Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer acting up after a download...


  • This topic is locked This topic is locked
20 replies to this topic

#1 edmil

edmil

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 03 July 2010 - 11:43 AM

Previous topic here: http://www.bleepingcomputer.com/forums/t/328557/computer-acting-up-after-a-downlaod/ ~ OB

Hi about a week I download a program and after that my pc start acting up...the disket unit strarted to make a weird noise , and every time we turn off the computer instead of doing it imediately a pop up saying the a program is still running it says services.exe...before it didn't do it, now is that and the noise like if I have a disk inside the unit , the computer froze a lot...and internet explorer redirects to other sites instead of my homepage...

I've scanned the pc with AD-Aware and this superantispyware and this is what I've got so far it show some stuff I click remove and re star but still is the same thing... and every time I scanned it shows the same results that some adware cookies and some redirect stuff are in my pc.

Yesterday I've follow the instructions given to me by one of your helpers Boopme I've download DDS and use Defloger this 2 work well by Gmer giveme a headache because everytime I've want to run it my computer froze to a point I've have to reset it 2 times..., and now is running more slower...if that can be possible well it is happening to me... I've also run MaMB and found 6 trojans... well here is my Log for DDS... I ve attach them as the instruction said...

I hope you can help me I know you guys are very busy and I really appreciate any help!!!!

Attached Files


Edited by Orange Blossom, 03 July 2010 - 03:17 PM.
Remove bold tags for ease of reading. ~ OB


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 07 July 2010 - 06:28 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 07 July 2010 - 07:49 AM

thankyou elise! I'm going to do that and post the report ASAP!!!!

don't worry I understand that you guys are trying to help everybody!

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 07 July 2010 - 08:07 AM

Thank you for letting me know, please take your time and post back here in case you encounter any problems.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 07 July 2010 - 06:06 PM

here is the log, but Gmer give me a lot of problem and I'm not sure if I did everything right...by the way I add the MABM wich i scanned a few days ago mab be usefull and I use defoger to disable the cd drives, I was advice to this by Boopme when i was oriented to use this log I don't know if I had to enable them againg... you let me Know if I shoul enable them again...


OTL logfile created on: 7/7/2010 9:06:18 AM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 59.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.43 Gb Total Space | 17.17 Gb Free Space | 24.38% Space Free | Partition Type: NTFS
Drive D: | 4.08 Gb Total Space | 0.75 Gb Free Space | 18.29% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EJAC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/07 08:45:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/20 13:12:40 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/27 17:36:48 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 14:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2005/05/12 00:40:38 | 000,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/05/11 23:23:26 | 000,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2002/10/16 18:57:10 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
PRC - [2002/06/18 02:11:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/04/17 20:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 20:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/07/07 08:45:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/14 08:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS -- (Freedom)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/18 11:36:14 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOWS\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/14 01:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/14 01:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2008/04/14 01:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/10/01 13:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/03/31 17:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/20 13:40:51 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/11/20 20:08:24 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/06 21:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/07/24 14:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,localhost"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 13:15:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/02 13:15:08 | 000,000,000 | ---D | M]

[2009/08/27 18:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/08/27 18:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/05 19:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\extensions
[2010/06/20 12:28:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/17 11:46:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/20 12:28:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/24 10:43:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/20 12:39:53 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/03/10 07:36:01 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\searchplugins\askcom.xml
[2010/06/17 18:52:49 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\searchplugins\sweetim.xml
[2010/07/05 19:07:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/16 10:33:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/09 10:21:09 | 000,210,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\rpff.dll

O1 HOSTS File: ([2010/07/01 19:33:24 | 000,165,245 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 Norton.com
O1 - Hosts: 127.0.0.1 help.norton.com
O1 - Hosts: 127.0.0.1 mail.norton.com
O1 - Hosts: 127.0.0.1 mail.norton.com
O1 - Hosts: 127.0.0.1 mx-buy1.norton.com
O1 - Hosts: 127.0.0.1 mx-buy2.norton.com
O1 - Hosts: 127.0.0.1 mail.panda-antivirus.no
O1 - Hosts: 127.0.0.1 panda-antivirus.no
O1 - Hosts: 127.0.0.1 avg.com
O1 - Hosts: 127.0.0.1 pns.avast.com
O1 - Hosts: 127.0.0.1 sns.avast.com
O1 - Hosts: 127.0.0.1 root.pns.avast.com
O1 - Hosts: 127.0.0.1 free-av.com
O1 - Hosts: 127.0.0.1 mail.free-av.com
O1 - Hosts: 127.0.0.1 forum.free-av.com
O1 - Hosts: 127.0.0.1 norman.no
O1 - Hosts: 127.0.0.1 forum.norman.no
O1 - Hosts: 127.0.0.1 mail.norman.no
O1 - Hosts: 127.0.0.1 domain.symantec.com
O1 - Hosts: 127.0.0.1 symantec.d4p.net
O1 - Hosts: 127.0.0.1 ns3.mail.trendmicro.com
O1 - Hosts: 127.0.0.1 sjdcmail01.udc.trendmicro.com
O1 - Hosts: 127.0.0.1 sjdcmail02.udc.trendmicro.com
O1 - Hosts: 127.0.0.1 sjdcmail03.udc.trendmicro.com
O1 - Hosts: 3678 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AutoTBar] C:\hp\bin\autotbar.exe File not found
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1235782235187 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1244767848062 (MUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/02/20 12:39:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 04:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6210d009-01fa-11df-98eb-00402b44fe93}\Shell - "" = AutoRun
O33 - MountPoints2\{6210d009-01fa-11df-98eb-00402b44fe93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6210d009-01fa-11df-98eb-00402b44fe93}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{696d7d54-3c5d-11df-99a9-00402b44fe93}\Shell - "" = AutoRun
O33 - MountPoints2\{696d7d54-3c5d-11df-99a9-00402b44fe93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{696d7d54-3c5d-11df-99a9-00402b44fe93}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9a09526e-0674-11de-9610-00402b44fe93}\Shell - "" = AutoRun
O33 - MountPoints2\{9a09526e-0674-11de-9610-00402b44fe93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a09526e-0674-11de-9610-00402b44fe93}\Shell\open\command - "" = G:\usb.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/07 08:45:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/05 22:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2010/07/05 12:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/05 12:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/02 13:25:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/02 13:25:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/01 16:03:29 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/01 13:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/01 13:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/06/29 06:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/29 06:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/06/27 10:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2010/06/27 10:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/27 10:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/27 10:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/27 09:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update(2)
[2010/06/27 09:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/25 02:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\BabelFish
[2010/06/25 02:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OJXC7YrVJrM6B88BYo
[2010/06/23 09:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\LimeWire
[2010/06/20 13:13:45 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/06/20 13:13:34 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/06/20 13:13:34 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/06/20 13:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/06/20 13:12:43 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/06/20 12:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/20 12:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2010/06/20 12:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/20 12:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/20 12:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/06/20 12:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\U.B. Funkeys DEMO
[2010/06/20 12:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\My Sam's Club Digital Photo Center
[2010/06/20 12:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Setup NetZero
[2010/06/20 12:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/20 12:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\ComcastUI
[2010/06/20 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Zylom Games
[2010/06/20 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/06/20 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/20 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/06/20 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/06/20 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/20 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/06/20 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Cosmi
[2010/06/20 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/06/20 12:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/20 12:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2010/06/20 12:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/06/20 12:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\att-nap
[2010/06/20 12:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\AtBackup
[2010/06/20 12:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\AT&T
[2010/06/20 12:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/06/20 12:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\SuperNZB
[2010/06/20 12:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft
[2010/06/20 12:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/20 12:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2010/06/20 12:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/06/20 12:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVS4YOU
[2010/06/20 12:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/06/20 11:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Audible
[2010/06/20 11:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Audible
[2010/06/20 06:53:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/16 09:07:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2010/06/16 08:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/06/16 08:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/06/16 08:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/06/16 08:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Real
[6 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/07 09:02:16 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1667259904-373526910-3751838402-1003.job
[2010/07/07 09:02:12 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1667259904-373526910-3751838402-1003.job
[2010/07/07 09:01:45 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/07 09:01:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/07 09:01:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/07 09:01:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/07 09:01:27 | 795,918,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/07 09:00:44 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/07 09:00:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/07 08:50:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/07 08:46:39 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\w4uyyi9e.exe
[2010/07/07 08:45:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/07 08:44:34 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/06 08:37:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/05 18:48:00 | 000,045,758 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Temporary_Plate_Application2.pdf
[2010/07/05 18:06:34 | 000,045,758 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Temporary_Plate_Application.pdf
[2010/07/05 13:05:09 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/03 13:31:11 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WordPerfect 10.lnk
[2010/07/03 00:01:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/02 22:52:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/07/02 13:25:33 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/02 11:16:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/01 20:52:46 | 000,089,678 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cap 5
[2010/07/01 19:33:24 | 000,165,245 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/01 16:03:27 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/01 08:38:09 | 004,460,480 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/06/23 12:20:55 | 000,547,694 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 12:20:55 | 000,473,204 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 12:20:55 | 000,084,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 08:42:34 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/21 06:13:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/20 13:13:57 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/06/20 13:13:45 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/06/20 13:13:34 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/06/20 13:13:34 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/06/20 13:12:43 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/06/20 13:12:43 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/06/20 13:12:43 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/06/16 19:35:22 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini
[6 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/07 08:46:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\w4uyyi9e.exe
[2010/07/05 18:48:00 | 000,045,758 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Temporary_Plate_Application2.pdf
[2010/07/05 18:06:34 | 000,045,758 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Temporary_Plate_Application.pdf
[2010/07/02 22:52:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/07/02 13:25:33 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/01 20:52:46 | 000,089,678 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cap 5
[2010/06/29 07:05:04 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/27 09:56:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/25 08:07:52 | 008,912,896 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/06/20 13:13:57 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/06/16 09:02:10 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1667259904-373526910-3751838402-1003.job
[2010/06/16 09:02:08 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1667259904-373526910-3751838402-1003.job
[2010/01/14 16:53:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2009/08/31 16:21:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/08/31 16:20:34 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/08/31 16:17:27 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/07/19 02:46:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/02/27 17:04:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/02/21 11:47:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/20 14:11:52 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/02/20 14:09:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/02/20 14:09:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/02/20 13:57:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/02/20 13:57:18 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/02/20 13:19:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/02/20 13:08:09 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2003/02/20 12:57:23 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/02/20 12:57:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/02/20 12:57:05 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/02/20 12:42:09 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/20 11:28:42 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-07 12:17:13
Windows 5.1.2600 Service Pack 3
Running: w4uyyi9e.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxldapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-07 12:20:27
Windows 5.1.2600 Service Pack 3
Running: w4uyyi9e.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x80597012]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x80581B82]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x8058A3B1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x805E0ADA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x8058A438]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x80640000]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x80642191]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x806421DA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x8057FA34]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x8064FEEB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x8063F7BF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x80589C03]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x80637AD6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x8058395D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x805E28DD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x8062E76A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x805DE611]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x80570BC5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805E7CEE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805E8E34]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x804E4EE4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x80633F02]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x805D22DF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x804EC842]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x805706C3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x8056F8D7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x80589FE1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x80656040]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x8058596E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x80594EDC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x806562AD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x80584D73]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x804E123F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x80661712]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x805AF5B7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x805744F6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x8065053C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x80573DFB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x805E04F5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x805DBB66]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x80637F7D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x80578710]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x805DCD0F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x80582EA8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x8058DA4C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x805BA5CF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x8059EE6E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x805B62C0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x8059056D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x80650B73]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x8056DB66]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x8057F95B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x805E78DA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x805959DF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x8059DAF7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x805AC926]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x805B039E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x80662889]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x806629E3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x8056EB03]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x8058771C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x805DB33C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x80599783]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x80642231]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x805983A2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x8058D747]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x805BBA82]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x8057EDE5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x8058C373]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x8057EC5A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x8064FED7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x80594DB6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x8062D729]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x805D422D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x805E480C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x805836A7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x8058C99A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x805DF24B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x805E954C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x8062EFC7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x8062EB1D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeVirtualMemory [0x805710BF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x8058274A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x80635A5D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x80633F33]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x805A12E4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x8053F737]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x8059EA22]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x805852E1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateThread [0x8058D42E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x805AFB71]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x80633CE7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x80637E33]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x80633F17]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x805AF9E0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x805AEDE2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x805D45C5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x805D4724]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x80587AE9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x805D3AA2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x805CCEFD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x805B3F21]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x805E7AE2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x805E7BA9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x8062DDC6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x8062E21F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapViewOfSection [0x8057A879]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x80587D80]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x805E2166]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x805E1F78]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x8058EE56]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEvent [0x8058E7F1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x8065062F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x80579CF1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x80621403]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x806381D5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x80572BDF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x80582F56]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x805E3140]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x8057F592]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessToken [0x80578148]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x8057809F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x80578DEE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x805E7C60]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x8058EDD9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x80584849]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x805746D2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x805745CF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x80650465]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x8059CA7D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x805AA1F0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x8059CD78]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805DE757]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805D36C7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x8057F1C3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x805B02F6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x80579F20]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x804FAB99]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x8056F0D0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x8058E227]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x8057B814]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x8059480A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x8062164C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x8058EBC0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x80580A06]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x805B065E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x8057AB98]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x80590C74]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x8062B3D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x805747B6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x80576860]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x80576F36]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x8058E95A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x80651023]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x806214C4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x8057E85A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x80655A23]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x806509A8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x8058F010]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x80655C2D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x805708A6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x80621F03]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x8058CDE7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x805DFD3E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x8064F7AF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x8058EC4A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x8064FF13]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x8064FEC1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x8058B41A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x8058F990]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x805E3F41]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x80591B9D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x80572F19]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x8057C940]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8057A03C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x805E3E9C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x804E1287]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x8064F4EB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x8057495D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x806227D7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x805857F9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x8058D26B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x80596130]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x8056EB6E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x80583298]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x8056F54C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x8066295E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x80655EA2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x806567FE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x8058C06C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x80576817]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x8057632F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x8062B4B2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestDeviceWakeup [0x80633E8F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x805E33BE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x8057CD93]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x80633C88]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x8059DE63]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x8053FBB2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x80656395]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x80637A76]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeThread [0x80596056]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x80656496]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x80656581]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x806566AE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x80596848]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetContextThread [0x80635C83]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x80664340]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x805B5BB1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x805DC1D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x805DC17A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x80621B91]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x80570634]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x80576CA0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x8065092F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x8065084F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x806622FF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x8058A47C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x805DBCBA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x80655586]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x8058E8D9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationProcess [0x80574B1F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x80576AB3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x805ABFC0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x80650B4F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x80576DE6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x8063698F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x806508C3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x806507DB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x80621ED9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x805DFB3F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x806501B0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x805B0A14]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x8066F0E7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x8064F19F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x805EB1D2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x804E7A55]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x805EB498]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x805D3873]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x8057FCE0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x80622417]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x8064E8EB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x8051C391]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x80650DBA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x80650F73]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendProcess [0x80637A1B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendThread [0x80637937]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x806510D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x80638353]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateProcess [0x80593435]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateThread [0x8059560C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x80595B3E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x805499B8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x8064FEFF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x80624AC4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x806550EA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x8065531B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x80587C49]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x8062F03B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnmapViewOfSection [0x8057A401]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x805B3552]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x8066204A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x8056EC49]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x8056DF62]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x8065076F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x80650703]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x8058A6FD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x805D25CC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x8058587D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteVirtualMemory [0x8058D363]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x80515A92]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x805C86C2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x805907BF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x80651547]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x806517B2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x80635291]

INT 0x00 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE51E
INT 0x01 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE69D
INT 0x03 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEAB1
INT 0x04 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEC34
INT 0x05 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DED99
INT 0x06 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEF1A
INT 0x07 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF593
INT 0x09 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF998
INT 0x0A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFAB6
INT 0x0B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFBF3
INT 0x0C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFE50
INT 0x0D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E014C
INT 0x0E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0889
INT 0x0F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x10 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0CDC
INT 0x11 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0E16
INT 0x12 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x13 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0F7B
INT 0x14 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x15 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x16 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x17 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x18 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x19 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8070110C
INT 0x2A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD51
INT 0x2B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE54
INT 0x2C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE000
INT 0x2D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE990
INT 0x2E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD7D1
INT 0x2F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x30 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCE90
INT 0x31 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCE9A
INT 0x32 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEA4
INT 0x33 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEAE
INT 0x34 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEB8
INT 0x35 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEC2
INT 0x36 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCECC
INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80700864
INT 0x38 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEE0
INT 0x39 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEEA
INT 0x3A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEF4
INT 0x3B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEFE
INT 0x3C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF08
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80701E2C
INT 0x3E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF1C
INT 0x3F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF26
INT 0x40 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF30
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80701C88
INT 0x42 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF44
INT 0x43 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF4E
INT 0x44 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF58
INT 0x45 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF62
INT 0x46 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF6C
INT 0x47 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF76
INT 0x48 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF80
INT 0x49 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF8A
INT 0x4A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF94
INT 0x4B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF9E
INT 0x4C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFA8
INT 0x4D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFB2
INT 0x4E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFBC
INT 0x4F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFC6
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8070093C
INT 0x51 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFDA
INT 0x52 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFE4
INT 0x53 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFEE
INT 0x54 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFF8
INT 0x55 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD002
INT 0x56 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD00C
INT 0x57 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD016
INT 0x58 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD020
INT 0x59 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD02A
INT 0x5A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD034
INT 0x5B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD03E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD048
INT 0x5D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD052
INT 0x5E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD05C
INT 0x5F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD066
INT 0x60 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD070
INT 0x61 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD07A
INT 0x62 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F73F567E
INT 0x63 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F6EE8E54
INT 0x64 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD098
INT 0x65 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0A2
INT 0x66 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0AC
INT 0x67 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0B6
INT 0x68 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0C0
INT 0x69 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0CA
INT 0x6A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0D4
INT 0x6B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0DE
INT 0x6C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0E8
INT 0x6D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0F2
INT 0x6E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0FC
INT 0x6F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD106
INT 0x70 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD110
INT 0x71 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD11A
INT 0x72 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD124
INT 0x73 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) F6EF3CB8
INT 0x74 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD138
INT 0x75 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD142
INT 0x76 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD14C
INT 0x77 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD156
INT 0x78 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD160
INT 0x79 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD16A
INT 0x7A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD174
INT 0x7B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD17E
INT 0x7C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD188
INT 0x7D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD192
INT 0x7E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD19C
INT 0x7F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1A6
INT 0x80 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1B0
INT 0x81 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1BA
INT 0x82 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F73F567E
INT 0x83 \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) F6BB2954
INT 0x84 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1D8
INT 0x85 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1E2
INT 0x86 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1EC
INT 0x87 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1F6
INT 0x88 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD200
INT 0x89 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD20A
INT 0x8A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD214
INT 0x8B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD21E
INT 0x8C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD228
INT 0x8D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD232
INT 0x8E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD23C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD246
INT 0x90 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD250
INT 0x91 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD25A
INT 0x92 \SystemRoot\System32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) F76079C0
INT 0x93 \SystemRoot\System32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F75F7495
INT 0x94 \SystemRoot\System32\DRIVERS\ltmdmnt.sys (LT Windows Modem/LT) F6E3C446
INT 0x95 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD282
INT 0x96 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD28C
INT 0x97 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD296
INT 0x98 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2A0
INT 0x99 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2AA
INT 0x9A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2B4
INT 0x9B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2BE
INT 0x9C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2C8
INT 0x9D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2D2
INT 0x9E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2DC
INT 0x9F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2E6
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2F0
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2FA
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD304
INT 0xA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD30E
INT 0xA4 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F6EE8E54
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD322
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD32C
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD336
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD340
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD34A
INT 0xAA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD354
INT 0xAB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD35E
INT 0xAC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD368
INT 0xAD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD372
INT 0xAE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD37C
INT 0xAF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD386
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD390
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F744331E
INT 0xB2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3A4
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3AE
INT 0xB4 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F6EE8E54
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3C2
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3CC
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3D6
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3E0
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3EA
INT 0xBA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3F4
INT 0xBB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3FE
INT 0xBC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD408
INT 0xBD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD412
INT 0xBE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD41C
INT 0xBF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD426
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD430
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80700AC0
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD444
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD44E
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD458
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD462
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD46C
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD476
INT 0xC8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD480
INT 0xC9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD48A
INT 0xCA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD494
INT 0xCB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD49E
INT 0xCC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4A8
INT 0xCD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4B2
INT 0xCE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4BC
INT 0xCF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4C6
INT 0xD0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4D0
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806FFE54
INT 0xD2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4E4
INT 0xD3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4EE
INT 0xD4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4F8
INT 0xD5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD502
INT 0xD6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD50C
INT 0xD7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD516
INT 0xD8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD520
INT 0xD9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD52A
INT 0xDA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD534
INT 0xDB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD53E
INT 0xDC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD548
INT 0xDD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD552
INT 0xDE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD55C
INT 0xDF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD566
INT 0xE0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD570
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80701048
INT 0xE2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD584
INT 0xE3 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80700DAC
INT 0xE4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD598
INT 0xE5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5A2
INT 0xE6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5AC
INT 0xE7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5B6
INT 0xE8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5C0
INT 0xE9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5CA
INT 0xEA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5D4
INT 0xEB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5DE
INT 0xEC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5E8
INT 0xED \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5F2
INT 0xEE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5F9
INT 0xEF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD600
INT 0xF0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD607
INT 0xF1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD60E
INT 0xF2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD615
INT 0xF3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD61C
INT 0xF4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD623
INT 0xF5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD62A
INT 0xF6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD631
INT 0xF7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD638
INT 0xF8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD63F
INT 0xF9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD646
INT 0xFA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD64D
INT 0xFB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD654
INT 0xFC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD65B
INT 0xFD \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 807015A8
INT 0xFE \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80701748
INT 0xFF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD670

SYSENTER \WINDOWS\system32\ntoskrnl.exe 804DD89F

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4267

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/2/2010 2:40:47 PM
mbam-log-2010-07-02 (14-40-47).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 221093
Time elapsed: 1 hour(s), 10 minute(s), 58 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
C:\Program Files\Internet Explorer\services.exe (Trojan.Dialer.Gen) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft updat (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft updat (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Internet Explorer\services.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\OJXC7YrVJrM6B88BYo\Hacks4Sale installer\1.1.0.0\Update-463237.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Microsoft.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP321\A0059522.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP322\A0059544.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP324\A0060325.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP327\A0060513.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP327\A0060530.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP327\A0060538.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP329\A0060555.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP329\A0061367.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 08 July 2010 - 01:44 AM

Hello again,
Don't worry, you did fine. smile.gif

P2P WARNING
-------------------
Going over your logs I noticed that you have LimeWire installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 08 July 2010 - 08:24 AM

Thank you once again Elise!!! Well about Limewire supposedly they "guaranteed "is malaware free since you pay a membership, usually I scan the files before open ,but if you think is not to be trusted I'll follow your advice,
Unfortunately I know where I've got the virus I was trying to download a program that can recovery a password... I know, I know that's bad really bad... blink.gif It was a desperate attempt to caught someone red handed... sad.gif anyways... I end up with the bad part... I promise never again...!!!

Well down to business here is the log for combofix

ComboFix 10-07-07.02 - Owner 07/08/2010 8:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.496 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
c:\windows\xpsp1hfm.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-05 17:51 . 2010-07-05 17:51 -------- dc----w- c:\program files\Alwil Software
2010-07-05 17:51 . 2010-07-05 17:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-01 21:03 . 2010-07-01 21:03 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-01 18:34 . 2010-07-01 18:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-01 18:33 . 2010-07-01 18:33 -------- dc----w- c:\program files\Apple Software Update
2010-07-01 18:32 . 2010-07-01 18:32 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-29 11:59 . 2010-07-07 13:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-29 11:59 . 2010-06-29 12:00 -------- dc----w- c:\program files\Lavasoft
2010-06-27 15:04 . 2010-07-01 15:10 -------- dc----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-06-27 15:02 . 2010-06-27 15:02 -------- dc----w- c:\program files\iPod
2010-06-27 15:02 . 2010-07-01 18:32 -------- dc----w- c:\program files\iTunes
2010-06-27 15:02 . 2010-06-27 15:03 -------- dc----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-27 14:56 . 2010-07-01 18:33 -------- dc----w- c:\program files\Apple Software Update(2)
2010-06-27 14:53 . 2010-07-01 18:35 -------- dc----w- c:\program files\Bonjour
2010-06-25 07:09 . 2010-06-25 07:09 -------- dc----w- c:\program files\BabelFish
2010-06-25 07:04 . 2010-06-25 07:04 -------- dc----w- c:\documents and settings\Owner\Application Data\OJXC7YrVJrM6B88BYo
2010-06-20 17:41 . 2010-07-01 18:32 -------- dc----w- c:\program files\QuickTime
2010-06-20 17:40 . 2010-06-20 17:40 -------- dc----w- c:\program files\Adobe Media Player
2010-06-20 17:40 . 2010-06-20 17:40 -------- dc----w- c:\program files\WMV9_VCM
2010-06-20 17:38 . 2010-06-20 17:38 -------- dc----w- c:\program files\SuperNZB
2010-06-20 11:53 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-16 13:58 . 2010-06-20 18:13 -------- dc----w- c:\program files\Real
2010-06-16 13:58 . 2010-06-20 18:13 -------- dc----w- c:\program files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 13:46 . 2009-03-08 20:32 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-08 13:46 . 2009-10-11 22:45 -------- dc----w- c:\program files\SUPERAntiSpyware
2010-07-08 13:45 . 2010-06-20 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 13:31 . 2010-04-29 23:18 -------- dc----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-07-05 18:06 . 2009-02-27 22:36 -------- dc----w- c:\program files\Google
2010-07-05 17:37 . 2009-08-06 21:10 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-01 19:00 . 2010-02-25 13:11 117760 -c--a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-01 18:31 . 2009-02-26 16:40 -------- d-----w- c:\program files\Yahoo!
2010-06-30 17:56 . 2009-02-26 16:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-29 13:29 . 2009-02-26 16:41 -------- dc----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-06-27 14:54 . 2010-06-20 17:39 -------- dc----w- c:\program files\Common Files\Apple
2010-06-23 17:14 . 2009-02-28 01:23 1 -c--a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-21 13:42 . 2009-02-26 23:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-20 18:13 . 2010-06-20 18:13 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-20 18:13 . 2010-06-20 18:13 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-20 18:13 . 2010-06-20 18:13 14848 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-20 18:13 . 2010-06-20 18:13 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-20 18:13 . 2010-06-20 18:13 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-20 18:13 . 2010-06-20 18:13 -------- dc----w- c:\program files\Common Files\xing shared
2010-06-20 18:12 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-20 18:12 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-20 17:40 . 2010-06-20 17:39 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-20 17:37 . 2010-06-20 17:37 -------- dc----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-06-20 17:37 . 2010-06-20 17:37 -------- dc----w- c:\program files\Common Files\SupportSoft
2010-06-20 17:37 . 2009-03-29 15:15 -------- dc-h--w- c:\program files\Creative Installation Information
2010-06-20 17:37 . 2009-03-29 15:15 -------- dc----w- c:\program files\Creative
2010-06-20 17:37 . 2003-02-20 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-20 17:28 . 2010-01-13 21:52 -------- dc----w- c:\program files\Nikon
2010-06-20 17:28 . 2009-09-20 22:23 -------- dc----w- c:\documents and settings\Owner\Application Data\SanDisk
2010-06-20 17:28 . 2010-06-20 17:28 -------- dc----w- c:\program files\Common Files\AVSMedia
2010-06-20 17:28 . 2010-06-20 17:28 -------- dc----w- c:\documents and settings\Owner\Application Data\AVS4YOU
2010-06-20 17:28 . 2010-06-20 17:28 -------- dc----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-06-20 17:28 . 2010-01-13 21:52 -------- dc----w- c:\program files\Common Files\Nikon
2010-06-16 14:02 . 2009-12-11 21:09 -------- dc----w- c:\program files\CyberLink
2010-05-21 19:14 . 2009-10-03 20:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41 . 2003-05-07 22:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:41 . 2003-05-07 22:34 916480 ----a-w- c:\windows\system32\wininet(5).dll
2010-05-06 10:41 . 2003-05-07 22:34 916480 ----a-w- c:\windows\system32\wininet(4).dll
2010-05-06 10:41 . 2003-05-07 22:34 1209344 ----a-w- c:\windows\system32\urlmon(5).dll
2010-05-06 10:41 . 2003-05-07 22:34 1209344 ----a-w- c:\windows\system32\urlmon(4).dll
2010-05-06 10:41 . 2003-05-07 23:04 184320 ----a-w- c:\windows\system32\iepeers(3).dll
2010-05-06 10:41 . 2003-05-07 23:04 184320 ----a-w- c:\windows\system32\iepeers(2).dll
2010-05-02 05:22 . 2003-05-07 22:34 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-21 23:57 . 2010-01-13 21:54 0 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-04-21 23:54 . 2010-01-13 21:51 0 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-04-20 05:30 . 2003-05-07 23:01 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-09 14:35 . 2009-02-27 14:25 112510 ----a-w- c:\windows\hpoins07.dat
2009-10-09 15:21 . 2009-10-09 15:21 210944 ----a-w- c:\program files\mozilla firefox\components\rpff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 69632]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-13 68592]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-20 202256]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-09-10 06:35 372736 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-27 22:36 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:HTTPS
"21:TCP"= 21:TCP:FTP

R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [1/18/2010 11:36 AM 3584]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 2:22 PM 135664]

--- Other Services/Drivers In Memory ---

*Deregistered* - SASDIFSV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6210d009-01fa-11df-98eb-00402b44fe93}]
\Shell\AutoRun\command - "G:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{696d7d54-3c5d-11df-99a9-00402b44fe93}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a09526e-0674-11de-9610-00402b44fe93}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb.exe
\Shell\open\command - G:\usb.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:22]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:22]

2010-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1667259904-373526910-3751838402-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-07-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1667259904-373526910-3751838402-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-AutoTBar - c:\hp\bin\autotbar.exe
HKLM-Run-Zero Knowledge Freedom - c:\program files\Zero Knowledge\Freedom\AutoStarterR.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-CTFMON - (no file)
AddRemove-{BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 09:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-08 09:09:20
ComboFix-quarantined-files.txt 2010-07-08 14:09

Pre-Run: 18,297,372,672 bytes free
Post-Run: 20,825,513,984 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - DCC4A8099D86495ED19D0B7C14A69D5C


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 08 July 2010 - 11:40 AM

Hello again,

The only "safety option" limewire offers, is scanning the files with AVG. This does not make it any safer since many new threats are not recognized yet by regular AV applications.

Please let me know how things are running after the following fix.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 08 July 2010 - 02:00 PM

Before I do this something happen.... i was reading an mail and I had to download an attachment that my husband fww to me, well I read it and then a pop up appears saying that another attachment was downloading as for of a pdf document well after that (I click cancel) an AV Security suit start popping out! as warnings that my computer was at risk etc etc well I try to used MBAM but couldn't open then I reboot in safe mode and run supertanspyware and found this from safe mode , after I run MBAM and foud something else so when I tried to go to the internet couldn't access cause it said a proxy problem blah blah... don't allowed to open the home page.... wacko.gif well so I went to the closest restore point and now I can access the internet but
Do we have to star all over... I fell to hit myself against the wall!!!! crazy.gif I shouldn't open any attachments even from my husband.... mad.gif .. here is the log Sorry for given you too much trouble...I'm really really sorry!!!!!


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/08/2010 at 01:58 PM

Application Version : 4.40.1002

Core Rules Database Version : 5144
Trace Rules Database Version: 2956

Scan type : Quick Scan
Total Scan Time : 00:30:53

Memory items scanned : 220
Memory threats detected : 0
Registry items scanned : 1459
Registry threats detected : 0
File items scanned : 9743
File threats detected : 468

Adware.Flash Tracking Cookie
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MEFJVEWG\A.ADS2.MSADS.NET
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MEFJVEWG\ADS2.MSADS.NET
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MEFJVEWG\B.ADS2.MSADS.NET

Adware.Tracking Cookie
.ad.yieldmanager.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.revenue.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.toseeka.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
adopt.euroclick.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.microsoftwindows.112.2o7.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
account.live.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
account.live.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adrevolver.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adrevolver.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
media.adrevolver.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.microsoftwlmessengermkt.112.2o7.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.bluestreak.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.bravenet.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.paypal.112.2o7.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.stats.paypal.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
cache.trafficmp.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
cache.trafficmp.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
a.ads2.msads.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
ads2.msads.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
ads2.msn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
advprotraffic.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
b.ads2.msads.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
cdn.insights.gravity.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
cdn4.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
content.oddcast.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
core.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
crackle.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
imagec05.247realmedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
interclick.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
m1.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
media.miamiherald.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
media.monster.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
media.mtvnservices.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
media.resulthost.org [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
media.scanscout.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
media.tattomedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
mediaforgews.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
msnbcmedia.msn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
msntest.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
naiadsystems.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
objects.tremormedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
oddcast.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
sites.adult-empire.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
spe.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
udn.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
videos.mediaite.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
vidii.hardsextube.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
wdpromedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
wdw1.wdpromedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
wdw2.wdpromedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
www.crackle.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
www.hentaimedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
www.sextvx.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
wwwstatic.megaporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
yo.static.presidiomedia.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\MEFJVEWG ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
adserving.autotrader.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.e-2dj6wgkocpczgdp.stats.esomniture.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
click.compusaonline.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
click.compusaonline.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.e-2dj6wnmyukdpeho.stats.esomniture.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.e-2dj6wdmiqkd5ico.stats.esomniture.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.e-2dj6wfkyaidjskp.stats.esomniture.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.e-2dj6wnmyciczebo.stats.esomniture.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.microsoftwindows.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.microsoftwga.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.www.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
www.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ice.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.burstbeacon.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.socialmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.socialmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
srv.clickfuse.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
login.tracking101.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
login.tracking101.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
click.mediadome.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
click.mediadome.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.at.atwola.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.atdmt.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.doubleclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.mediaplex.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.revenue.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.toseeka.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.pro-market.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.advertising.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.atdmt.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
adopt.euroclick.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.microsoftwindows.112.2o7.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adinterax.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adinterax.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
account.live.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
account.live.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.realmedia.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.zedo.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.burstnet.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.tribalfusion.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.realmedia.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adrevolver.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adrevolver.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
media.adrevolver.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.revsci.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.microsoftwlmessengermkt.112.2o7.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.overture.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.overture.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.ads.pointroll.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.mediaplex.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.bluestreak.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificmedia.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.imrworldwide.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.imrworldwide.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.doubleclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.bravenet.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
pub34.bravenet.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.statcounter.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.paypal.112.2o7.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.stats.paypal.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.2o7.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.trafficmp.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.media6degrees.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
cache.trafficmp.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
cache.trafficmp.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.apmebf.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.fastclick.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.247realmedia.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.questionmarket.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.casalemedia.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]
.questionmarket.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\cookies.sqlite ]


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4291

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/8/2010 1:19:35 PM
mbam-log-2010-07-08 (13-19-35).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 216009
Time elapsed: 1 hour(s), 13 minute(s), 21 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\yknyjgmbi\xofahtytssd.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cjxcxciy (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cjxcxciy (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\yknyjgmbi\xofahtytssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\lunQ.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3A93ZR0E\n002102304801r0409J11000601R8597e5b1W9ff727c8X931b278fYdf2eb7c0Z03f013300[1] (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP331\A0061696.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP331\A0061697.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 08 July 2010 - 02:56 PM

Looks like MBAM got it smile.gif

Can you now please run the CF script (see my previous post)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 09 July 2010 - 06:59 AM

I think I was half sleepy when I read the instructions...I did it backwards I run combofix with out the scipt and a guess it was worth it cause it make me reboot the pc cause it found a rootkit, then when the process was running I read again the instruction that's when I found out I did it bad any way after the program finished I save the log and then did it everything again this time following all the instructions... any ways I put you the 2 logs may be useful....By the way my google bar is missing does the virus had to do with this??? nasty creatures...you kill 8 and then 32 appears...



ComboFix 10-07-07.02 - Owner 07/09/2010 6:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.558 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-08 18:20 . 2010-07-08 18:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\PCM4Everio
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Nikon
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Ares
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\DoctorWeb
2010-07-08 17:14 . 2010-07-08 17:14 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-08 14:38 . 2010-07-08 18:16 -------- dc----w- C:\RECYCLER(2)
2010-07-05 17:51 . 2010-07-05 17:51 -------- dc----w- c:\program files\Alwil Software
2010-07-05 17:51 . 2010-07-05 17:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-01 21:03 . 2010-07-01 21:03 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-01 18:33 . 2010-07-01 18:33 -------- dc----w- c:\program files\Apple Software Update
2010-07-01 18:32 . 2010-07-01 18:32 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-29 11:59 . 2010-07-07 13:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-29 11:59 . 2010-06-29 12:00 -------- dc----w- c:\program files\Lavasoft
2010-06-27 15:04 . 2010-07-01 15:10 -------- dc----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-06-27 15:02 . 2010-06-27 15:02 -------- dc----w- c:\program files\iPod
2010-06-27 15:02 . 2010-07-01 18:32 -------- dc----w- c:\program files\iTunes
2010-06-27 15:02 . 2010-06-27 15:03 -------- dc----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-27 14:56 . 2010-07-01 18:33 -------- dc----w- c:\program files\Apple Software Update(2)
2010-06-27 14:53 . 2010-07-01 18:35 -------- dc----w- c:\program files\Bonjour
2010-06-25 07:09 . 2010-06-25 07:09 -------- dc----w- c:\program files\BabelFish
2010-06-25 07:04 . 2010-06-25 07:04 -------- dc----w- c:\documents and settings\Owner\Application Data\OJXC7YrVJrM6B88BYo
2010-06-20 17:41 . 2010-07-01 18:32 -------- dc----w- c:\program files\QuickTime
2010-06-20 17:40 . 2010-06-20 17:40 -------- dc----w- c:\program files\Adobe Media Player
2010-06-20 17:40 . 2010-06-20 17:40 -------- dc----w- c:\program files\WMV9_VCM
2010-06-20 17:38 . 2010-06-20 17:38 -------- dc----w- c:\program files\SuperNZB
2010-06-20 11:53 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-16 13:58 . 2010-06-20 18:13 -------- dc----w- c:\program files\Real
2010-06-16 13:58 . 2010-06-20 18:13 -------- dc----w- c:\program files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 11:02 . 2010-04-29 23:18 -------- dc----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-07-09 11:01 . 2010-06-20 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 10:57 . 2009-03-08 20:32 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-09 10:57 . 2009-10-11 22:45 -------- dc----w- c:\program files\SUPERAntiSpyware
2010-07-05 18:06 . 2009-02-27 22:36 -------- dc----w- c:\program files\Google
2010-07-05 17:37 . 2009-08-06 21:10 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-01 19:00 . 2010-02-25 13:11 117760 -c--a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-01 18:31 . 2009-02-26 16:40 -------- d-----w- c:\program files\Yahoo!
2010-06-30 17:56 . 2009-02-26 16:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-29 13:29 . 2009-02-26 16:41 -------- dc----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-06-27 14:54 . 2010-06-20 17:39 -------- dc----w- c:\program files\Common Files\Apple
2010-06-23 17:14 . 2009-02-28 01:23 1 -c--a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-21 13:42 . 2009-02-26 23:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-20 18:13 . 2010-06-20 18:13 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-20 18:13 . 2010-06-20 18:13 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-20 18:13 . 2010-06-20 18:13 14848 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-20 18:13 . 2010-06-20 18:13 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-20 18:13 . 2010-06-20 18:13 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-20 18:13 . 2010-06-20 18:13 -------- dc----w- c:\program files\Common Files\xing shared
2010-06-20 18:12 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-20 18:12 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-20 17:40 . 2010-06-20 17:39 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-20 17:37 . 2010-06-20 17:37 -------- dc----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-06-20 17:37 . 2010-06-20 17:37 -------- dc----w- c:\program files\Common Files\SupportSoft
2010-06-20 17:37 . 2009-03-29 15:15 -------- dc-h--w- c:\program files\Creative Installation Information
2010-06-20 17:37 . 2009-03-29 15:15 -------- dc----w- c:\program files\Creative
2010-06-20 17:37 . 2003-02-20 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-20 17:28 . 2010-01-13 21:52 -------- dc----w- c:\program files\Nikon
2010-06-20 17:28 . 2009-09-20 22:23 -------- dc----w- c:\documents and settings\Owner\Application Data\SanDisk
2010-06-20 17:28 . 2010-06-20 17:28 -------- dc----w- c:\program files\Common Files\AVSMedia
2010-06-20 17:28 . 2010-06-20 17:28 -------- dc----w- c:\documents and settings\Owner\Application Data\AVS4YOU
2010-06-20 17:28 . 2010-06-20 17:28 -------- dc----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-06-20 17:28 . 2010-01-13 21:52 -------- dc----w- c:\program files\Common Files\Nikon
2010-06-16 14:02 . 2009-12-11 21:09 -------- dc----w- c:\program files\CyberLink
2010-05-21 19:14 . 2009-10-03 20:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41 . 2003-05-07 22:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:41 . 2003-05-07 22:34 916480 ----a-w- c:\windows\system32\wininet(5).dll
2010-05-06 10:41 . 2003-05-07 22:34 916480 ----a-w- c:\windows\system32\wininet(4).dll
2010-05-06 10:41 . 2003-05-07 22:34 1209344 ----a-w- c:\windows\system32\urlmon(5).dll
2010-05-06 10:41 . 2003-05-07 22:34 1209344 ----a-w- c:\windows\system32\urlmon(4).dll
2010-05-06 10:41 . 2003-05-07 23:04 184320 ----a-w- c:\windows\system32\iepeers(3).dll
2010-05-06 10:41 . 2003-05-07 23:04 184320 ----a-w- c:\windows\system32\iepeers(2).dll
2010-05-02 05:22 . 2003-05-07 22:34 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-21 23:57 . 2010-01-13 21:54 0 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-04-21 23:54 . 2010-01-13 21:51 0 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-04-20 05:30 . 2003-05-07 23:01 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-10-09 15:21 . 2009-10-09 15:21 210944 ----a-w- c:\program files\mozilla firefox\components\rpff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 69632]
"AutoTBar"="c:\hp\bin\autotbar.exe" [BU]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Zero Knowledge Freedom"="c:\program files\Zero Knowledge\Freedom\AutoStarterR.exe" [BU]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-13 68592]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-20 202256]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
c:\program files\Ares\Ares.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-09-10 06:35 372736 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-27 22:36 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:HTTPS
"21:TCP"= 21:TCP:FTP

R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [1/18/2010 11:36 AM 3584]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 2:22 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:22]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:22]

2010-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1667259904-373526910-3751838402-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-07-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1667259904-373526910-3751838402-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 06:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-09 06:28:29
ComboFix-quarantined-files.txt 2010-07-09 11:28
ComboFix2.txt 2010-07-08 14:09

Pre-Run: 22,701,010,944 bytes free
Post-Run: 23,700,889,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - B486A120933F4B53C5F8939B9F0FFFDA


This is the other one with the script on it


ComboFix 10-07-07.02 - Owner 07/09/2010 6:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.468 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.text
.

((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-08 18:20 . 2010-07-08 18:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\PCM4Everio
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Nikon
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\Local Settings\Application Data\Ares
2010-07-08 18:15 . 2010-07-08 18:15 -------- dc----w- c:\documents and settings\Owner\DoctorWeb
2010-07-08 17:14 . 2010-07-08 17:14 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-08 14:38 . 2010-07-08 18:16 -------- dc----w- C:\RECYCLER(2)
2010-07-05 17:51 . 2010-07-05 17:51 -------- dc----w- c:\program files\Alwil Software
2010-07-05 17:51 . 2010-07-05 17:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-01 21:03 . 2010-07-01 21:03 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-01 18:33 . 2010-07-01 18:33 -------- dc----w- c:\program files\Apple Software Update
2010-07-01 18:32 . 2010-07-01 18:32 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-29 11:59 . 2010-07-07 13:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-29 11:59 . 2010-06-29 12:00 -------- dc----w- c:\program files\Lavasoft
2010-06-27 15:04 . 2010-07-01 15:10 -------- dc----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-06-27 15:02 . 2010-06-27 15:02 -------- dc----w- c:\program files\iPod
2010-06-27 15:02 . 2010-07-01 18:32 -------- dc----w- c:\program files\iTunes
2010-06-27 15:02 . 2010-06-27 15:03 -------- dc----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-27 14:56 . 2010-07-01 18:33 -------- dc----w- c:\program files\Apple Software Update(2)
2010-06-27 14:53 . 2010-07-01 18:35 -------- dc----w- c:\program files\Bonjour
2010-06-25 07:09 . 2010-06-25 07:09 -------- dc----w- c:\program files\BabelFish
2010-06-25 07:04 . 2010-06-25 07:04 -------- dc----w- c:\documents and settings\Owner\Application Data\OJXC7YrVJrM6B88BYo
2010-06-20 17:41 . 2010-07-01 18:32 -------- dc----w- c:\program files\QuickTime
2010-06-20 17:40 . 2010-06-20 17:40 -------- dc----w- c:\program files\Adobe Media Player
2010-06-20 17:40 . 2010-06-20 17:40 -------- dc----w- c:\program files\WMV9_VCM
2010-06-20 17:38 . 2010-06-20 17:38 -------- dc----w- c:\program files\SuperNZB
2010-06-20 11:53 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-16 13:58 . 2010-06-20 18:13 -------- dc----w- c:\program files\Real
2010-06-16 13:58 . 2010-06-20 18:13 -------- dc----w- c:\program files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 11:02 . 2010-04-29 23:18 -------- dc----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-07-09 11:01 . 2010-06-20 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 10:57 . 2009-03-08 20:32 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-09 10:57 . 2009-10-11 22:45 -------- dc----w- c:\program files\SUPERAntiSpyware
2010-07-05 18:06 . 2009-02-27 22:36 -------- dc----w- c:\program files\Google
2010-07-05 17:37 . 2009-08-06 21:10 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-01 19:00 . 2010-02-25 13:11 117760 -c--a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-01 18:31 . 2009-02-26 16:40 -------- d-----w- c:\program files\Yahoo!
2010-06-30 17:56 . 2009-02-26 16:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-29 13:29 . 2009-02-26 16:41 -------- dc----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-06-27 14:54 . 2010-06-20 17:39 -------- dc----w- c:\program files\Common Files\Apple
2010-06-23 17:14 . 2009-02-28 01:23 1 -c--a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-21 13:42 . 2009-02-26 23:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-20 18:13 . 2010-06-20 18:13 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-20 18:13 . 2010-06-20 18:13 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-20 18:13 . 2010-06-20 18:13 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-20 18:13 . 2010-06-20 18:13 14848 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-20 18:13 . 2010-06-20 18:13 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-20 18:13 . 2010-06-20 18:13 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-20 18:13 . 2010-06-20 18:13 -------- dc----w- c:\program files\Common Files\xing shared
2010-06-20 18:12 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-20 18:12 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-20 17:40 . 2010-06-20 17:39 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-20 17:37 . 2010-06-20 17:37 -------- dc----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-06-20 17:37 . 2010-06-20 17:37 -------- dc----w- c:\program files\Common Files\SupportSoft
2010-06-20 17:37 . 2009-03-29 15:15 -------- dc-h--w- c:\program files\Creative Installation Information
2010-06-20 17:37 . 2009-03-29 15:15 -------- dc----w- c:\program files\Creative
2010-06-20 17:37 . 2003-02-20 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-20 17:28 . 2010-01-13 21:52 -------- dc----w- c:\program files\Nikon
2010-06-20 17:28 . 2009-09-20 22:23 -------- dc----w- c:\documents and settings\Owner\Application Data\SanDisk
2010-06-20 17:28 . 2010-06-20 17:28 -------- dc----w- c:\program files\Common Files\AVSMedia
2010-06-20 17:28 . 2010-06-20 17:28 -------- dc----w- c:\documents and settings\Owner\Application Data\AVS4YOU
2010-06-20 17:28 . 2010-06-20 17:28 -------- dc----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-06-20 17:28 . 2010-01-13 21:52 -------- dc----w- c:\program files\Common Files\Nikon
2010-06-16 14:02 . 2009-12-11 21:09 -------- dc----w- c:\program files\CyberLink
2010-05-21 19:14 . 2009-10-03 20:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41 . 2003-05-07 22:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:41 . 2003-05-07 22:34 916480 ----a-w- c:\windows\system32\wininet(5).dll
2010-05-06 10:41 . 2003-05-07 22:34 916480 ----a-w- c:\windows\system32\wininet(4).dll
2010-05-06 10:41 . 2003-05-07 22:34 1209344 ----a-w- c:\windows\system32\urlmon(5).dll
2010-05-06 10:41 . 2003-05-07 22:34 1209344 ----a-w- c:\windows\system32\urlmon(4).dll
2010-05-06 10:41 . 2003-05-07 23:04 184320 ----a-w- c:\windows\system32\iepeers(3).dll
2010-05-06 10:41 . 2003-05-07 23:04 184320 ----a-w- c:\windows\system32\iepeers(2).dll
2010-05-02 05:22 . 2003-05-07 22:34 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-21 23:57 . 2010-01-13 21:54 0 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-04-21 23:54 . 2010-01-13 21:51 0 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-04-20 05:30 . 2003-05-07 23:01 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-10-09 15:21 . 2009-10-09 15:21 210944 ----a-w- c:\program files\mozilla firefox\components\rpff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 69632]
"AutoTBar"="c:\hp\bin\autotbar.exe" [BU]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Zero Knowledge Freedom"="c:\program files\Zero Knowledge\Freedom\AutoStarterR.exe" [BU]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-13 68592]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-20 202256]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
c:\program files\Ares\Ares.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-09-10 06:35 372736 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-27 22:36 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:HTTPS
"21:TCP"= 21:TCP:FTP

R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [1/18/2010 11:36 AM 3584]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 2:22 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:22]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:22]

2010-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1667259904-373526910-3751838402-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-07-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1667259904-373526910-3751838402-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lv4x3m5x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 06:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(656)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-09 06:41:57
ComboFix-quarantined-files.txt 2010-07-09 11:41
ComboFix2.txt 2010-07-09 11:28
ComboFix3.txt 2010-07-08 14:09

Pre-Run: 23,696,003,072 bytes free
Post-Run: 23,694,471,168 bytes free

- - End Of File - - A1E4938F1C661603B65ECA7C422AC165




#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 09 July 2010 - 07:31 AM

Ouch, that was not only a rogue, but also a rootkit.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Please launch MBAM, update it and run a new full scan. Post me the results together with a description of any remaining problems.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 09 July 2010 - 10:48 AM

we don't use this pc for any online banking or purchase thru internet we used to do it but since a vendor overchargeme with fees when I purchased something I stop doing any via internet and I changed my information...so I"M not sure if to re format the pc will be necessary if this is an old pc and I don't have any of the installation cd's with me.... we got this pc about 2002 2003...
any way letme run MBAM,

#14 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 09 July 2010 - 12:09 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4296

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/9/2010 11:52:26 AM
mbam-log-2010-07-09 (11-52-26).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 215373
Time elapsed: 1 hour(s), 1 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:22 AM

Posted 09 July 2010 - 12:26 PM

Hello again,

INSTALL ANTIVIRUS
---------------------------
I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Please run a full scan with the Antivirus application you just installed and post me the results.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users