalls, especially since this computer is on the older side, because I'm afraid the computer will get intolerably slow.  I"m already running Sygate Personal Firewall and Windows Watchdog on top of AVG.  Is my concern valid about  the speed of my computer running so many firewalls?

              Thanks.

              Dr Jay

              • Malware Removal Specialist


              • Specialist
              • Moderator emeritus
              • Thanked: 119
              • Experience: Guru
              • OS: Windows 10
              Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
              « Reply #11 on: July 11, 2010, 11:10:00 PM »
              Only have one firewall.

              Internet Explorer has an auto-recovery mode. It will automatically re-launch if it gets crashed (shut down immediately). That is normal behavior for Internet Explorer.

              Also, Internet Explorer will probably need to finish its install. Just follow any prompts with it, and see if you have any more issues.
              ~Dr Jay

              Mr.Hopeless

                Topic Starter


                Rookie

                Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                « Reply #12 on: July 12, 2010, 07:08:57 AM »
                I think where I'm concerned about IE is that I'm getting this prompt without launching IE.  Doesn't that suggest that something is launching IE?  I mean, IE shouldn't be asking me to make it the default browser if I didn't initiate opening it myself, I would think...

                marzinp

                • Guest
                Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                « Reply #13 on: July 13, 2010, 06:40:50 AM »
                Hi M Hopeless,

                I had exactly the same problem and could'nt fix it. I just solved today using bootkit_remover and the instructions found here: http://forums.majorgeeks.com/showthread.php?p=1507974

                Hope it'll work for you!

                lovelyr88



                  Starter

                  Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                  « Reply #14 on: July 13, 2010, 07:37:16 AM »
                  I am having the exact samething Down to the T going on with my laptop,and Im doing everything in this post but nothings helping.Im really wondering is this like a recent/new malware/virus/trojan what have you going around this year.
                  yeah well...heh..cha..you know*leaves*

                  Dr Jay

                  • Malware Removal Specialist


                  • Specialist
                  • Moderator emeritus
                  • Thanked: 119
                  • Experience: Guru
                  • OS: Windows 10
                  Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                  « Reply #15 on: July 13, 2010, 10:38:43 PM »
                  @Mr. Hopeless

                  Please download TDSSKiller and save it to your Desktop.
                  • Extract the file and run it.
                  • Once completed it will create a log in your C:\ drive.
                  • Please post the contents of that log.
                  ~Dr Jay

                  Mr.Hopeless

                    Topic Starter


                    Rookie

                    Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                    « Reply #16 on: July 15, 2010, 05:46:36 PM »
                    19:46:40:278 2988   TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
                    19:46:40:278 2988   ================================================================================
                    19:46:40:278 2988   SystemInfo:

                    19:46:40:278 2988   OS Version: 5.1.2600 ServicePack: 3.0
                    19:46:40:278 2988   Product type: Workstation
                    19:46:40:278 2988   ComputerName: D2PGV571
                    19:46:40:278 2988   UserName: Brett
                    19:46:40:278 2988   Windows directory: C:\WINDOWS
                    19:46:40:278 2988   System windows directory: C:\WINDOWS
                    19:46:40:278 2988   Processor architecture: Intel x86
                    19:46:40:278 2988   Number of processors: 1
                    19:46:40:278 2988   Page size: 0x1000
                    19:46:40:278 2988   Boot type: Normal boot
                    19:46:40:278 2988   ================================================================================
                    19:46:40:700 2988   Initialize success
                    19:46:40:700 2988   
                    19:46:40:700 2988   Scanning   Services ...
                    19:46:41:372 2988   Raw services enum returned 360 services
                    19:46:41:387 2988   
                    19:46:41:387 2988   Scanning   Drivers ...
                    19:46:42:372 2988   abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
                    19:46:42:450 2988   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
                    19:46:42:591 2988   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
                    19:46:42:653 2988   adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
                    19:46:42:731 2988   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
                    19:46:42:825 2988   AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
                    19:46:42:856 2988   agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
                    19:46:42:934 2988   agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
                    19:46:43:028 2988   Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
                    19:46:43:044 2988   aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
                    19:46:43:059 2988   aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
                    19:46:43:091 2988   AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
                    19:46:43:122 2988   alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
                    19:46:43:153 2988   amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
                    19:46:43:184 2988   amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
                    19:46:43:247 2988   asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
                    19:46:43:294 2988   asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
                    19:46:43:341 2988   asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
                    19:46:43:419 2988   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
                    19:46:43:481 2988   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
                    19:46:43:591 2988   ati2mtag        (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
                    19:46:43:700 2988   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
                    19:46:43:809 2988   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
                    19:46:43:966 2988   AvgLdx86        (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
                    19:46:44:044 2988   AvgMfx86        (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
                    19:46:44:122 2988   AvgTdiX         (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
                    19:46:44:153 2988   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
                    19:46:44:200 2988   cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
                    19:46:44:216 2988   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
                    19:46:44:231 2988   cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
                    19:46:44:262 2988   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
                    19:46:44:294 2988   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
                    19:46:44:356 2988   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
                    19:46:44:403 2988   CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
                    19:46:44:497 2988   Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
                    19:46:44:637 2988   ctsfm2k         (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
                    19:46:44:700 2988   dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
                    19:46:44:762 2988   dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
                    19:46:44:825 2988   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
                    19:46:44:903 2988   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
                    19:46:44:981 2988   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
                    19:46:45:028 2988   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
                    19:46:45:075 2988   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
                    19:46:45:106 2988   dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
                    19:46:45:153 2988   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
                    19:46:45:169 2988   drvmcdb         (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
                    19:46:45:200 2988   drvnddm         (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
                    19:46:45:294 2988   DSproct         (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
                    19:46:45:356 2988   dsunidrv        (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
                    19:46:45:481 2988   E100B           (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
                    19:46:45:856 2988   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
                    19:46:45:903 2988   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
                    19:46:46:044 2988   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
                    19:46:46:075 2988   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
                    19:46:46:137 2988   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
                    19:46:46:153 2988   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
                    19:46:46:184 2988   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
                    19:46:46:231 2988   GEARAspiWDM     (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
                    19:46:46:294 2988   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
                    19:46:46:356 2988   HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
                    19:46:46:403 2988   hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
                    19:46:46:466 2988   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
                    19:46:46:512 2988   i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
                    19:46:46:544 2988   i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
                    19:46:46:544 2988   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
                    19:46:46:591 2988   ialm            (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
                    19:46:46:778 2988   IcRecUsb        (16e441dc4daf703fb0b0fe474830ff53) C:\WINDOWS\system32\Drivers\IcRecUsb.sys
                    19:46:47:028 2988   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
                    19:46:47:075 2988   ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
                    19:46:47:137 2988   IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
                    19:46:47:216 2988   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
                    19:46:47:278 2988   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
                    19:46:47:294 2988   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
                    19:46:47:356 2988   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
                    19:46:47:434 2988   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
                    19:46:47:528 2988   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
                    19:46:47:622 2988   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
                    19:46:47:653 2988   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
                    19:46:47:716 2988   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
                    19:46:47:762 2988   klmd23          (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
                    19:46:47:856 2988   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
                    19:46:47:966 2988   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
                    19:46:47:997 2988   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
                    19:46:48:059 2988   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
                    19:46:48:091 2988   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
                    19:46:48:169 2988   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
                    19:46:48:216 2988   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
                    19:46:48:262 2988   mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
                    19:46:48:309 2988   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
                    19:46:48:372 2988   MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
                    19:46:48:419 2988   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
                    19:46:48:481 2988   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
                    19:46:48:512 2988   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
                    19:46:48:544 2988   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
                    19:46:48:591 2988   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
                    19:46:48:637 2988   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
                    19:46:48:731 2988   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
                    19:46:48:762 2988   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
                    19:46:48:809 2988   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
                    19:46:48:872 2988   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
                    19:46:48:950 2988   NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
                    19:46:49:075 2988   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
                    19:46:49:216 2988   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
                    19:46:49:325 2988   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
                    19:46:49:512 2988   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
                    19:46:49:637 2988   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
                    19:46:49:887 2988   nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
                    19:46:50:262 2988   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
                    19:46:50:341 2988   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
                    19:46:50:434 2988   omci            (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
                    19:46:50:528 2988   ossrv           (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
                    19:46:50:684 2988   P17             (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
                    19:46:50:778 2988   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
                    19:46:50:825 2988   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
                    19:46:50:872 2988   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
                    19:46:50:934 2988   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
                    19:46:51:028 2988   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
                    19:46:51:091 2988   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
                    19:46:51:153 2988   perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
                    19:46:51:184 2988   perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
                    19:46:51:262 2988   PfModNT         (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
                    19:46:51:325 2988   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
                    19:46:51:356 2988   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
                    19:46:51:403 2988   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
                    19:46:51:497 2988   PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
                    19:46:51:544 2988   ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
                    19:46:51:637 2988   Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
                    19:46:51:762 2988   ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
                    19:46:51:841 2988   ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
                    19:46:51:872 2988   ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
                    19:46:51:919 2988   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
                    19:46:51:981 2988   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
                    19:46:52:028 2988   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
                    19:46:52:091 2988   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
                    19:46:52:122 2988   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
                    19:46:52:153 2988   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
                    19:46:52:356 2988   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
                    19:46:52:575 2988   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
                    19:46:52:637 2988   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
                    19:46:52:716 2988   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
                    19:46:52:872 2988   senfilt         (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
                    19:46:53:091 2988   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
                    19:46:53:137 2988   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
                    19:46:53:184 2988   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
                    19:46:53:278 2988   sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
                    19:46:53:387 2988   smwdm           (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
                    19:46:53:497 2988   Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
                    19:46:53:575 2988   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
                    19:46:53:622 2988   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
                    19:46:53:716 2988   Srv             (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
                    19:46:53:794 2988   sscdbhk5        (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
                    19:46:53:903 2988   ssrtln          (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
                    19:46:54:012 2988   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
                    19:46:54:122 2988   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
                    19:46:54:169 2988   symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
                    19:46:54:262 2988   symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
                    19:46:54:309 2988   sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
                    19:46:54:356 2988   sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
                    19:46:54:450 2988   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
                    19:46:54:544 2988   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
                    19:46:54:669 2988   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
                    19:46:54:716 2988   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
                    19:46:54:778 2988   Teefer          (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys
                    19:46:54:825 2988   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
                    19:46:54:919 2988   tfsnboio        (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
                    19:46:54:981 2988   tfsncofs        (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
                    19:46:55:028 2988   tfsndrct        (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
                    19:46:55:091 2988   tfsndres        (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
                    19:46:55:153 2988   tfsnifs         (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
                    19:46:55:200 2988   tfsnopio        (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
                    19:46:55:262 2988   tfsnpool        (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
                    19:46:55:294 2988   tfsnudf         (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
                    19:46:55:309 2988   tfsnudfa        (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
                    19:46:55:434 2988   TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
                    19:46:55:544 2988   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
                    19:46:55:622 2988   ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
                    19:46:55:762 2988   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
                    19:46:55:856 2988   usbbus          (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
                    19:46:55:919 2988   UsbDiag         (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
                    19:46:55:934 2988   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
                    19:46:55:997 2988   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
                    19:46:56:028 2988   USBModem        (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
                    19:46:56:044 2988   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
                    19:46:56:075 2988   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
                    19:46:56:106 2988   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
                    19:46:56:153 2988   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
                    19:46:56:262 2988   viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
                    19:46:56:325 2988   ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
                    19:46:56:372 2988   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
                    19:46:56:419 2988   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
                    19:46:56:481 2988   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
                    19:46:56:606 2988   wg3n            (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
                    19:46:56:637 2988   wg4n            (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
                    19:46:56:684 2988   wg5n            (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
                    19:46:56:731 2988   wg6n            (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
                    19:46:56:841 2988   WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
                    19:46:56:856 2988   wpsdrvnt        (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
                    19:46:57:044 2988   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
                    19:46:57:122 2988   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
                    19:46:57:137 2988   
                    19:46:57:137 2988   Completed
                    19:46:57:137 2988   
                    19:46:57:137 2988   Results:
                    19:46:57:137 2988   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
                    19:46:57:137 2988   File objects infected / cured / cured on reboot:   0 / 0 / 0
                    19:46:57:137 2988   
                    19:46:57:137 2988   KLMD(ARK) unloaded successfully

                    homeflash



                      Greenhorn

                      Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                      « Reply #17 on: July 15, 2010, 07:13:34 PM »
                      I have exactly same problem, too bad, I tried Microsoft Security Essential, spybot s&d, malwarebytes, Hijackthis, superantispyware, combofix, all can't find the source of the spyware.

                      I also looked at start up on registry and services.  Everything seems normal. I wonder where that comes from. Is it brand new spyware and why all those known antispyware can't delete, clean and kill it?!

                      homeflash



                        Greenhorn

                        Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                        « Reply #18 on: July 15, 2010, 08:23:14 PM »
                        not working... still popping up.
                        « Last Edit: July 15, 2010, 08:35:48 PM by homeflash »

                        Dr Jay

                        • Malware Removal Specialist


                        • Specialist
                        • Moderator emeritus
                        • Thanked: 119
                        • Experience: Guru
                        • OS: Windows 10
                        Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                        « Reply #19 on: July 15, 2010, 10:12:06 PM »
                        @Mr. Hopeless

                        Please run the F-Secure Online Scanner
                        • Follow the Instruction Here for installation.
                        • Accept the License Agreement.
                        • Once the ActiveX installs,Click Full System Scan
                        • Once the download completes,the scan will begin automatically.
                        • The scan will take some time to finish,so please be patient.
                        • When the scan completes, click the Automatic cleaning (recommended) button.
                        • Click the Show Report button and Copy&Paste the entire report in your next reply.
                        ~Dr Jay

                        homeflash



                          Greenhorn

                          Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                          « Reply #20 on: July 16, 2010, 06:59:34 PM »
                          @dragonmaster Jay

                          Hey, not sure if your link works or combo fix worked. Yesterday, after I ran combofix, it worked about 20 so mins, and the popups came back up again.  Then this morning, it didn't come up.  Anyway, saw your post, and tried your link and found 1 malware and 2 spyware and cleaned it.

                          After that, I also ran full scan for malware and microsoft security essential (nothing found)
                          then reboot it and run combofix again, and my norton antivirus found quite a few hacking spyware/virus

                          Now it seems like everything works okay, sound is back to normal.  No popups.  Thanks!

                          @Mr. Hopeless. 

                          Try what I did, it may work for you.  If it doesn't, download a software called popup killer, and it close all the popups you specify, but that is surface or temporary fix.  Either  continue trying or reformat the whole C drive (last resource which I don't recommend because sooner or later this kind of spyware/malware will come back, we need to know how to fix it)

                          My advise is once everything is fine and okay, backup your whole C drive as image or copy c:\windows\*.* , if there is problem, you can ren your old c:\windows to something and restore the good c:\windows\*.* back, then it should be okay (that is my last resource.. instead of formatting whole drive)  by the way, I use apricon to backup.

                          Dr Jay

                          • Malware Removal Specialist


                          • Specialist
                          • Moderator emeritus
                          • Thanked: 119
                          • Experience: Guru
                          • OS: Windows 10
                          Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                          « Reply #21 on: July 16, 2010, 11:28:52 PM »
                          Cancel that. According to a nice colleague, you seem to have what is called a Black Internet Bootkit, which is a fairly newer bootkit.

                          Download Bootkit Remover to your Desktop.
                          • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
                          • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
                          • It will show a Black screen with some data on it.
                          • Right click on the screen and click Select All.
                          • Press CTRL C
                          • Open a Notepad and press CTRL V
                          • Post the output back here.
                          ~Dr Jay

                          freeforall

                          • *Bugmenot user*


                          • Beginner

                            • Computer: Specs
                            • Experience: Familiar
                            • OS: Windows 7
                            Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                            « Reply #22 on: July 18, 2010, 09:19:40 AM »
                            While I was on a business trip, somebody got my computer infected it seems. I first knew something was wrong when the the sound kept going out and I had to reset the sound settings to get the sound back on on. Since, other things were happening, including a pop-up, messages about wanting to make IE my default browser, etc. My computer has AVG Anti-Virus (Free Version 8, I'll be upgrading ASAP), and on three separate scans it found infections, including Trojan house Clicker.AJUP, Tracking cooking.Trafficmp, Tracking cooking.Overture, Virus FakeAlert, and the latest on separate scans Trojan horse Downloader.Tiny.BB.

                            Whatever is going on, iexplore.exe keeps opening up, even after I End Process from the Windows Task Manager. It's rather disturbing. (Firefox is my default browser.)

                            And one more thing I've found. hxxp://www.yadaying.com/index.php?aff_id=979 (on Windows Internet Explorer) is running in the background, and I don't know how to stop it from running.

                            It seems there must be something lodged in the computer that's bringing about these infections, but I don't know where to start looking for it. At this point, I'm a bit afraid to turn that computer on (I'm using a different laptop). If anyone can get me started on this, I'd really appreciate it.

                            For the record, that computer is running Windows XP.

                            Cancel that. According to a nice colleague, you seem to have what is called a Black Internet Bootkit, which is a fairly newer bootkit.

                            Download Bootkit Remover to your Desktop.
                            • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
                            • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
                            • It will show a Black screen with some data on it.
                            • Right click on the screen and click Select All.
                            • Press CTRL C
                            • Open a Notepad and press CTRL V
                            • Post the output back here.

                            Hola, solucioné este mismo problema (no sound on wave and pop-up´s in iexplore, i´m use firefox) el 11/07/10 con BootKit (Bootkit Remover)
                            Sigue las instrucciones de DragonMaster Jay, al final serán más o menos éstas:

                            Generar un archivo por lotes (batch file) con el siguiente texto:

                            @ECHO OFF
                            START remover.exe fix \\.\PhysicalDrive0
                            SHUTDOWN -r
                            EXIT

                            ejecutar el archivo por lotes y ya está...
                            A fecha de hoy (18/07/10) AVG ha encontrado un virus "Troyano Downloader.Tiny.BB" pero no sé si tendrán relacción.
                            AVG lo ha eliminado sin ningún problema.

                            No contestes al correo, estoy usando una cuenta de BugMeNot.

                            Mr.Hopeless

                              Topic Starter


                              Rookie

                              Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                              « Reply #23 on: July 23, 2010, 03:32:07 PM »
                              Sorry it's taking me long between posts.  The dread on turning this computer on is really getting to me.  Anyway...  when I run remover.exe and I get the black screen window, the window closes when I try to copy the information.  Here's what the screen says before it closes:

                              Bootkit Remover version 1.0.0.1
                              (c) 2009 eSage Lab
                              www.esagelab.com

                              \\.\C: -> \\.\PhysicalDrive0
                              MD5: 6def5ffcbcdbdb4082f1015625e597bd

                                   Size  Device Name         MBR Status
                              ------------------------------------------------
                                 74 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)


                              Press any key to quit...

                              Dr Jay

                              • Malware Removal Specialist


                              • Specialist
                              • Moderator emeritus
                              • Thanked: 119
                              • Experience: Guru
                              • OS: Windows 10
                              Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                              « Reply #24 on: July 23, 2010, 09:01:17 PM »
                              Please open Notepad and enter in the following:
                              Quote
                              @echo off
                              start remover.exe fix \.\PhysicalDrive0
                              exit
                              Then, click File > Save as...
                              Save as remove.bat to the same location as remover.exe.
                              Choose Save as type... All Files.
                              Click Save.

                              Then, exit Notepad.

                              Double-click on remove.bat.

                              Please re-run remover.exe and post a new log in your next reply.
                              ~Dr Jay

                              Mr.Hopeless

                                Topic Starter


                                Rookie

                                Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                « Reply #25 on: July 26, 2010, 10:50:47 AM »
                                Bootkit Remover version 1.0.0.1
                                (c) 2009 eSage Lab
                                www.esagelab.com

                                \\.\C: -> \\.\PhysicalDrive0
                                MD5: 6def5ffcbcdbdb4082f1015625e597bd

                                     Size  Device Name          MBR Status
                                 --------------------------------------------
                                    74 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)


                                Press any key to quit...

                                Dr Jay

                                • Malware Removal Specialist


                                • Specialist
                                • Moderator emeritus
                                • Thanked: 119
                                • Experience: Guru
                                • OS: Windows 10
                                Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                « Reply #26 on: July 26, 2010, 09:55:54 PM »
                                How is the computer running?

                                What signs of infection remain?
                                ~Dr Jay

                                Mr.Hopeless

                                  Topic Starter


                                  Rookie

                                  Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                  « Reply #27 on: July 29, 2010, 11:28:51 AM »
                                  Sound is still out.  The computer is making a ticking noise.  Sygate gives the following message:
                                  Quote
                                  WMI has changed since the last time you used it. This could happen if you have updated it recently.  Click Detail to see more information.  Do you want to allow it to access the network?
                                  The executable has changed since the last time you used: C:\WINDOWS\system32\wbem\wmiprvse.exe
                                  And in another window, Sygate says:
                                  Quote
                                  Prevalence reporter [avgcmgr.exe] is trying to connect to mmi.explabs.net [64.88.164.170] using remote port 80 [HTTP - World Wide Web]. Do you want to allow this program to access the network?
                                  The last time I ran an AVG full scan of the computer, the scan took less than an hour and half.  Usually the scan takes more than three and half hours.  (That's got me a bit nervous.)
                                  A WinPatrol File Type Change Alert says:
                                  Quote
                                  Scotty the Windows Watchdog is on patrol and has detected a change to one of your file type associations

                                  The program currently associated with this file type is:
                                  Run a DLL as an App
                                  Microsoft Corporation
                                  C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ieframe.dll,OpenURL %|

                                  A change was made to use the following program for this file type.
                                  Run a DLL as an App
                                  Microsoft Corporation
                                  rundll32.exe iefram.dll,OpenURL %|
                                  I'm getting pretty close to pulling files off of the hard drive and then reinstalling Windows from scratch.  It's feeling like desperate times...

                                  Dr Jay

                                  • Malware Removal Specialist


                                  • Specialist
                                  • Moderator emeritus
                                  • Thanked: 119
                                  • Experience: Guru
                                  • OS: Windows 10
                                  Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                  « Reply #28 on: July 29, 2010, 12:36:54 PM »
                                  Quote
                                  Prevalence reporter [avgcmgr.exe] is trying to connect to mmi.explabs.net [64.88.164.170] using remote port 80 [HTTP - World Wide Web]. Do you want to allow this program to access the network?
                                  This is AVG connecting to its Exploit Prevention Labs Server. It is a safe operation.

                                  Please re-run ComboFix and post a new log.
                                  ~Dr Jay

                                  Mr.Hopeless

                                    Topic Starter


                                    Rookie

                                    Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                    « Reply #29 on: July 31, 2010, 08:16:18 PM »
                                    ComboFix 10-07-31.02 - Brett 07/31/2010  22:15:50.2.1 - x86
                                    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.451 [GMT -4:00]
                                    Running from: c:\documents and settings\Brett\Desktop\ComboFix.exe
                                    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
                                    FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
                                     * Created a new restore point
                                    .

                                    (((((((((((((((((((((((((   Files Created from 2010-07-01 to 2010-08-01  )))))))))))))))))))))))))))))))
                                    .

                                    2010-07-23 21:25 . 2010-07-23 21:25   4368224   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
                                    2010-07-23 21:25 . 2010-07-23 21:25   1615200   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
                                    2010-07-23 21:25 . 2010-07-23 21:25   1373536   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
                                    2010-07-23 21:25 . 2010-07-23 21:25   1107296   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
                                    2010-07-14 14:34 . 2010-06-14 14:31   744448   ------w-   c:\windows\system32\dllcache\helpsvc.exe
                                    2010-07-14 00:16 . 2010-07-14 00:22   --------   d-----w-   c:\program files\bootkit
                                    2010-07-11 03:46 . 2010-07-11 03:46   503808   ----a-w-   c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e417fcb-n\msvcp71.dll
                                    2010-07-11 03:46 . 2010-07-11 03:46   499712   ----a-w-   c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e417fcb-n\jmc.dll
                                    2010-07-11 03:46 . 2010-07-11 03:46   348160   ----a-w-   c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e417fcb-n\msvcr71.dll
                                    2010-07-11 03:46 . 2010-07-11 03:46   61440   ----a-w-   c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1bd8a20e-n\decora-sse.dll
                                    2010-07-11 03:46 . 2010-07-11 03:46   12800   ----a-w-   c:\documents and settings\Brett\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1bd8a20e-n\decora-d3d.dll
                                    2010-07-11 03:45 . 2010-07-11 03:45   411368   ----a-w-   c:\windows\system32\deployJava1.dll
                                    2010-07-11 03:24 . 2010-07-11 03:24   --------   d-----w-   c:\program files\Common Files\Adobe AIR
                                    2010-07-11 03:22 . 2010-07-11 03:22   71680   ----a-w-   c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
                                    2010-07-11 03:21 . 2010-07-11 17:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
                                    2010-07-08 19:08 . 2010-07-08 19:08   --------   d-----w-   c:\program files\ESET
                                    2010-07-07 01:16 . 2010-07-07 01:16   495616   ----a-w-   c:\windows\system32\igfxcfg.exe
                                    2010-07-05 00:31 . 2010-07-05 00:31   --------   d-sh--w-   c:\documents and settings\Deborah\IECompatCache
                                    2010-07-04 18:25 . 2010-07-04 18:25   --------   d-----w-   C:\$AVG
                                    2010-07-04 18:21 . 2010-07-04 18:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
                                    2010-07-04 03:41 . 2010-07-04 03:41   552   ----a-w-   c:\windows\system32\d3d8caps.dat
                                    2010-07-04 03:13 . 2010-07-04 03:13   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
                                    2010-07-02 04:45 . 2010-07-02 04:45   388096   ----a-r-   c:\documents and settings\Brett\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                                    2010-07-02 04:45 . 2010-07-02 04:45   --------   d-----w-   c:\program files\Trend Micro

                                    .
                                    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                                    .
                                    2010-07-11 03:46 . 2005-04-20 17:21   --------   d-----w-   c:\program files\Common Files\Java
                                    2010-07-11 03:45 . 2005-04-20 17:21   --------   d-----w-   c:\program files\Java
                                    2010-07-11 03:37 . 2005-04-20 17:22   --------   d--h--w-   c:\program files\InstallShield Installation Information
                                    2010-07-11 03:28 . 2005-04-21 00:41   --------   d-----w-   c:\program files\Common Files\Adobe
                                    2010-07-07 01:45 . 2009-02-16 01:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                                    2010-07-04 18:25 . 2009-02-16 03:30   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
                                    2010-07-04 18:25 . 2009-02-16 03:30   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
                                    2010-07-04 18:25 . 2009-02-16 03:30   29584   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
                                    2010-07-04 18:25 . 2009-02-16 03:30   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
                                    2010-07-04 18:21 . 2009-02-16 03:30   --------   d-----w-   c:\program files\AVG
                                    2010-07-04 16:52 . 2009-02-16 03:45   --------   d-----w-   c:\program files\CCleaner
                                    2010-07-04 16:50 . 2008-09-11 12:18   --------   d-----w-   c:\documents and settings\Brett\Application Data\Amazon
                                    2010-07-04 16:50 . 2008-09-11 12:18   --------   d-----w-   c:\program files\Amazon
                                    2010-07-04 16:49 . 2005-04-20 21:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
                                    2010-06-14 14:31 . 2004-08-10 18:02   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
                                    2010-06-13 04:47 . 2010-06-13 04:47   --------   d-----w-   c:\documents and settings\Brett\Application Data\ZipGenius
                                    2010-06-13 04:46 . 2010-06-13 04:46   --------   d-----w-   c:\program files\ZipGenius 6
                                    2010-06-08 00:30 . 2010-06-08 00:30   57344   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
                                    2010-06-08 00:30 . 2010-06-08 00:30   56997   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
                                    2010-06-08 00:30 . 2010-06-08 00:30   56765   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
                                    2010-06-08 00:30 . 2010-06-08 00:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\DivX
                                    2010-06-08 00:30 . 2010-06-08 00:30   53600   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
                                    2010-06-08 00:30 . 2010-06-08 00:30   57715   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   --------   d-----w-   c:\documents and settings\Brett\Application Data\DivX
                                    2010-06-08 00:29 . 2010-06-08 00:29   84062   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   57054   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   54166   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   57532   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   56458   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   54174   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   54153   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   54128   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   54644   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   57409   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
                                    2010-06-08 00:29 . 2010-06-08 00:29   54101   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
                                    2010-06-08 00:28 . 2010-06-08 00:28   52963   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
                                    2010-06-08 00:28 . 2010-06-08 00:28   54073   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
                                    2010-06-08 00:28 . 2010-06-08 00:28   56969   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
                                    2010-06-08 00:28 . 2009-08-19 00:57   --------   d-----w-   c:\program files\Common Files\DivX Shared
                                    2010-06-08 00:22 . 2010-06-08 00:30   1062184   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
                                    2010-06-08 00:19 . 2010-06-08 00:30   895256   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
                                    2010-06-04 16:13 . 2008-08-12 01:07   --------   d-----w-   c:\program files\Microsoft Silverlight
                                    2010-05-06 10:41 . 2004-08-10 17:51   916480   ----a-w-   c:\windows\system32\wininet.dll
                                    .

                                    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                                    .
                                    .
                                    *Note* empty entries & legit default entries are not shown
                                    REGEDIT4

                                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                    "Mozilla Quick Launch"="c:\program files\mozilla.org\Mozilla\Mozilla.exe" [2005-05-11 98192]

                                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
                                    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-21 118784]
                                    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
                                    "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
                                    "P17Helper"="P17.dll" [2004-06-10 60928]
                                    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
                                    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
                                    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
                                    "SmcService"="c:\progra~1\COMPUT~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
                                    "EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
                                    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
                                    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
                                    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
                                    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
                                    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-04 2065760]

                                    c:\documents and settings\All Users\Start Menu\Programs\Startup\
                                    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

                                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
                                    2010-07-04 18:25   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

                                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
                                    @="Service"

                                    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
                                    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
                                    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

                                    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
                                    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
                                    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

                                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
                                    2007-01-01 21:22   3739648   ----a-w-   c:\program files\Google\Google Talk\googletalk.exe

                                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
                                    2006-01-19 15:06   11776   ----a-w-   c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

                                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
                                    2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe

                                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                                    2005-12-08 23:54   155648   ----a-w-   c:\program files\QuickTime\qttask.exe

                                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
                                    2004-01-07 06:01   110592   ----a-w-   c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

                                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
                                    "DisableMonitoring"=dword:00000001

                                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                                    "DisableMonitoring"=dword:00000001

                                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                                    "DisableMonitoring"=dword:00000001

                                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                                    "EnableFirewall"= 0 (0x0)

                                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                                    "%windir%\\system32\\sessmgr.exe"=
                                    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                                    "%windir%\\system32\\drivers\\svchost.exe"=
                                    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
                                    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
                                    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

                                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                                    "67:UDP"= 67:UDP:DHCP Discovery Service

                                    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/15/2009 11:30 PM 216400]
                                    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/15/2009 11:30 PM 243024]
                                    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/4/2010 2:23 PM 308136]
                                    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/21/2009 8:51 PM 133104]
                                    S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [11/20/2005 11:11 PM 17432]
                                    S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2/10/2006 5:27 PM 45840]
                                    .
                                    Contents of the 'Scheduled Tasks' folder

                                    2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                                    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 00:50]

                                    2010-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                                    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 00:50]

                                    2010-06-25 c:\windows\Tasks\Install.job
                                    - c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-06-24 18:18]
                                    .
                                    .
                                    ------- Supplementary Scan -------
                                    .
                                    uStart Page = hxxp://www.yahoo.com/
                                    uInternet Connection Wizard,ShellNext = iexplore
                                    Trusted Zone: musicmatch.com\online
                                    FF - ProfilePath - c:\documents and settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\
                                    FF - prefs.js: browser.search.selectedEngine - Google
                                    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
                                    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
                                    FF - plugin: c:\documents and settings\Brett\Application Data\Move Networks\plugins\npqmp071505000010.dll
                                    FF - plugin: c:\documents and settings\Brett\Application Data\Move Networks\plugins\npqmp071701000002.dll
                                    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
                                    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
                                    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
                                    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
                                    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

                                    ---- FIREFOX POLICIES ----
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
                                    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
                                    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
                                    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
                                    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
                                    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
                                    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
                                    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
                                    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
                                    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
                                    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
                                    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
                                    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
                                    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
                                    .

                                    **************************************************************************

                                    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                                    Rootkit scan 2010-07-31 22:20
                                    Windows 5.1.2600 Service Pack 3 NTFS

                                    scanning hidden processes ... 

                                    scanning hidden autostart entries ...

                                    scanning hidden files ... 

                                    scan completed successfully
                                    hidden files: 0

                                    **************************************************************************

                                    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
                                    "ImagePath"=""
                                    .
                                    --------------------- LOCKED REGISTRY KEYS ---------------------

                                    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
                                    @Denied: (2) (LocalSystem)
                                    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
                                       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,1a,17,b4,52,54,7c,42,b2,a6,fd,\
                                    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
                                       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,1a,17,b4,52,54,7c,42,b2,a6,fd,\
                                    .
                                    --------------------- DLLs Loaded Under Running Processes ---------------------

                                    - - - - - - - > 'explorer.exe'(3284)
                                    c:\windows\system32\WININET.dll
                                    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
                                    c:\windows\system32\SSSensor.dll
                                    c:\windows\system32\ieframe.dll
                                    c:\windows\system32\webcheck.dll
                                    c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
                                    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
                                    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
                                    c:\progra~1\SPYBOT~1\SDHelper.dll
                                    c:\windows\system32\PortableDeviceApi.dll
                                    .
                                    Completion time: 2010-07-31  22:23:19
                                    ComboFix-quarantined-files.txt  2010-08-01 02:23

                                    Pre-Run: 19,844,481,024 bytes free
                                    Post-Run: 19,828,944,896 bytes free

                                    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
                                    [boot loader]
                                    timeout=2
                                    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
                                    [operating systems]
                                    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
                                    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

                                    - - End Of File - - 1BD2103E25EA95A703A92D477D221DA2

                                    Dr Jay

                                    • Malware Removal Specialist


                                    • Specialist
                                    • Moderator emeritus
                                    • Thanked: 119
                                    • Experience: Guru
                                    • OS: Windows 10
                                    Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                    « Reply #30 on: August 01, 2010, 01:58:02 PM »
                                    Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

                                    • Double-click on drweb-cureit.exe to start the program.
                                      An Express Scan of your PC notice will appear.
                                    • Under Start the Express Scan Now, Click OK to start the scan.
                                      This is a short scan that will scan the files currently running in memory.
                                      If something is found, click the Yes button when it asks you if you want to cure it.
                                    • Once the short scan has finished, Click Options > Change settings
                                    • Choose the Scan tab and UNcheck Heuristic analysis
                                    • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
                                    • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
                                    • When finished, a message will be displayed at the bottom advising if any viruses were found.
                                    • Click Yes to all if it asks if you want to cure/move the file.
                                    • When the scan has finished, look if you can see the icon next to the files found.

                                    If so, click it, then click the next icon right below and select Move incurable.
                                    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
                                    • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
                                    • Save the DrWeb.csv report to your Desktop.
                                    • Exit Dr.Web Cureit when you have finished.
                                    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
                                    • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
                                    ~Dr Jay

                                    Mr.Hopeless

                                      Topic Starter


                                      Rookie

                                      Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                      « Reply #31 on: August 02, 2010, 05:54:49 AM »
                                      Wow.  This got a lot of stuff...

                                      1196745071jtun_firstexpirationpif.x00\Program Files\Common Files\PIF_B8E1\pifCrawl.exe;C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1196745071jtun_firstexpirationpif.x00;Trojan.Swizzor.based;;
                                      1196745071jtun_firstexpirationpif.x00;C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads;Archive contains infected objects;Moved.;
                                      005F6B55.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.3204;Deleted.;
                                      0A532F1A.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.793;Deleted.;
                                      10FF3461.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.AdBlaster;Incurable.Deleted.;
                                      278E22DA.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.AdBlaster;Incurable.Deleted.;
                                      441A342D.dll;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.Virtumonde;Incurable.Deleted.;
                                      46DC7909.dll;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.Virtumonde;Incurable.Deleted.;
                                      48D12855.dll;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Virtumod;Deleted.;
                                      49D62471.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.Winad;Incurable.Deleted.;
                                      4D5725C8.EXE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.AdBlaster;Incurable.Deleted.;
                                      4D5A4FC5.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.AdBlaster;Incurable.Deleted.;
                                      6A115978.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.AdBlaster;Incurable.Deleted.;
                                      6A12297F.bat;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Joke.Opros;Incurable.Deleted.;
                                      79AC3926.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.793;Deleted.;
                                      7BD2172F.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.AdBlaster;Incurable.Deleted.;
                                      7F5368CC.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.1959;Deleted.;
                                      7F5712C9.dll;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.Winad;Incurable.Deleted.;
                                      7F5712C9.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.Winad;Incurable.Deleted.;
                                      7F5712C9.fr9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Adware.Winad;Incurable.Deleted.;
                                      Salary Survey.bat;C:\Documents and Settings\Brett\Desktop\Old Computer Stuff\Misc\Humor;Joke.Opros;Incurable.Deleted.;
                                      ASAP Utilities 310 setup.exe\{app}\format.asap;C:\Documents and Settings\Brett\My Documents\Temp\ASAP Utilities 310 setup.exe;W97M.Iseng;;
                                      ASAP Utilities 310 setup.exe;C:\Documents and Settings\Brett\My Documents\Temp;Container contains infected objects;Moved.;
                                      VundoFix.exe\process.exe;C:\Documents and Settings\Brett\My Documents\Temp\VundoFix.exe;Tool.Killproc.3;;
                                      VundoFix.exe;C:\Documents and Settings\Brett\My Documents\Temp;Container contains infected objects;Moved.;
                                      pifCrawl.exe;C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08};Trojan.Swizzor.based;Deleted.;
                                      VundoFix.exe\process.exe;C:\Program Files\Computer Defense\VundoFix\VundoFix.exe;Tool.Killproc.3;;
                                      VundoFix.exe;C:\Program Files\Computer Defense\VundoFix;Container contains infected objects;Moved.;
                                      process.exe;C:\Program Files\Computer Defense\VundoFix\VundoFix;Tool.Killproc.3;Incurable.Deleted.;
                                      A0001440.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP14;Trojan.DownLoader.793;Deleted.;
                                      A0001441.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP14;Trojan.Virtumod;Deleted.;
                                      A0001442.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP14;Trojan.DownLoader.793;Deleted.;
                                      A0001443.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP14;Trojan.DownLoader.1959;Deleted.;
                                      A0001444.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP14;Trojan.Swizzor.based;Deleted.;
                                      A0001445.exe\process.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP14\A0001445.exe;Tool.Killproc.3;;
                                      A0001445.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP14;Container contains infected objects;Moved.;

                                      Dr Jay

                                      • Malware Removal Specialist


                                      • Specialist
                                      • Moderator emeritus
                                      • Thanked: 119
                                      • Experience: Guru
                                      • OS: Windows 10
                                      Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                      « Reply #32 on: August 02, 2010, 03:27:49 PM »
                                      Infections found in ComboFix Quarantine and System Restore

                                      Virus and malware scanners detect infections found in ComboFix quarantine (C:\Qoobox\) and System Restore (C:\System Volume Information\). However, these infections are harmless, unless if certain conditions occur.

                                      For ComboFix quarantine:
                                      • ComboFix should be uninstalled. Otherwise, if a threat were to be restored or executed from the quarantine, the computer would become reinfected.
                                      For System Restore:
                                      • A new Restore Point should be created and System Restore should be reset after the infection has been removed.
                                      • If you do not reset System Restore, and go to Restore your computer to an earlier time, it can reinfect your computer.
                                      We will be cleaning all of it up.



                                      Save these instructions so you can have access to them while in Safe Mode.

                                      Please click here to download AVP Tool by Kaspersky.
                                      • Save it to your desktop.
                                      • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
                                      • Double click the setup file to run it.
                                      • Click Next to continue.
                                      • Accept the License agreement and click on next.
                                      • It will, by default, install it to your desktop folder. Click Next.
                                      • It will then open a box There will be a tab that says Automatic scan.
                                      • Under Automatic scan make sure these are checked.
                                        • Hidden Startup Objects
                                        • System Memory
                                        • Disk Boot Sectors.
                                        • My Computer.
                                        • Also any other drives (Removable that you may have)[/color]
                                        Leave the rest of the settings as they appear as default.
                                        • Then click on Scan at the to right hand Corner.
                                        • It will automatically Neutralize any objects found.
                                        • If some objects are left un-neutralized then click the button that says Neutralize all
                                        • If it says it cannot be neutralized then choose the delete option when prompted.
                                        • After that is done click on the reports button at the bottom and save it to file name it Kas.
                                        • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

                                          Note: This tool will self uninstall when you close it so please save the log before closing it.
                                        ~Dr Jay

                                        Mr.Hopeless

                                          Topic Starter


                                          Rookie

                                          Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                          « Reply #33 on: August 02, 2010, 10:00:17 PM »
                                          I was unable to save the report since, in Safe Mode, I couldn't change the Display settings and, unfortunately, the button for creating the report was cut off below the end of the monitor and the top of the window kept snapping to the top of the monitor no matter what I did to try to move it up.  Here are the actions (I had to type this out, so I hope it's accurate):

                                          Detected: HEUR:Trojan.Win32.Generic  C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1134765A.exe/CryptFF/UPX

                                          Detected: HEUR:Trojan.Win32.Generic  C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\112E2261.exe/CryptFF/UPX

                                          Detected: HEUR:Trojan.Win32.Generic  C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1134765A.exe/CryptFF

                                          Detected: HEUR:Trojan.Win32.Generic  C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\112E2261.exe/CryptFF/UPX

                                          Deleted: HEUR:Trojan.Win32.Generic  C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1134765A.exe

                                          Detected: HEUR:Trojan.Win32.Generic  C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\112E2261.exe

                                          Detected: Trojan-Spy.HTML.Bankfraud.p  C:\Documents and Settings\All Users\Application Data\Symante\Norton AntiVirusQuarantine\357F57F3.exe/CryptFF

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\Documents and Settings\All Users\Application Data\Symante\Norton AntiVirusQuarantine\4d5A4FC5.dll/CryptFF

                                          Deleted: Trojan-Spy.HTML.Bankfraud.p  C:\Documents and Settings\All Users\Application Data\Symante\Norton AntiVirusQuarantine\357F57F3.htm

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\Documents and Settings\All Users\Application Data\Symante\Norton AntiVirusQuarantine\4D5D79C1.dll/CryptFF

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\Documents and Settings\All Users\Application Data\Symante\Norton AntiVirusQuarantine\4D5D4FC5.dll/CryptFF

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\Documents and Settings\All Users\Application Data\Symante\Norton AntiVirusQuarantine\5D0C1A7E.dll/CryptFF

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\Documents and Settings\All Users\Application Data\Symante\Nortn AntiVirusQuarantine\4D5D79C1.dll

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\Documents and Settings\All Users\Application Data\Symante\Norton AntiVirusQuarantine\5D0C1A7E.dll

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\Documents and Settings\All Users\Application Data\Symante\Norton AntiVirusQuarantine\6A115978.dll/CryptFF

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\Documents and Settings\All Users\Application Data\Symante\Nortn AntiVirusQuarantine\6A115978.dll

                                          Detected: Trojan-Spy.Win32.SpyAnyTime.c  C:\Documents and Settings\Brett\My Documents\Temp\SANYTIMEsoftwarespy.zip/Spy Anytime PC Spy 2.3/setup.exe/data0001

                                          Deleted: Trojan-Spy.Win32.SpyAnyTime.c  C:\Documents and Settings\Brett\My Documents\Temp\SANYTIMEsoftwarespy.zip/Spy Anytime PC Spy 2.3/setup.exe

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001448.exe/CryptFF

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001449.exe/CryptFF

                                          Detected: Trojan.Win32.Crypt.o  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001450.exe/CryptFF

                                          Deleted: Trojan.Win32.Crypt.o  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001450.exe

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001448.exe

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001449.exe

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001453.EXE/CryptFF

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001452.exe/CryptFF

                                          Detected: Trojan.Win32.Crypt.o  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001451.dll/CryptFF

                                          Deleted: Trojan.Win32.Crypt.o  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001451.dll

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001454.exe/CryptFF

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001453.EXE

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001455.exe/CryptFF

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001452.exe

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001454.exe

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001455.exe

                                          Detected: not-a-virus:Adware.Win32.WinAD.ak  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001458.dll/CryptFF/UPX

                                          Detected: not-a-virus:Adware.Win32.WinAD.ak  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001459.exe/CryptFF/UPX

                                          Detected: not-a-virus:Adware.Win32.WinAD.ak  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001457.exe/CryptFF

                                          Deleted: not-a-virus:Adware.Win32.WinAD.ak  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001458.dll

                                          Deleted: not-a-virus:Adware.Win32.WinAD.ak  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001459.exe

                                          Detected: HEUR.Trojan.Win32.Generic  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001516.exe/CryptFF/UPX

                                          Detected: HEUR.Trojan.Win32.Generic  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001517.exe/CryptFF/UPX

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001518.dll/CryptFF

                                          Detected: HEUR.Trojan.Win32.Generic  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001516.exe/CryptFF

                                          Deleted: HEUR.Trojan.Win32.Generic  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001516.exe

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001518.dll

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001520.dll/CryptFF

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001519.dll/CryptFF

                                          Detected: HEUR.Trojan.Win32.Generic  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001517.exe/CryptFF

                                          Deleted: HEUR.Trojan.Win32.Generic  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001517.exe

                                          Detected: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001521.dll/CryptFF

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001521.dll/CryptFF

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001520.dll/CryptFF

                                          Deleted: not-a-virus:AdWare.Win32.AdBlaster.b  C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP15\A0001519.dll/CryptFF

                                          Detected: not-a-virus:AdWare.Win32.Sahat.ao  C:\WINDOWS\system32\70tovmto.ini

                                          Detected: not-a-virus:AdWare.Win32.Sahat.ao  C:\WINDOWS\system32\gah95on6.ini

                                          Deleted: not-a-virus:AdWare.Win32.Sahat.ao  C:\WINDOWS\system32\70tovmto.ini

                                          Deleted: not-a-virus:AdWare.Win32.Sahat.ao  C:\WINDOWS\system32\gah95on6.ini

                                          Dr Jay

                                          • Malware Removal Specialist


                                          • Specialist
                                          • Moderator emeritus
                                          • Thanked: 119
                                          • Experience: Guru
                                          • OS: Windows 10
                                          Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                          « Reply #34 on: August 04, 2010, 12:40:17 PM »
                                          Download SuperAntiSpyware
                                          • Load SuperAntiSpyware and click the Check for updates button.
                                          • Once the update is finished click the Scan your computer button.
                                          • Check Perform Complete Scan and then next.
                                          • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
                                          • Make sure that they all have a check next to them and press next.
                                          • Click finish and you will be taken back to the main interface.
                                          • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
                                          • Copy and paste the log onto the forum.
                                          ~Dr Jay

                                          Mr.Hopeless

                                            Topic Starter


                                            Rookie

                                            Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                            « Reply #35 on: August 05, 2010, 09:22:47 PM »
                                            SUPERAntiSpyware Scan Log
                                            http://www.superantispyware.com

                                            Generated 08/05/2010 at 01:46 PM

                                            Application Version : 4.41.1000

                                            Core Rules Database Version : 5322
                                            Trace Rules Database Version: 3134

                                            Scan type       : Complete Scan
                                            Total Scan Time : 00:46:51

                                            Memory items scanned      : 529
                                            Memory threats detected   : 0
                                            Registry items scanned    : 7287
                                            Registry threats detected : 0
                                            File items scanned        : 28943
                                            File threats detected     : 266

                                            Adware.Tracking Cookie
                                               *Blocked Russian URL* [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .overture.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .overture.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .doubleclick.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .247realmedia.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .tribalfusion.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .atdmt.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .atdmt.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .kontera.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .bs.serving-sys.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .serving-sys.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .serving-sys.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .serving-sys.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .serving-sys.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .serving-sys.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .serving-sys.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .serving-sys.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .kontera.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .kontera.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .collective-media.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .apmebf.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .fastclick.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .fastclick.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .mediaplex.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .pointroll.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .pointroll.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .avgtechnologies.112.2o7.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .liveperson.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .liveperson.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .kaspersky.122.2o7.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .interclick.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .specificclick.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .specificclick.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .fastclick.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .interclick.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .interclick.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .revsci.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .revsci.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .cyberdefender.122.2o7.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .mediaplex.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .a1.interclick.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .revsci.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .revsci.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .ehg-eset.hitbox.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .hitbox.com [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .collective-media.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .collective-media.net [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               *Blocked Russian URL* [ C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\jsow3vw5.default\cookies.sqlite ]
                                               .adbureau.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .adinterax.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .s.clickability.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .s.clickability.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               server.cpmstar.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .redorbit.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .interclick.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .interclick.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .yieldmanager.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .nextag.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .nextag.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .at.atwola.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .edge.ru4.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .edge.ru4.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .specificmedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               cdn4.specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               cdn4.specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .richmedia.yahoo.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .imrworldwide.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .imrworldwide.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               citi.bridgetrack.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               citi.bridgetrack.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               citi.bridgetrack.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .collective-media.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .newbalance.112.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .interclick.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               server.iad.liveperson.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               server.iad.liveperson.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               citi.bridgetrack.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               citi.bridgetrack.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               citi.bridgetrack.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .iacas.adbureau.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .iacas.adbureau.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .iacas.adbureau.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               ads.lucidmedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .michaelcfina.122.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .roiservice.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .adlegend.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .neoedge.adbureau.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .care2.112.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               ads.gamesbannernet.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               ads.gamesbannernet.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               ads.gamesbannernet.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .bizrate.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               media.mtvnservices.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .viacom.adbureau.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .viacom.adbureau.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .viacom.adbureau.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .adserver.adtechus.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               rotator.adjuggler.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               rotator.adjuggler.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               sales.liveperson.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               sales.liveperson.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               sales.liveperson.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .adinterax.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .adinterax.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .borders.112.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .azjmp.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .microsoftwindows.112.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .chitika.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .ads.pointroll.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .sixteenthstreetsynagogue.org [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .e-2dj6wjlyekcpodp.stats.esomniture.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .e-2dj6wjny-1gc5ec.stats.esomniture.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .e-2dj6wjkoknajgko.stats.esomniture.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .qnsr.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .qnsr.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               cdn4.specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .videoegg.adbureau.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .afe.specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               stat.onestat.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               stat.onestat.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .a1.interclick.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .cbs.112.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .lockedonmedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .eyewonder.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               sales.liveperson.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               www.skicountryantiques.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .kiplinger.112.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .healthgrades.112.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               cdn4.specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               webstats.aetna.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .legolas-media.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               adserver.webads.co.il [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               cdn4.specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               cdn4.specificclick.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .dmtracker.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .avgtechnologies.112.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               dc.tremormedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .socialmedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               stats.amnh.org [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .media6degrees.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .hotelscom.122.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .server.cpmstar.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .network.realmedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .server.cpmstar.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .invitemedia.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .chicagosuntimes.122.2o7.net [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .kontera.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               secure.sussexdirectories.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .sussexdirectories.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .sussexdirectories.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .secure3.sussexdirectories.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .secure3.sussexdirectories.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .at.atwola.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .insightexpressai.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               www.googleadservices.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .nextag.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .nextag.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .nextag.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .nextag.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .at.atwola.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .nextag.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               .nextag.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               www.clickmanage.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]
                                               www.clickmanage.com [ C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\r183vqyk.default\cookies.sqlite ]

                                            Adware.Vundo/Variant-X32[Header]
                                               C:\PROGRAM FILES\GIFCONSTRUCTIONSETPROFESSIONAL\GCSGIF32.DLL
                                               C:\PROGRAM FILES\GIFCONSTRUCTIONSETPROFESSIONAL\GCSJPG32.DLL
                                               C:\PROGRAM FILES\GIFCONSTRUCTIONSETPROFESSIONAL\GCSPCX32.DLL
                                               C:\PROGRAM FILES\GIFCONSTRUCTIONSETPROFESSIONAL\GCSPNG32.DLL
                                               C:\PROGRAM FILES\GIFCONSTRUCTIONSETPROFESSIONAL\GCSTGA32.DLL

                                            Adware.Unknown Origin
                                               C:\WINDOWS\SYSTEM32\IESH12052004.CFG

                                            Dr Jay

                                            • Malware Removal Specialist


                                            • Specialist
                                            • Moderator emeritus
                                            • Thanked: 119
                                            • Experience: Guru
                                            • OS: Windows 10
                                            Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                            « Reply #36 on: August 06, 2010, 11:08:55 PM »
                                            We'll do another scan here, to check for anymore malware.

                                            Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

                                            Note: please close all other applications running on your system.

                                            Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

                                            Click the Settings button.



                                            Set the slider to Maximum.



                                            IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




                                            On the General tab, make sure all of the boxes are checked.




                                            On the Misc tab, make sure all the checkboxes are checked.

                                            Then, click OK on the windows that you launched.



                                            Click Create Report to run it.


                                            It will begin scanning.

                                            It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

                                            It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

                                            It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.
                                            ~Dr Jay


                                            Dr Jay

                                            • Malware Removal Specialist


                                            • Specialist
                                            • Moderator emeritus
                                            • Thanked: 119
                                            • Experience: Guru
                                            • OS: Windows 10
                                            Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                            « Reply #38 on: August 07, 2010, 08:09:22 PM »
                                            Are there any other signs of infection?

                                            Shall we clean up or continue searching?
                                            ~Dr Jay

                                            Gahmieh

                                            • Guest
                                            Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                            « Reply #39 on: August 08, 2010, 03:38:51 AM »
                                            Please open Notepad and enter in the following:Then, click File > Save as...
                                            Save as remove.bat to the same location as remover.exe.
                                            Choose Save as type... All Files.
                                            Click Save.

                                            Then, exit Notepad.

                                            Double-click on remove.bat.

                                            Please re-run remover.exe and post a new log in your next reply.

                                            Sorry, I know, it's not my topic, but I read it here and because I have also some problems with my sound on my laptop, I tried this. But after doing exactly like you have described it, my laptop does not boot. Is there a solution?

                                            Mr.Hopeless

                                              Topic Starter


                                              Rookie

                                              Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                              « Reply #40 on: August 08, 2010, 04:45:49 PM »
                                              Right now the sound is working again and the ticking noise seems to have abated...  We could go for the clean up now unless you think I should use that computer again for the next few days to see if anything else comes up.  (I've been borrowing a laptop for the past month or so...)

                                              Dr Jay

                                              • Malware Removal Specialist


                                              • Specialist
                                              • Moderator emeritus
                                              • Thanked: 119
                                              • Experience: Guru
                                              • OS: Windows 10
                                              Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                              « Reply #41 on: August 09, 2010, 11:18:25 PM »
                                              Why not give it a few days, and let me know if anything shows up. :)
                                              ~Dr Jay

                                              Mr.Hopeless

                                                Topic Starter


                                                Rookie

                                                Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                                « Reply #42 on: August 30, 2010, 11:06:44 AM »
                                                Okay, so after a using the computer a bunch of times, the sound is still working and the only thing I'm seeing that gets me nervous is this message still pops up, and I'm not sure what it's related to:
                                                Quote
                                                WMI has changed since the last time you used it. This could happen if you have updated it recently.  Click Detail to see more information.  Do you want to allow it to access the network?
                                                The executable has changed since the last time you used: C:\WINDOWS\system32\wbem\wmiprvse.exe
                                                My computer also seems to be sluggish.  It may be because I've been borrowing my wife's faster laptop a lot lately, but it just seems slow and that also gets me nervous.  Maybe I need to remove some of the software we've added?

                                                Dr Jay

                                                • Malware Removal Specialist


                                                • Specialist
                                                • Moderator emeritus
                                                • Thanked: 119
                                                • Experience: Guru
                                                • OS: Windows 10
                                                ~Dr Jay

                                                elchocolato

                                                • Guest
                                                Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                                « Reply #44 on: September 03, 2010, 10:50:45 PM »
                                                Hey guys, for those of you who are having this problem but this solution isn't working for you (or is too long and you are lazy):
                                                There is a program called ProcessGuard, which allows you to deny a program to ever run. You can use it to just block iexplore.exe from ever running. This blocks the symptoms, so its nice as a quick fix, but keep in mind you still have the disease! I have just done this, it is also nice because it allows you to remain functional while actually fixing it as well without the iexplore's to worry about.

                                                Mr.Hopeless

                                                  Topic Starter


                                                  Rookie

                                                  Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                                  « Reply #45 on: September 14, 2010, 06:52:27 AM »
                                                  18424 09:15:45 (0) ** WMIDiag v2.0 started on Tuesday, September 14, 2010 at 09:11.
                                                  18425 09:15:45 (0) **
                                                  18426 09:15:45 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
                                                  18427 09:15:45 (0) **
                                                  18428 09:15:45 (0) ** This script is not supported under any Microsoft standard support program or service.
                                                  18429 09:15:45 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
                                                  18430 09:15:45 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
                                                  18431 09:15:45 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
                                                  18432 09:15:45 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
                                                  18433 09:15:45 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
                                                  18434 09:15:45 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
                                                  18435 09:15:45 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
                                                  18436 09:15:45 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
                                                  18437 09:15:45 (0) ** of the possibility of such damages.
                                                  18438 09:15:45 (0) **
                                                  18439 09:15:45 (0) **
                                                  18440 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18441 09:15:45 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
                                                  18442 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18443 09:15:45 (0) **
                                                  18444 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18445 09:15:45 (0) ** Windows XP - No service pack - 32-bit (2600) - User 'D2PGV571\BRETT' on computer 'D2PGV571'.
                                                  18446 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18447 09:15:45 (0) ** Environment: ... OK..
                                                  18448 09:15:45 (0) ** System drive: ... C: (Disk #0 Partition #1).
                                                  18449 09:15:45 (0) ** Drive type: ... IDE (Maxtor 6Y080M0).
                                                  18450 09:15:45 (0) ** There are no missing WMI system files: ....................................... ....................................... OK.
                                                  18451 09:15:45 (0) ** There are no missing WMI repository files: ....................................... ................................... OK.
                                                  18452 09:15:45 (0) ** WMI repository state: ....................................... ....................................... ................. N/A.
                                                  18453 09:15:45 (0) ** BEFORE running WMIDiag:
                                                  18454 09:15:45 (0) ** The WMI repository has a size of: ....................................... ....................................... ..... 12 MB.
                                                  18455 09:15:45 (0) ** - Disk free space on 'C:': ....................................... ....................................... ............ 29517 MB.
                                                  18456 09:15:45 (0) **   - INDEX.BTR,                     1826816 bytes,      9/14/2010 9:10:23 AM
                                                  18457 09:15:45 (0) **   - INDEX.MAP,                     940 bytes,          9/14/2010 9:10:23 AM
                                                  18458 09:15:45 (0) **   - OBJECTS.DATA,                  10575872 bytes,     9/14/2010 9:10:23 AM
                                                  18459 09:15:45 (0) **   - OBJECTS.MAP,                   5208 bytes,         9/14/2010 9:10:24 AM
                                                  18460 09:15:45 (0) ** AFTER running WMIDiag:
                                                  18461 09:15:45 (0) ** The WMI repository has a size of: ....................................... ....................................... ..... 12 MB.
                                                  18462 09:15:45 (0) ** - Disk free space on 'C:': ....................................... ....................................... ............ 29512 MB.
                                                  18463 09:15:45 (0) **   - INDEX.BTR,                     1826816 bytes,      9/14/2010 9:10:23 AM
                                                  18464 09:15:45 (0) **   - INDEX.MAP,                     940 bytes,          9/14/2010 9:10:23 AM
                                                  18465 09:15:45 (0) **   - OBJECTS.DATA,                  10575872 bytes,     9/14/2010 9:10:23 AM
                                                  18466 09:15:45 (0) **   - OBJECTS.MAP,                   5208 bytes,         9/14/2010 9:10:24 AM
                                                  18467 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18468 09:15:45 (0) ** Windows Firewall: ....................................... ....................................... ..................... NOT INSTALLED.
                                                  18469 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18470 09:15:45 (0) ** DCOM Status: ... OK.
                                                  18471 09:15:45 (0) ** WMI registry setup: ....................................... ....................................... ................... OK.
                                                  18472 09:15:45 (0) ** WMI Service has no dependents: ....................................... ....................................... ........ OK.
                                                  18473 09:15:45 (0) ** RPCSS service: ... OK (Already started).
                                                  18474 09:15:45 (0) ** WINMGMT service: ... OK (Already started).
                                                  18475 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18476 09:15:45 (0) ** WMI service DCOM setup: ....................................... ....................................... ............... OK.
                                                  18477 09:15:45 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 6 WARNING(S)!
                                                  18478 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32)
                                                  18479 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
                                                  18480 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
                                                  18481 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
                                                  18482 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID\{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32)
                                                  18483 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID\{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32)
                                                  18484 09:15:45 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
                                                  18485 09:15:45 (0) **    fail depending on the operation requested.
                                                  18486 09:15:45 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE <Filename.DLL>' command.
                                                  18487 09:15:45 (0) **
                                                  18488 09:15:45 (0) ** WMI ProgID registrations: ....................................... ....................................... ............. OK.
                                                  18489 09:15:45 (0) ** WMI provider DCOM registrations: ....................................... ....................................... ...... OK.
                                                  18490 09:15:45 (2) !! WARNING: WMI provider CIM registrations missing for the following provider(s): ...................................... 3 WARNING(S)!
                                                  18491 09:15:45 (0) ** - ROOT/INTELNCS, NcsEvent (i.e. WMI Class 'IANet_802dot3VlanEvent')
                                                  18492 09:15:45 (0) **   MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
                                                  18493 09:15:45 (0) ** - ROOT/INTELNCS, NcsEvent (i.e. WMI Class 'IANet_802dot3TeamEvent')
                                                  18494 09:15:45 (0) **   MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
                                                  18495 09:15:45 (0) ** - ROOT/INTELNCS, NcsEvent (i.e. WMI Class 'IANet_802dot3AdapterEvent')
                                                  18496 09:15:45 (0) **   MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
                                                  18497 09:15:45 (0) ** => This is an issue because there are still some WMI classes referencing this list of providers
                                                  18498 09:15:45 (0) **    while the CIM registration is wrong or missing. This can be due to:
                                                  18499 09:15:45 (0) **    - a de-installation of the software.
                                                  18500 09:15:45 (0) **    - a deletion of some CIM registration information.
                                                  18501 09:15:45 (0) ** => You can correct the CIM configuration by:
                                                  18502 09:15:45 (0) **    - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
                                                  18503 09:15:45 (0) **    Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
                                                  18504 09:15:45 (0) **          (This list can be built on a similar and working WMI Windows installation)
                                                  18505 09:15:45 (0) **          The following command line must be used:
                                                  18506 09:15:45 (0) **          i.e. 'WMIDiag CorrelateClassAndProvider'
                                                  18507 09:15:45 (0) **    - Re-installing the software.
                                                  18508 09:15:45 (0) ** => If the software has been de-installed intentionally, then this information must be
                                                  18509 09:15:45 (0) **    removed from the WMI repository. You can use the 'WMIC.EXE' command to remove the provider
                                                  18510 09:15:45 (0) **    registration data and its set of associated classes.
                                                  18511 09:15:45 (0) **    i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\INTELNCS path __Win32Provider Where Name='NcsEvent' DELETE'
                                                  18512 09:15:45 (0) **    i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\INTELNCS Class IANet_802dot3AdapterEvent DELETE'
                                                  18513 09:15:45 (0) ** => If the namespace was ENTIRELY dedicated to the intentionally de-installed software,
                                                  18514 09:15:45 (0) **    the namespace and ALL its content can be ENTIRELY deleted.
                                                  18515 09:15:45 (0) **    i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE Where Name='INTELNCS' DELETE'
                                                  18516 09:15:45 (0) **
                                                  18517 09:15:45 (0) ** WMI provider CLSIDs: ....................................... ....................................... .................. OK.
                                                  18518 09:15:45 (0) ** WMI providers EXE/DLL availability: ....................................... ....................................... ... OK.
                                                  18519 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18520 09:15:45 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
                                                  18521 09:15:45 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
                                                  18522 09:15:45 (0) **        - REMOVED ACE:
                                                  18523 09:15:45 (0) **          ACEType:  &h0
                                                  18524 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
                                                  18525 09:15:45 (0) **          ACEFlags: &h0
                                                  18526 09:15:45 (0) **          ACEMask:  &h1
                                                  18527 09:15:45 (0) **                    DCOM_RIGHT_EXECUTE
                                                  18528 09:15:45 (0) **
                                                  18529 09:15:45 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
                                                  18530 09:15:45 (0) **    Removing default security will cause some operations to fail!
                                                  18531 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
                                                  18532 09:15:45 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
                                                  18533 09:15:45 (0) **
                                                  18534 09:15:45 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
                                                  18535 09:15:45 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
                                                  18536 09:15:45 (0) **        - REMOVED ACE:
                                                  18537 09:15:45 (0) **          ACEType:  &h0
                                                  18538 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
                                                  18539 09:15:45 (0) **          ACEFlags: &h0
                                                  18540 09:15:45 (0) **          ACEMask:  &h1
                                                  18541 09:15:45 (0) **                    DCOM_RIGHT_EXECUTE
                                                  18542 09:15:45 (0) **
                                                  18543 09:15:45 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
                                                  18544 09:15:45 (0) **    Removing default security will cause some operations to fail!
                                                  18545 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
                                                  18546 09:15:45 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
                                                  18547 09:15:45 (0) **
                                                  18548 09:15:45 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
                                                  18549 09:15:45 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
                                                  18550 09:15:45 (0) **        - REMOVED ACE:
                                                  18551 09:15:45 (0) **          ACEType:  &h0
                                                  18552 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
                                                  18553 09:15:45 (0) **          ACEFlags: &h0
                                                  18554 09:15:45 (0) **          ACEMask:  &h1
                                                  18555 09:15:45 (0) **                    DCOM_RIGHT_EXECUTE
                                                  18556 09:15:45 (0) **
                                                  18557 09:15:45 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
                                                  18558 09:15:45 (0) **    Removing default security will cause some operations to fail!
                                                  18559 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
                                                  18560 09:15:45 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
                                                  18561 09:15:45 (0) **
                                                  18562 09:15:45 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ....................................... .............................. MODIFIED.
                                                  18563 09:15:45 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
                                                  18564 09:15:45 (0) **        - ACTUAL ACE:
                                                  18565 09:15:45 (0) **          ACEType:  &h0
                                                  18566 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
                                                  18567 09:15:45 (0) **          ACEFlags: &h2
                                                  18568 09:15:45 (0) **                    CONTAINER_INHERIT_ACE
                                                  18569 09:15:45 (0) **          ACEMask:  &h1
                                                  18570 09:15:45 (0) **                    WBEM_ENABLE
                                                  18571 09:15:45 (0) **        - EXPECTED ACE:
                                                  18572 09:15:45 (0) **          ACEType:  &h0
                                                  18573 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
                                                  18574 09:15:45 (0) **          ACEFlags: &h12
                                                  18575 09:15:45 (0) **                    CONTAINER_INHERIT_ACE
                                                  18576 09:15:45 (0) **                    INHERITED_ACE
                                                  18577 09:15:45 (0) **          ACEMask:  &h13
                                                  18578 09:15:45 (0) **                    WBEM_ENABLE
                                                  18579 09:15:45 (0) **                    WBEM_METHOD_EXECUTE
                                                  18580 09:15:45 (0) **                    WBEM_WRITE_PROVIDER
                                                  18581 09:15:45 (0) **
                                                  18582 09:15:45 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
                                                  18583 09:15:45 (0) **    This will cause some operations to fail!
                                                  18584 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
                                                  18585 09:15:45 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
                                                  18586 09:15:45 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
                                                  18587 09:15:45 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
                                                  18588 09:15:45 (0) **       A specific WMI application can always require a security setup different
                                                  18589 09:15:45 (0) **       than the WMI security defaults.
                                                  18590 09:15:45 (0) **
                                                  18591 09:15:45 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ....................................... .............................. MODIFIED.
                                                  18592 09:15:45 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
                                                  18593 09:15:45 (0) **        - ACTUAL ACE:
                                                  18594 09:15:45 (0) **          ACEType:  &h0
                                                  18595 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
                                                  18596 09:15:45 (0) **          ACEFlags: &h2
                                                  18597 09:15:45 (0) **                    CONTAINER_INHERIT_ACE
                                                  18598 09:15:45 (0) **          ACEMask:  &h1
                                                  18599 09:15:45 (0) **                    WBEM_ENABLE
                                                  18600 09:15:45 (0) **        - EXPECTED ACE:
                                                  18601 09:15:45 (0) **          ACEType:  &h0
                                                  18602 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
                                                  18603 09:15:45 (0) **          ACEFlags: &h12
                                                  18604 09:15:45 (0) **                    CONTAINER_INHERIT_ACE
                                                  18605 09:15:45 (0) **                    INHERITED_ACE
                                                  18606 09:15:45 (0) **          ACEMask:  &h13
                                                  18607 09:15:45 (0) **                    WBEM_ENABLE
                                                  18608 09:15:45 (0) **                    WBEM_METHOD_EXECUTE
                                                  18609 09:15:45 (0) **                    WBEM_WRITE_PROVIDER
                                                  18610 09:15:45 (0) **
                                                  18611 09:15:45 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
                                                  18612 09:15:45 (0) **    This will cause some operations to fail!
                                                  18613 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
                                                  18614 09:15:45 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
                                                  18615 09:15:45 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
                                                  18616 09:15:45 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
                                                  18617 09:15:45 (0) **       A specific WMI application can always require a security setup different
                                                  18618 09:15:45 (0) **       than the WMI security defaults.
                                                  18619 09:15:45 (0) **
                                                  18620 09:15:45 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ....................................... .............................. MODIFIED.
                                                  18621 09:15:45 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
                                                  18622 09:15:45 (0) **        - REMOVED ACE:
                                                  18623 09:15:45 (0) **          ACEType:  &h0
                                                  18624 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
                                                  18625 09:15:45 (0) **          ACEFlags: &h12
                                                  18626 09:15:45 (0) **                    CONTAINER_INHERIT_ACE
                                                  18627 09:15:45 (0) **                    INHERITED_ACE
                                                  18628 09:15:45 (0) **          ACEMask:  &h13
                                                  18629 09:15:45 (0) **                    WBEM_ENABLE
                                                  18630 09:15:45 (0) **                    WBEM_METHOD_EXECUTE
                                                  18631 09:15:45 (0) **                    WBEM_WRITE_PROVIDER
                                                  18632 09:15:45 (0) **
                                                  18633 09:15:45 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
                                                  18634 09:15:45 (0) **    Removing default security will cause some operations to fail!
                                                  18635 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
                                                  18636 09:15:45 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
                                                  18637 09:15:45 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
                                                  18638 09:15:45 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
                                                  18639 09:15:45 (0) **       A specific WMI application can always require a security setup different
                                                  18640 09:15:45 (0) **       than the WMI security defaults.
                                                  18641 09:15:45 (0) **
                                                  18642 09:15:45 (0) **
                                                  18643 09:15:45 (0) ** DCOM security warning(s) detected: ....................................... ....................................... .... 0.
                                                  18644 09:15:45 (0) ** DCOM security error(s) detected: ....................................... ....................................... ...... 3.
                                                  18645 09:15:45 (0) ** WMI security warning(s) detected: ....................................... ....................................... ..... 0.
                                                  18646 09:15:45 (0) ** WMI security error(s) detected: ....................................... ....................................... ....... 3.
                                                  18647 09:15:45 (0) **
                                                  18648 09:15:45 (1) !! ERROR: Overall DCOM security status: ....................................... ....................................... .. ERROR!
                                                  18649 09:15:45 (1) !! ERROR: Overall WMI security status: ....................................... ....................................... ... ERROR!
                                                  18650 09:15:45 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
                                                  18651 09:15:45 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ....................................... ....................................... .. 2.
                                                  18652 09:15:45 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control".
                                                  18653 09:15:45 (0) **   'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
                                                  18654 09:15:45 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
                                                  18655 09:15:45 (0) **   'select * from MSFT_SCMEventLogEvent'
                                                  18656 09:15:45 (0) **
                                                  18657 09:15:45 (0) ** WMI TIMER instruction(s): ....................................... ....................................... ............. NONE.
                                                  18658 09:15:45 (0) ** INFO: WMI ADAP status: ....................................... ....................................... ................ 1.
                                                  18659 09:15:45 (0) ** => The WMI ADAP process is currently running (1).
                                                  18660 09:15:45 (0) **    Some WMI performance classes could be missing at the time WMIDiag was executed.
                                                  18661 09:15:45 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: ....................................... ............................. 1 NAMESPACE(S)!
                                                  18662 09:15:45 (0) ** - ROOT/SERVICEMODEL.
                                                  18663 09:15:45 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
                                                  18664 09:15:45 (0) **    use an encrypted connection by specifying the PACKET PRIVACY authentication level.
                                                  18665 09:15:45 (0) **    (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
                                                  18666 09:15:45 (0) **    i.e. 'WMIC.EXE /NODE:"D2PGV571" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
                                                  18667 09:15:45 (0) **
                                                  18668 09:15:45 (0) ** WMI MONIKER CONNECTIONS: ....................................... ....................................... .............. OK.
                                                  18669 09:15:45 (0) ** WMI CONNECTIONS: ... OK.
                                                  18670 09:15:45 (0) ** WMI GET operations: ....................................... ....................................... ................... OK.
                                                  18671 09:15:45 (0) ** WMI MOF representations: ....................................... ....................................... .............. OK.
                                                  18672 09:15:45 (0) ** WMI QUALIFIER access operations: ....................................... ....................................... ...... OK.
                                                  18673 09:15:45 (0) ** WMI ENUMERATION operations: ....................................... ....................................... ........... OK.
                                                  18674 09:15:45 (0) ** WMI EXECQUERY operations: ....................................... ....................................... ............. OK.
                                                  18675 09:15:45 (0) ** WMI GET VALUE operations: ....................................... ....................................... ............. OK.
                                                  18676 09:15:45 (0) ** WMI WRITE operations: ....................................... ....................................... ................. NOT TESTED.
                                                  18677 09:15:45 (0) ** WMI PUT operations: ....................................... ....................................... ................... NOT TESTED.
                                                  18678 09:15:45 (0) ** WMI DELETE operations: ....................................... ....................................... ................ NOT TESTED.
                                                  18679 09:15:45 (0) ** WMI static instances retrieved: ....................................... ....................................... ....... 604.
                                                  18680 09:15:45 (0) ** WMI dynamic instances retrieved: ....................................... ....................................... ...... 0.
                                                  18681 09:15:45 (0) ** WMI instance request cancellations (to limit performance impact): ....................................... ............ 0.
                                                  18682 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18683 09:15:45 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
                                                  18684 09:15:45 (0) **   DCOM: ... 0.
                                                  18685 09:15:45 (0) **   WINMGMT: ... 0.
                                                  18686 09:15:45 (0) **   WMIADAPTER: ... 0.
                                                  18687 09:15:45 (0) **
                                                  18688 09:15:45 (0) ** # of additional Event Log events AFTER WMIDiag execution:
                                                  18689 09:15:45 (0) **   DCOM: ... 0.
                                                  18690 09:15:45 (0) **   WINMGMT: ... 0.
                                                  18691 09:15:45 (0) **   WMIADAPTER: ... 0.
                                                  18692 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18693 09:15:45 (0) ** WMI Registry key setup: ....................................... ....................................... ............... OK.
                                                  18694 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18695 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18696 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18697 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18698 09:15:45 (0) **
                                                  18699 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18700 09:15:45 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
                                                  18701 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
                                                  18702 09:15:45 (0) **
                                                  18703 09:15:45 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\DOCUMENTS AND SETTINGS\BRETT\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_D2PGV571_2010.09.14_09.11.33.LOG' for details.
                                                  18704 09:15:45 (0) **
                                                  18705 09:15:45 (0) ** WMIDiag v2.0 ended on Tuesday, September 14, 2010 at 09:15 (W:87 E:26 S:1).

                                                  Dr Jay

                                                  • Malware Removal Specialist


                                                  • Specialist
                                                  • Moderator emeritus
                                                  • Thanked: 119
                                                  • Experience: Guru
                                                  • OS: Windows 10
                                                  Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                                  « Reply #46 on: September 16, 2010, 04:09:53 AM »
                                                  Please download SystemLook from one of the links below and save it to your Desktop.
                                                  Download Mirror #1
                                                  Download Mirror #2
                                                  • Double-click SystemLook.exe to run it.
                                                  • Copy the content of the following codebox into the main textfield:
                                                  Code: [Select]
                                                  :filefind
                                                  FASTPROX.DLL
                                                  WBEMPROX.DLL
                                                  • Click the Look button to start the scan.
                                                  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
                                                  Note: The log can also be found on your Desktop entitled SystemLook.txt
                                                  ~Dr Jay

                                                  Mr.Hopeless

                                                    Topic Starter


                                                    Rookie

                                                    Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                                    « Reply #47 on: October 04, 2010, 06:11:26 PM »
                                                    SystemLook 04.09.10 by jpshortstuff
                                                    Log created at 19:47 on 04/10/2010 by Brett
                                                    Administrator - Elevation successful

                                                    ========== filefind ==========

                                                    Searching for "FASTPROX.DLL"
                                                    C:\Documents and Settings\Deborah\Desktop\i386\fastprox.dll   --a---- 472064 bytes   [02:08 22/04/2005]   [10:00 04/08/2004] C28500101BC66FDABD830F8DE51A59A0
                                                    C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\fastprox.dll   --a---- 473600 bytes   [03:14 17/04/2009]   [10:56 09/02/2009] 600519339671DCFA3DD20216A19817BB
                                                    C:\WINDOWS\$NtServicePackUninstall$\fastprox.dll   -----c- 472064 bytes   [23:00 05/10/2008]   [10:00 04/08/2004] C28500101BC66FDABD830F8DE51A59A0
                                                    C:\WINDOWS\$NtUninstallKB956572$\fastprox.dll   -----c- 472064 bytes   [04:58 17/04/2009]   [00:11 14/04/2008] 60027BEA3E76D7DD8D96C02432BFDE82
                                                    C:\WINDOWS\ServicePackFiles\i386\fastprox.dll   ------- 472064 bytes   [16:47 04/09/2008]   [00:11 14/04/2008] 60027BEA3E76D7DD8D96C02432BFDE82
                                                    C:\WINDOWS\system32\dllcache\fastprox.dll   ------- 473600 bytes   [03:14 17/04/2009]   [12:10 09/02/2009] 378A0AEFB11D8B0DC8C27B9F7604B88D
                                                    C:\WINDOWS\system32\wbem\fastprox.dll   --a---- 473600 bytes   [18:01 10/08/2004]   [12:10 09/02/2009] 378A0AEFB11D8B0DC8C27B9F7604B88D

                                                    Searching for "WBEMPROX.DLL"
                                                    C:\Documents and Settings\Deborah\Desktop\i386\wbemprox.dll   --a---- 18944 bytes   [02:08 22/04/2005]   [10:00 04/08/2004] 851547797C2A7F8A04841644C471A567
                                                    C:\WINDOWS\$NtServicePackUninstall$\wbemprox.dll   -----c- 18944 bytes   [23:00 05/10/2008]   [10:00 04/08/2004] 851547797C2A7F8A04841644C471A567
                                                    C:\WINDOWS\ServicePackFiles\i386\wbemprox.dll   ------- 18944 bytes   [16:49 04/09/2008]   [00:12 14/04/2008] 205ADD80FF8099B1A8101EB490B933D1
                                                    C:\WINDOWS\system32\wbem\wbemprox.dll   --a---- 18944 bytes   [18:01 10/08/2004]   [00:12 14/04/2008] 205ADD80FF8099B1A8101EB490B933D1

                                                    -= EOF =-

                                                    carolyny476

                                                    • Guest
                                                    Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                                    « Reply #48 on: October 04, 2010, 09:17:20 PM »
                                                    Please visit this webpage for a tutorial on downloading and running ComboFix:

                                                    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

                                                    See the area: Using ComboFix, and when done, post the log back here.

                                                    Thanks for sharing the link!

                                                    Dr Jay

                                                    • Malware Removal Specialist


                                                    • Specialist
                                                    • Moderator emeritus
                                                    • Thanked: 119
                                                    • Experience: Guru
                                                    • OS: Windows 10
                                                    Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                                    « Reply #49 on: October 09, 2010, 03:10:52 PM »
                                                    Before we can continue, I need to know how your computer is running, Mr Hopeless.
                                                    ~Dr Jay

                                                    Mr.Hopeless

                                                      Topic Starter


                                                      Rookie

                                                      Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                                      « Reply #50 on: October 10, 2010, 01:54:01 PM »
                                                      It's making these ticking noises, they usually start after I turn on the modem.  The sound works okay.  Internet speed seems to be okay, no internet popups, etc.  I'm getting those windows about the WMI change noted above.

                                                      Dr Jay

                                                      • Malware Removal Specialist


                                                      • Specialist
                                                      • Moderator emeritus
                                                      • Thanked: 119
                                                      • Experience: Guru
                                                      • OS: Windows 10
                                                      Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                                      « Reply #51 on: October 10, 2010, 01:57:05 PM »
                                                      What I highly recommend now is a reformat and a reinstallation of Windows XP.

                                                      Please let me know if you are prepared to do so.


                                                      So, with that said, do you have your Windows XP CD?

                                                      Guides for format and reinstall: http://www.geekpolice.net/tutorials-guides-f13/how-to-reformat-and-reinstall-your-operating-system-t15119.htm#95115

                                                      http://www.helpmyos.com/tutorials-software-alternatives-to-proprietary-f19/how-to-reformat-and-reinstall-your-operating-system-the-easy-way-t1307.htm#3143
                                                      ~Dr Jay

                                                      Mr.Hopeless

                                                        Topic Starter


                                                        Rookie

                                                        Re: sound goes out, yadaying running, Downloader.Tiny.BB, Help!!!
                                                        « Reply #52 on: November 24, 2010, 08:22:56 PM »
                                                        I have reinstalled Windows.  Thanks for the effort.  This thread can be closed.