Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

shell.exe Trojan?


  • This topic is locked This topic is locked
16 replies to this topic

#1 Baldric

Baldric

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 November 2010 - 12:19 AM

A web site took control of my computer and I had to power off. It must have accomplished something, because I now have a "shell.exe" process and an extra "svchost.exe". I think it tried to do something on my Facebook account - some sort of Facebook login error popped up when I wasn't even connected to it.

GMER would not run - it bombed the first time I tried it, and now it freezes every time I try it.


DDS (Ver_10-11-10.01) - NTFSx86
Run by a at 23:14:30.85 on Mon 11/15/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.240 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\a\Application Data\Microsoft\Windows\shell.exe
C:\WINDOWS\system32\spoolsv.exe
"C:\Documents and Settings\a\Application Data\Microsoft\svchost.exe"
svchost.exe
C:\DOCUME~1\a\LOCALS~1\Temp\dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\a\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uWinlogon: Shell=explorer.exe,c:\documents and settings\a\application data\microsoft\windows\shell.exe
uWindows: Load=c:\docume~1\a\locals~1\temp\dwm.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [AHQInit] c:\program files\creative\sblive\program\AHQInit.exe
mRun: [Dell|Alert] c:\program files\dell\support\alert\bin\DAMon.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [svchost] c:\documents and settings\a\application data\microsoft\svchost.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
uPolicies-explorer: <NO NAME> =
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - hxxp://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37984.6371527778
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.mtb.com/dana-cached/sc/JuniperSetupClient.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\a\applic~1\mozilla\firefox\profiles\ggisflgq.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\a\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\a\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-1 44928]

=============== Created Last 30 ================

2010-11-16 00:48:28 131584 ----a-w- c:\docume~1\a\applic~1\microsoft\windows\shell.exe
2010-11-16 00:48:02 117248 ----a-w- c:\docume~1\a\applic~1\microsoft\svchost.exe
2010-10-27 00:59:12 -------- d-----w- C:\ADOM

==================== Find3M ====================

2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 23:16:04.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:45 AM

Posted 23 November 2010 - 09:08 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Baldric

Baldric
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 November 2010 - 07:00 PM

I couldn't wait a full week for your response, so I ran Mbam in the meantime. It found what looks like several Trojans and password collectors along with the "shell.exe" browser hijacker.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:45 AM

Posted 24 November 2010 - 07:07 PM

Is the PC okay now then? Can I lock the topic?
Posted Image
m0le is a proud member of UNITE

#5 Baldric

Baldric
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 25 November 2010 - 09:59 PM

The PC looks ok, but the fact that it found all those things tells me I should keep looking. Was that all you were going to tell me to do? Mbam?

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:45 AM

Posted 26 November 2010 - 06:04 PM

No. I was going to check for rootkit activity first and then see how the PC was behaving. MBAM is good but it might be worth following it with another program which does a good job of removing the malware registry items.

Up to you...
Posted Image
m0le is a proud member of UNITE

#7 Baldric

Baldric
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 27 November 2010 - 12:45 AM

I'd like to try everything you've got. Tell me what to do.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:45 AM

Posted 27 November 2010 - 06:59 AM

Okay, let's eliminate rootkits first

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#9 Baldric

Baldric
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 27 November 2010 - 11:46 AM

Nothing was found by TDSSKiller, but here's Report.txt in case you need it. MBRCheck log follows.

2010/11/27 11:37:53.0406 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
2010/11/27 11:37:53.0406 ================================================================================
2010/11/27 11:37:53.0406 SystemInfo:
2010/11/27 11:37:53.0406
2010/11/27 11:37:53.0406 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/27 11:37:53.0406 Product type: Workstation
2010/11/27 11:37:53.0406 ComputerName: FASTPC
2010/11/27 11:37:53.0406 UserName: a
2010/11/27 11:37:53.0406 Windows directory: C:\WINDOWS
2010/11/27 11:37:53.0406 System windows directory: C:\WINDOWS
2010/11/27 11:37:53.0406 Processor architecture: Intel x86
2010/11/27 11:37:53.0406 Number of processors: 1
2010/11/27 11:37:53.0406 Page size: 0x1000
2010/11/27 11:37:53.0406 Boot type: Normal boot
2010/11/27 11:37:53.0406 ================================================================================
2010/11/27 11:37:54.0500 Initialize success
2010/11/27 11:37:58.0234 ================================================================================
2010/11/27 11:37:58.0234 Scan started
2010/11/27 11:37:58.0234 Mode: Manual;
2010/11/27 11:37:58.0234 ================================================================================
2010/11/27 11:38:02.0515 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/11/27 11:38:02.0984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/27 11:38:03.0453 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/27 11:38:03.0968 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/11/27 11:38:04.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/27 11:38:04.0921 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/27 11:38:05.0390 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/27 11:38:05.0843 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/11/27 11:38:06.0250 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/11/27 11:38:06.0671 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/11/27 11:38:07.0171 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/11/27 11:38:07.0671 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/11/27 11:38:08.0140 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/11/27 11:38:08.0546 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/11/27 11:38:08.0984 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/11/27 11:38:09.0437 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/11/27 11:38:09.0875 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/11/27 11:38:10.0281 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/11/27 11:38:10.0750 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/27 11:38:11.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/27 11:38:12.0890 ati2mtag (3d2bdb33c97b8b12a048ddc5bcaf2029) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/27 11:38:14.0343 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/27 11:38:14.0812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/27 11:38:15.0265 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2010/11/27 11:38:15.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/27 11:38:16.0562 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/11/27 11:38:17.0000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/27 11:38:17.0390 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/11/27 11:38:17.0843 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/27 11:38:18.0265 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/27 11:38:18.0703 Cdr4_xp (c3e76b0c05ebf7261abfb08d9e75822e) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/11/27 11:38:19.0140 Cdralw2k (17590dfe29e02842a6e3a463e443d1b9) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/11/27 11:38:19.0593 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/27 11:38:20.0140 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/11/27 11:38:21.0046 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/11/27 11:38:21.0468 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/11/27 11:38:21.0921 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/11/27 11:38:22.0359 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/11/27 11:38:22.0890 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/11/27 11:38:23.0328 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/11/27 11:38:23.0781 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/27 11:38:24.0390 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/27 11:38:25.0031 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/27 11:38:25.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/27 11:38:25.0906 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/27 11:38:26.0359 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/11/27 11:38:26.0750 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/27 11:38:27.0171 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/11/27 11:38:27.0609 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/11/27 11:38:28.0203 emu10k (ae4e46d96e9d33790c8617e36791b576) C:\WINDOWS\system32\drivers\emu10k1f.sys
2010/11/27 11:38:28.0781 emu10k1 (aadc81e967c25dd7c90e150fec6eab74) C:\WINDOWS\system32\drivers\ctlface.sys
2010/11/27 11:38:29.0312 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2010/11/27 11:38:29.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/27 11:38:30.0234 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/27 11:38:30.0671 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/27 11:38:31.0109 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/27 11:38:31.0578 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/27 11:38:32.0109 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2010/11/27 11:38:32.0500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/27 11:38:32.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/27 11:38:33.0343 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/27 11:38:33.0750 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/27 11:38:34.0187 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/27 11:38:34.0671 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/11/27 11:38:35.0187 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
2010/11/27 11:38:35.0671 HSFHWBS2 (95b894b508db03507b61fe213ef6fe19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/11/27 11:38:36.0437 HSF_DP (f66402179ca2b2ae68493103db5fa48c) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/27 11:38:37.0281 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2010/11/27 11:38:37.0937 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/27 11:38:38.0437 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/27 11:38:38.0906 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/11/27 11:38:39.0343 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/27 11:38:39.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/27 11:38:40.0296 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/11/27 11:38:40.0703 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/27 11:38:41.0187 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/27 11:38:41.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/27 11:38:42.0046 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/27 11:38:42.0468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/27 11:38:42.0921 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/27 11:38:43.0406 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/27 11:38:43.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/27 11:38:44.0390 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/27 11:38:45.0015 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2010/11/27 11:38:45.0546 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/27 11:38:46.0015 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/27 11:38:46.0500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/27 11:38:47.0515 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/27 11:38:48.0218 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/11/27 11:38:48.0750 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/27 11:38:49.0171 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/27 11:38:49.0609 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/27 11:38:50.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/27 11:38:50.0500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/27 11:38:50.0968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/27 11:38:51.0390 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/11/27 11:38:52.0000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/27 11:38:52.0515 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/27 11:38:52.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/27 11:38:53.0390 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/27 11:38:53.0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/27 11:38:54.0234 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/27 11:38:54.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/27 11:38:55.0125 MxlW2k (ee7dc6532468b0bd08aa5790ee8b428c) C:\WINDOWS\system32\drivers\MxlW2k.sys
2010/11/27 11:38:55.0625 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/27 11:38:56.0078 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/27 11:38:56.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/27 11:38:56.0968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/27 11:38:57.0390 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/27 11:38:57.0875 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/27 11:38:58.0421 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/27 11:38:58.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/27 11:38:59.0562 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/27 11:39:00.0359 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/27 11:39:01.0187 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/27 11:39:01.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/27 11:39:02.0093 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/11/27 11:39:02.0515 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/27 11:39:03.0000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/27 11:39:03.0390 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/27 11:39:03.0828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/27 11:39:04.0718 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2010/11/27 11:39:05.0187 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/27 11:39:06.0953 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/11/27 11:39:07.0359 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/11/27 11:39:07.0765 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2010/11/27 11:39:08.0390 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/27 11:39:08.0875 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/27 11:39:09.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/27 11:39:09.0703 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/27 11:39:10.0109 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/11/27 11:39:10.0578 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/27 11:39:11.0015 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/11/27 11:39:11.0484 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/11/27 11:39:11.0890 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/11/27 11:39:12.0312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/11/27 11:39:12.0734 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/11/27 11:39:13.0171 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/27 11:39:13.0578 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/27 11:39:14.0000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/27 11:39:14.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/27 11:39:14.0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/27 11:39:15.0312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/27 11:39:15.0781 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/27 11:39:16.0265 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/27 11:39:16.0718 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2010/11/27 11:39:17.0234 rtl8139 (d6066a0596b13e486204dd365fdb2d4f) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/27 11:39:17.0375 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/27 11:39:17.0437 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/11/27 11:39:17.0515 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/11/27 11:39:17.0953 SDTHOOK (f88d17b93621eeb8bef33b81e3af9207) C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys
2010/11/27 11:39:18.0343 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/27 11:39:18.0781 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/27 11:39:19.0250 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/27 11:39:19.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/27 11:39:20.0125 sfman (28b740a66cb88be3d0cd93d5664d7d88) C:\WINDOWS\system32\drivers\sfman.sys
2010/11/27 11:39:20.0968 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/11/27 11:39:21.0437 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2010/11/27 11:39:21.0906 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/11/27 11:39:22.0343 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
2010/11/27 11:39:22.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/27 11:39:23.0468 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/11/27 11:39:24.0093 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
2010/11/27 11:39:24.0656 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/27 11:39:25.0156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/27 11:39:25.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/27 11:39:26.0171 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/11/27 11:39:26.0734 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/11/27 11:39:27.0359 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/11/27 11:39:27.0812 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/11/27 11:39:28.0296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/27 11:39:28.0890 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/27 11:39:29.0390 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/27 11:39:29.0796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/27 11:39:30.0265 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/27 11:39:30.0750 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2010/11/27 11:39:31.0171 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/11/27 11:39:31.0843 UdfReadr (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr.sys
2010/11/27 11:39:32.0500 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/11/27 11:39:33.0187 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/27 11:39:33.0625 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/11/27 11:39:34.0125 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/27 11:39:34.0640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/27 11:39:35.0078 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/27 11:39:35.0484 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/27 11:39:36.0046 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2010/11/27 11:39:36.0593 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys
2010/11/27 11:39:37.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/27 11:39:37.0468 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/11/27 11:39:37.0937 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/11/27 11:39:38.0609 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/27 11:39:39.0125 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/27 11:39:40.0234 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/27 11:39:40.0859 winachsf (fe71b3857bed54600e02288b212e7b7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/27 11:39:41.0531 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/27 11:39:41.0984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/27 11:39:42.0421 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/27 11:39:42.0937 ================================================================================
2010/11/27 11:39:42.0937 Scan finished
2010/11/27 11:39:42.0937 ================================================================================



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8D76000 \WINDOWS\system32\KDCOM.DLL
0xF8C86000 \WINDOWS\system32\BOOTVID.dll
0xF8827000 ACPI.sys
0xF8D78000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8816000 pci.sys
0xF8876000 isapnp.sys
0xF8D7A000 intelide.sys
0xF8AF6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8886000 MountMgr.sys
0xF87F7000 ftdisk.sys
0xF8AFE000 PartMgr.sys
0xF8896000 VolSnap.sys
0xF87DF000 atapi.sys
0xF88A6000 disk.sys
0xF88B6000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF87BF000 fltmgr.sys
0xF88C6000 PxHelp20.sys
0xF87A8000 KSecDD.sys
0xF871B000 Ntfs.sys
0xF86EE000 NDIS.sys
0xF86D4000 Mup.sys
0xF88D6000 agp440.sys
0xF7FE8000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7D53000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF7D3F000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8BCE000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF7D19000 \SystemRoot\System32\DRIVERS\HSFHWBS2.sys
0xF7C0E000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
0xF7B84000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF8BD6000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7AC6000 \SystemRoot\system32\drivers\emu10k1f.sys
0xF7AA2000 \SystemRoot\system32\drivers\portcls.sys
0xF89C6000 \SystemRoot\system32\drivers\drmk.sys
0xF7A7F000 \SystemRoot\system32\drivers\ks.sys
0xF89D6000 \SystemRoot\system32\drivers\sfman.sys
0xF8DC2000 \SystemRoot\system32\drivers\ctlface.sys
0xF8E7E000 \SystemRoot\System32\DRIVERS\ctljystk.sys
0xF8D02000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF8BDE000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF89E6000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8BE6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF89F6000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8D06000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7A6B000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8BEE000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF8A06000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8A16000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7A52000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xF8A26000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8BF6000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7A2E000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8E83000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8A36000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8D12000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7A17000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8A46000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8A56000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8BFE000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7A06000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8A66000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8C06000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8C0E000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8A76000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8C16000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8DC4000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF79A8000 \SystemRoot\System32\DRIVERS\update.sys
0xF8D1E000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8C1E000 \SystemRoot\System32\Drivers\mmc_2K.SYS
0xF8A96000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8DD8000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8AA6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF5C43000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8BB6000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8D6A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF2F52000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF2F51000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF8E1C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF2F50000 \SystemRoot\System32\Drivers\Null.SYS
0xF8E1E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF3BCA000 \SystemRoot\System32\drivers\vga.sys
0xF8E20000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8E22000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF19E4000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF3BC2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF3BBA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF199F000 \SystemRoot\System32\Drivers\UdfReadr.SYS
0xF4E0C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF1952000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF18F9000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF18D1000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4E08000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF18AF000 \SystemRoot\System32\drivers\afd.sys
0xF4E04000 \??\C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys
0xF1884000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF3BB2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF0CFB000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF2DD3000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF2DC3000 \SystemRoot\System32\Drivers\Fips.SYS
0xF2BE6000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF2B76000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF2ACC000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF2BDA000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xEE0A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xED622000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8DE0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEDC96000 \SystemRoot\System32\drivers\Dxapi.sys
0xEE6FD000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF580C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF317B000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB8EB4000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB8E77000 \SystemRoot\system32\drivers\wdmaud.sys
0xF4C29000 \SystemRoot\system32\drivers\sysaudio.sys
0xF0EB5000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB8DBA000 \SystemRoot\System32\DRIVERS\HSF_FALL.sys
0xB8D9D000 \SystemRoot\System32\DRIVERS\HSF_FSKS.sys
0xB8D3D000 \SystemRoot\System32\DRIVERS\HSF_K56K.sys
0xB8E90000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xF8DEC000 \??\C:\WINDOWS\System32\PfModNT.sys
0xF56E0000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xB8CBE000 \SystemRoot\System32\DRIVERS\srv.sys
0xB8C8D000 \SystemRoot\System32\DRIVERS\HSF_FAXX.sys
0xB8C7B000 \SystemRoot\System32\DRIVERS\HSF_SPKP.sys
0xF2B36000 \SystemRoot\System32\DRIVERS\HSF_TONE.sys
0xB8ABB000 \SystemRoot\System32\DRIVERS\HSF_V124.sys
0xB88C2000 \SystemRoot\System32\Drivers\HTTP.sys
0xB5757000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 31):
0 System Idle Process
4 System
432 C:\WINDOWS\SYSTEM32\smss.exe
488 csrss.exe
512 C:\WINDOWS\SYSTEM32\winlogon.exe
556 C:\WINDOWS\SYSTEM32\services.exe
568 C:\WINDOWS\SYSTEM32\lsass.exe
724 C:\WINDOWS\SYSTEM32\svchost.exe
792 svchost.exe
868 C:\WINDOWS\SYSTEM32\svchost.exe
924 svchost.exe
980 svchost.exe
1312 C:\WINDOWS\SYSTEM32\devldr32.exe
1324 C:\WINDOWS\explorer.exe
1420 C:\WINDOWS\SYSTEM32\spoolsv.exe
1484 svchost.exe
1520 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
1540 C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
1556 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
1580 C:\WINDOWS\SYSTEM32\rundll32.exe
1700 C:\WINDOWS\SYSTEM32\ctfmon.exe
1800 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
1860 C:\Program Files\Java\jre6\bin\jqs.exe
1888 C:\WINDOWS\SYSTEM32\nvsvc32.exe
252 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
1264 C:\WINDOWS\SYSTEM32\wscntfy.exe
1772 alg.exe
2232 C:\WINDOWS\SYSTEM32\svchost.exe
2456 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
592 C:\Program Files\Mozilla Firefox\firefox.exe
3856 C:\Documents and Settings\a\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x0000001f`ffd60a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD400BB-75DEA0, Rev: 05.03E05
PhysicalDrive1 Model Number: WDCWD3200JB-00KFA0, Rev: 08.05J08

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:45 AM

Posted 27 November 2010 - 06:13 PM

That's all good.


Please run Superantispyware

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Please run OTL so we can take a look at that scan too

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#11 Baldric

Baldric
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 28 November 2010 - 03:59 AM

Suer Anti-Spyware log (found lots of stuff), then OTL logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/28/2010 at 03:38 AM

Application Version : 4.46.1000

Core Rules Database Version : 5921
Trace Rules Database Version: 3733

Scan type : Complete Scan
Total Scan Time : 05:43:26

Memory items scanned : 377
Memory threats detected : 0
Registry items scanned : 6460
Registry threats detected : 90
File items scanned : 239244
File threats detected : 581

Adware.Tracking Cookie
C:\Documents and Settings\a\Cookies\a@tribalfusion[2].txt
C:\Documents and Settings\a\Cookies\a@getiton.adultfriendfinder[1].txt
C:\Documents and Settings\a\Cookies\a@interclick[2].txt
C:\Documents and Settings\a\Cookies\a@invitemedia[2].txt
C:\Documents and Settings\a\Cookies\a@chokertraffic[1].txt
C:\Documents and Settings\a\Cookies\a@ads.pubmatic[2].txt
C:\Documents and Settings\a\Cookies\a@ads.ad4game[2].txt
C:\Documents and Settings\a\Cookies\a@adecn[1].txt
C:\Documents and Settings\a\Cookies\a@dmtracker[1].txt
C:\Documents and Settings\a\Cookies\a@media.adfrontiers[1].txt
C:\Documents and Settings\a\Cookies\a@videoegg.adbureau[2].txt
C:\Documents and Settings\a\Cookies\a@www.bigfreesex[1].txt
C:\Documents and Settings\a\Cookies\a@server.cpmstar[1].txt
C:\Documents and Settings\a\Cookies\a@mediabrandsww[1].txt
C:\Documents and Settings\a\Cookies\a@questionmarket[2].txt
C:\Documents and Settings\a\Cookies\a@serving-sys[2].txt
C:\Documents and Settings\a\Cookies\a@clubseventeen[2].txt
C:\Documents and Settings\a\Cookies\a@collective-media[2].txt
C:\Documents and Settings\a\Cookies\a@revsci[1].txt
C:\Documents and Settings\a\Cookies\a@adultfriendfinder[2].txt
C:\Documents and Settings\a\Cookies\a@a1.interclick[2].txt
C:\Documents and Settings\a\Cookies\a@trafficholder[1].txt
C:\Documents and Settings\a\Cookies\a@www.burstbeacon[1].txt
C:\Documents and Settings\a\Cookies\a@click.payserve[1].txt
C:\Documents and Settings\a\Cookies\a@adbrite[2].txt
C:\Documents and Settings\a\Cookies\a@youngporn[1].txt
C:\Documents and Settings\a\Cookies\a@best-teens[1].txt
C:\Documents and Settings\a\Cookies\a@content.yieldmanager[1].txt
C:\Documents and Settings\a\Cookies\a@toplist[2].txt
C:\Documents and Settings\a\Cookies\a@bs.serving-sys[1].txt
C:\Documents and Settings\a\Cookies\a@media6degrees[2].txt
C:\Documents and Settings\a\Cookies\a@ad.yieldmanager[1].txt
adsatt.espn.go.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
banners.securedataimages.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
cdn4.specificclick.net [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
core.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
i.adultswim.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
ia.media-imdb.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
lovelyteenmovs.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
media.crooksandliars.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
media.mtvnservices.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
media.scanscout.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
media.theonion.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
media.wkbw.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
media1.break.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
msnbcmedia.msn.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
objects.tremormedia.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
trailers.247teencash.net [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
www.naiadsystems.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
www.seventeenlive.com [ C:\Documents and Settings\a\Application Data\Macromedia\Flash Player\#SharedObjects\7EAZE846 ]
.microsoftsto.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media.adfrontiers.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.burstbeacon.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
fidelity.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
fidelity.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.gostats.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.network.realmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.examinercom.122.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.foxinteractivemedia.122.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.lockedonmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.fim.122.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.clicksor.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.yadro.ru [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.celeb-porn.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.celeb-porn.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
sex4share.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
sex4share.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultadworld.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultadworld.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.sex4share.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.sex4share.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.sex4share.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.lfstmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
optimize.indieclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.borders.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.s.clickability.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.s.clickability.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.sexlist.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.msnbc.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
1xxx.cqcounter.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.doctorteen.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.doctorteen.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ero-advertising.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adult-empire.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adult-empire.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.adult-empire.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.adult-empire.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.cracked.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.cracked.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.cracked.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.cbsdigitalmedia.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.skinnynudeteens.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.skinnynudeteens.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.pornless.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.pornless.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.precisiondialogue.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.find.monro.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.find.monro.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.find.monro.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.getiton.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.getiton.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.seventeenvideo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.seventeenvideo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.yourdailymedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.yourdailymedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.usatoday1.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
googleads.g.doubleclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
in.getclicky.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ad.doubleclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ehg-sportingbet.hitbox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ehg-sportingbet.hitbox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
user.lucidmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.mtvn.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.celebsextube.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.celebsextube.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
clicks.adengage.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.homemadecelebrityporn.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.homemadecelebrityporn.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.homemadecelebrityporn.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.secure.homemadecelebrityporn.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.secure.homemadecelebrityporn.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.mizzomedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.swapfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.swapfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.sexlist.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www4.addfreestats.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revenue.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.sexykittenporn.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.sexykittenporn.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
ads.zeusclicks.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.webpower.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
s.l.h.cltomedia.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.cltomedia.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
cltomedia.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
s.v.h.cltomedia.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
5.v.h.cltomedia.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.linksynergy.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.linksynergy.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.linksynergy.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
x.k.h.cltomedia.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.cleanadulthost.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.cleanadulthost.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.cleanadulthost.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
forum.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
forum.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
z.w.h.cltomedia.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.bzresults.122.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultswim.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
ads.adultswim.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
tour1.xxxmatch.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
wt.xxxmatch.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ehg-eset.hitbox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ordie.adbureau.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ordie.adbureau.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ordie.adbureau.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.solvemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.solvemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.andomedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.tracking.foxnews.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.tracking.foxnews.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
i.l.w.cltomedia.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
i.v.w.cltomedia.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
i.w.w.cltomedia.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.cracked.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www8.addfreestats.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
imagevenue.advertserve.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
imagevenue.advertserve.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.argentinawarez.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.argentinawarez.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.argentinawarez.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.argentinawarez.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.harrenmedianetwork.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.care2.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.clickbank.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.rosettamarketing.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www9.addfreestats.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.googleads.g.doubleclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.timeinc.122.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.mediapromoter.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.intermundomedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.intermundomedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.chicagosuntimes.122.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.nhl.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adtech.de [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
static.freewebs.getclicky.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.intermundomedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.whatthebleephasobamadonesofar.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.whatthebleephasobamadonesofar.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
whatthebleephasobamadonesofar.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.toplist.cz [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
click.payserve.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
serv12.bluffmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.teendaddy.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.grannyincestsex.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.grannyincestsex.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
trafficking.nabbr.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.mediaite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.mediaite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.mediaite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.mediaite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.mediaite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.mediaite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultadworld.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultadworld.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultadworld.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.xxxmatch.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.xxxmatch.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.hornymatches.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.hornymatches.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.hornymatches.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.hornymatches.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.hornymatches.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.hornymatches.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.hornymatches.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
cn.clickable.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
ads.crakmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media.brandreachsys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.media.brandreachsys.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultadworld.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.femalecompanions.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.femalecompanions.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.femalecompanions.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.femalecompanions.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.femalecompanions.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
pluckit.demandmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.gggsexbox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.gggsexbox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.gggsexbox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.join.gggsexbox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.join.gggsexbox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.www.burstnet.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.prnewswire.122.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.cracked.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.offers-kitnmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.offers-kitnmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.advanceinternet.122.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
googleads.g.doubleclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
ads.crakmedia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultswim.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
www.findeven.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
stats.gamestop.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
stats.gamestop.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
csm.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
csm.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
kingpinmedia.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.adultadworld.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.xxxmatch.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\cookies.sqlite ]
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\New Account\Cookies\new_account@atdmt[1].txt

Trojan.Unclassified/Cognac
HKU\.DEFAULT\Software\Cognac
HKU\S-1-5-18\Software\Cognac

Trojan.Agent/Gen
HKU\.DEFAULT\SOFTWARE\XML
HKU\.DEFAULT\SOFTWARE\XML#dig13
HKU\.DEFAULT\SOFTWARE\XML#dig15
HKU\.DEFAULT\SOFTWARE\XML#dig4
HKU\.DEFAULT\SOFTWARE\XML#dig5
HKU\.DEFAULT\SOFTWARE\XML#dig20
HKU\.DEFAULT\SOFTWARE\XML#dig25
HKU\.DEFAULT\SOFTWARE\XML#dig10
HKU\.DEFAULT\SOFTWARE\XML#str6
HKU\.DEFAULT\SOFTWARE\XML#str7
HKU\.DEFAULT\SOFTWARE\XML#str8
HKU\.DEFAULT\SOFTWARE\XML#str9
HKU\.DEFAULT\SOFTWARE\XML#str10
HKU\.DEFAULT\SOFTWARE\XML#str11
HKU\.DEFAULT\SOFTWARE\XML#str13
HKU\.DEFAULT\SOFTWARE\XML#str1
HKU\.DEFAULT\SOFTWARE\XML#str2
HKU\.DEFAULT\SOFTWARE\XML#str3
HKU\.DEFAULT\SOFTWARE\XML#str5
HKU\.DEFAULT\SOFTWARE\XML#dig7
HKU\.DEFAULT\SOFTWARE\XML#dig8
HKU\.DEFAULT\SOFTWARE\XML#dig6
HKU\.DEFAULT\SOFTWARE\XML#str16
HKU\.DEFAULT\SOFTWARE\XML#str17
HKU\.DEFAULT\SOFTWARE\XML#str18
HKU\.DEFAULT\SOFTWARE\XML#str19
HKU\.DEFAULT\SOFTWARE\XML#dig18
HKU\.DEFAULT\SOFTWARE\XML#dig17
HKU\.DEFAULT\SOFTWARE\XML#str22
HKU\.DEFAULT\SOFTWARE\XML#str23
HKU\.DEFAULT\SOFTWARE\XML#str24
HKU\.DEFAULT\SOFTWARE\XML#str25
HKU\.DEFAULT\SOFTWARE\XML#str26
HKU\.DEFAULT\SOFTWARE\XML#dig24
HKU\.DEFAULT\SOFTWARE\XML#dig23
HKU\.DEFAULT\SOFTWARE\XML#str130
HKU\.DEFAULT\SOFTWARE\XML#str15
HKU\.DEFAULT\SOFTWARE\XML#str128
HKU\.DEFAULT\SOFTWARE\XML#str129
HKU\.DEFAULT\SOFTWARE\XML#dig3
HKU\.DEFAULT\SOFTWARE\XML#str0
HKU\.DEFAULT\SOFTWARE\XML#str14
HKU\.DEFAULT\SOFTWARE\XML#dig21
HKU\.DEFAULT\SOFTWARE\XML#dig19
HKU\S-1-5-18\SOFTWARE\XML
HKU\S-1-5-18\SOFTWARE\XML#dig13
HKU\S-1-5-18\SOFTWARE\XML#dig15
HKU\S-1-5-18\SOFTWARE\XML#dig4
HKU\S-1-5-18\SOFTWARE\XML#dig5
HKU\S-1-5-18\SOFTWARE\XML#dig20
HKU\S-1-5-18\SOFTWARE\XML#dig25
HKU\S-1-5-18\SOFTWARE\XML#dig10
HKU\S-1-5-18\SOFTWARE\XML#str6
HKU\S-1-5-18\SOFTWARE\XML#str7
HKU\S-1-5-18\SOFTWARE\XML#str8
HKU\S-1-5-18\SOFTWARE\XML#str9
HKU\S-1-5-18\SOFTWARE\XML#str10
HKU\S-1-5-18\SOFTWARE\XML#str11
HKU\S-1-5-18\SOFTWARE\XML#str13
HKU\S-1-5-18\SOFTWARE\XML#str1
HKU\S-1-5-18\SOFTWARE\XML#str2
HKU\S-1-5-18\SOFTWARE\XML#str3
HKU\S-1-5-18\SOFTWARE\XML#str5
HKU\S-1-5-18\SOFTWARE\XML#dig7
HKU\S-1-5-18\SOFTWARE\XML#dig8
HKU\S-1-5-18\SOFTWARE\XML#dig6
HKU\S-1-5-18\SOFTWARE\XML#str16
HKU\S-1-5-18\SOFTWARE\XML#str17
HKU\S-1-5-18\SOFTWARE\XML#str18
HKU\S-1-5-18\SOFTWARE\XML#str19
HKU\S-1-5-18\SOFTWARE\XML#dig18
HKU\S-1-5-18\SOFTWARE\XML#dig17
HKU\S-1-5-18\SOFTWARE\XML#str22
HKU\S-1-5-18\SOFTWARE\XML#str23
HKU\S-1-5-18\SOFTWARE\XML#str24
HKU\S-1-5-18\SOFTWARE\XML#str25
HKU\S-1-5-18\SOFTWARE\XML#str26
HKU\S-1-5-18\SOFTWARE\XML#dig24
HKU\S-1-5-18\SOFTWARE\XML#dig23
HKU\S-1-5-18\SOFTWARE\XML#str130
HKU\S-1-5-18\SOFTWARE\XML#str15
HKU\S-1-5-18\SOFTWARE\XML#str128
HKU\S-1-5-18\SOFTWARE\XML#str129
HKU\S-1-5-18\SOFTWARE\XML#dig3
HKU\S-1-5-18\SOFTWARE\XML#str0
HKU\S-1-5-18\SOFTWARE\XML#str14
HKU\S-1-5-18\SOFTWARE\XML#dig21
HKU\S-1-5-18\SOFTWARE\XML#dig19

Adware.Casino Games (Golden Palace Casino)
C:\PROGRAM FILES\SPORTSBOOK.COM LITE\CASINO.EXE

Rootkit.TDSServ-Trace
C:\WINDOWS\SYSTEM32\TDSSOSVD.DAT

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\WITADR.DLL



OTL logfile created on: 11/28/2010 3:51:07 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\a\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 286.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1282 1540 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 8.25 Gb Free Space | 22.17% Space Free | Partition Type: NTFS
Drive F: | 128.00 Gb Total Space | 48.62 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
Drive G: | 170.09 Gb Total Space | 54.74 Gb Free Space | 32.18% Space Free | Partition Type: NTFS

Computer Name: FASTPC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\a\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\Support\Alert\bin\DAMon.exe ()
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
PRC - C:\WINDOWS\SYSTEM32\devldr32.exe (Creative Technology Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\a\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe File not found
SRV - (Ati HotKey Poller) -- C:\WINDOWS\System32\Ati2evxx.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found


========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (sptd) -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys (Duplex Secure Ltd.)
DRV - (SDTHOOK) -- C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS (Panda Software)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (CVirtA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (UdfReadr) -- C:\WINDOWS\System32\drivers\udfreadr.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (vcdrom) -- C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys (Microsoft Corporation)
DRV - (emu10k) Creative SB Live! Value (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1f.sys (Creative Technology Ltd.)
DRV - (rtl8139) -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys (Realtek Semiconductor Corporation )
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfman.sys (Creative Technology Ltd.)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (hpt3xx) -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (V124) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (SpeakerPhone) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys (Conexant)
DRV - (ctljystk) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys (Creative Technology Ltd.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlface.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PfModNT.sys (Creative Technology Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Home Page = http://balabolka.biz/start.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..network.proxy.no_proxies_on: "localhost"


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/08/04 22:16:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/09 10:42:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/09 10:47:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/28 22:28:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 22:21:54 | 000,000,000 | ---D | M]

[2010/06/25 19:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Mozilla\Extensions
[2010/06/25 19:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\a\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/25 19:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\extensions
[2010/08/05 22:09:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/25 18:17:17 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/09/25 19:40:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\ggisflgq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/09 11:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 11:04:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/01 12:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 12:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
[2010/04/01 12:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
[2010/09/25 22:21:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
[2010/09/25 22:21:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
[2010/09/25 22:21:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
[2010/09/25 22:21:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
[2010/09/25 22:21:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
[2010/09/25 22:21:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
[2010/04/01 10:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 10:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 10:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 10:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 10:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 10:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 10:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/10/02 20:10:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Oracle)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQINIT.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe ()
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Reg Error: Key error.)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab (Scanner.SysScanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamespyarcade.com/software/launch/alaunch.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37984.6371527778 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.mtb.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.237.161.12 71.250.0.12 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\) - C:\WINDOWS\ [2010/10/29 00:33:15 | 000,000,000 | ---D | M]
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/15 07:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/11 19:13:50 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 03:49:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
[2010/11/27 21:48:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/27 11:36:31 | 001,342,552 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\a\Desktop\TDSSKiller.exe
[2002/10/08 01:11:00 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[903 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/28 03:51:07 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3689853989-1376643981-488748980-1006.job
[2010/11/28 03:51:06 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3689853989-1376643981-488748980-1006.job
[2010/11/28 03:49:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\a\Desktop\OTL.exe
[2010/11/28 03:44:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/11/27 21:49:44 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/27 11:43:57 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\a\Desktop\MBRCheck.exe
[2010/11/27 11:36:34 | 000,001,226 | ---- | M] () -- C:\WINDOWS\pkzipw.INI
[2010/11/26 15:40:16 | 001,342,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\a\Desktop\TDSSKiller.exe
[2010/11/16 00:18:55 | 000,003,339 | ---- | M] () -- C:\Documents and Settings\a\Desktop\Attach.zip
[2010/11/15 23:08:37 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\a\Desktop\dds.scr
[2010/11/13 21:29:00 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\a\Desktop\Shortcut to RealPlayer Downloads.lnk
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\a\Desktop\gmer.exe
[2010/11/07 13:09:53 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/11/07 13:09:53 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[903 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/27 21:49:44 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/27 11:44:01 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\a\Desktop\MBRCheck.exe
[2010/11/16 00:18:55 | 000,003,339 | ---- | C] () -- C:\Documents and Settings\a\Desktop\Attach.zip
[2010/11/15 23:20:11 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\a\Desktop\gmer.exe
[2010/11/15 23:08:49 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\a\Desktop\dds.scr
[2010/11/13 21:29:00 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\a\Desktop\Shortcut to RealPlayer Downloads.lnk
[2010/08/08 17:50:46 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2010/03/07 12:13:01 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\Nd4uB3I0oF
[2010/03/04 20:43:20 | 000,003,782 | -HS- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\d3KSy4nSLAL
[2010/02/19 22:47:51 | 000,013,940 | -HS- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\v66l66MW5Tq
[2009/05/23 16:42:59 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/07/02 17:48:02 | 001,189,224 | ---- | C] () -- C:\WINDOWS\System32\LDecMpg42.dll
[2008/07/02 17:48:02 | 000,402,792 | ---- | C] () -- C:\WINDOWS\System32\LMMpgDmxP.dll
[2008/07/02 17:48:02 | 000,251,240 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2008/07/02 17:48:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ltserial.dll
[2008/04/13 18:27:03 | 000,000,231 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008/02/14 19:34:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/02/04 17:46:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll.bak
[2006/12/10 16:58:28 | 000,143,384 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/10/22 11:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/22 11:22:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2006/05/06 16:57:08 | 000,001,049 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2006/05/05 19:28:12 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/28 11:34:43 | 000,000,248 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2006/01/27 23:08:18 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/12/21 20:28:48 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GEEDGIII.ini
[2004/06/02 23:48:18 | 000,001,664 | ---- | C] () -- C:\WINDOWS\eqlsUIConfig.ini
[2004/06/01 20:59:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/06/01 20:59:07 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/06/01 20:57:56 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/03/23 22:03:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/03 13:21:42 | 000,000,587 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/23 20:33:12 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2003/11/23 20:33:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2003/11/23 20:33:11 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2003/10/16 18:28:31 | 000,002,398 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2003/10/16 18:23:25 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/07/01 19:16:17 | 000,000,021 | ---- | C] () -- C:\WINDOWS\COMPASS.INI
[2003/06/08 18:52:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/06/06 19:05:35 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2003/05/27 21:20:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2003/05/27 21:09:44 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2003/05/27 21:09:44 | 000,012,416 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2003/05/27 21:09:43 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\SIMANT.DLL
[2003/04/11 14:25:08 | 000,219,136 | ---- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/04/01 19:07:02 | 000,012,499 | ---- | C] () -- C:\WINDOWS\System32\EONSYSREV_1.DLL
[2003/01/03 12:07:20 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/10/30 20:09:06 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2002/10/19 18:52:05 | 000,001,226 | ---- | C] () -- C:\WINDOWS\pkzipw.INI
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/10/08 01:15:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/08 01:10:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/10/08 01:10:26 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/10/08 01:06:46 | 000,000,892 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/07 23:47:34 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/10/06 13:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 18:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 19:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 09:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002/04/19 10:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002/04/19 09:51:04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2001/11/15 08:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/11/15 07:31:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/08/18 06:00:00 | 000,000,320 | ---- | C] () -- C:\WINDOWS\System32\83ghh.ini
[2001/06/22 07:06:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/07/06 22:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\.minecraft
[2009/01/31 12:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\DAEMON Tools
[2009/01/31 12:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\DAEMON Tools Lite
[2009/01/31 12:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\DAEMON Tools Pro
[2010/01/14 18:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Free Download Manager
[2002/11/07 23:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\InterVideo
[2010/07/30 12:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Juniper Networks
[2003/07/20 21:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Leadertech
[2010/08/14 10:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\LolClient
[2009/02/16 13:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\LucasArts
[2004/06/01 16:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Lycos
[2009/04/20 17:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Opera
[2009/02/16 13:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\Petroglyph
[2008/06/05 23:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\RadLight Company
[2006/03/06 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\uqm
[2010/10/12 22:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\uTorrent
[2004/10/31 19:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\a\Application Data\winkq
[2002/10/08 01:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/01/31 12:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/01/19 03:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/10/12 06:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2007/09/30 22:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/07/30 12:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/07/18 18:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/13 21:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/12/13 13:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/11/18 18:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/09/12 12:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/03/22 02:16:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2010/07/05 23:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77D27163
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97

< End of report >



OTL Extras logfile created on: 11/28/2010 3:51:07 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\a\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 286.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1282 1540 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 8.25 Gb Free Space | 22.17% Space Free | Partition Type: NTFS
Drive F: | 128.00 Gb Total Space | 48.62 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
Drive G: | 170.09 Gb Total Space | 54.74 Gb Free Space | 32.18% Space Free | Partition Type: NTFS

Computer Name: FASTPC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57932:TCP" = 57932:TCP:*:Enabled:Pando Media Booster
"57932:UDP" = 57932:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57816:TCP" = 57816:TCP:*:Enabled:PandoRest Listening Port
"57979:TCP" = 57979:TCP:*:Enabled:PandoRest Listening Port
"56519:TCP" = 56519:TCP:*:Enabled:PandoRest Listening Port
"57932:TCP" = 57932:TCP:*:Enabled:Pando Media Booster
"57932:UDP" = 57932:UDP:*:Enabled:Pando Media Booster
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
"8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{16E9B508-3847-4950-8FE5-CF135152A603}" = QualityMotion Player
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{32714287-4234-412A-877B-D33AFABFDE2B}" = EverQuest Titanium
"{32A3A4F4-B792-11D6-A78A-00B0D0160040}" = Java™ SE Development Kit 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{679B4263-D335-45F6-B43E-DA89F2E0EC3A}" = ADOM Sage
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{79C9D412-C4B3-4B55-9A20-F5A3B7B277C9}" = Mame32
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FC2AF73-10ED-404E-84A8-636B452404FD}" = Realtek RTL8139 Diagnostics Program
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4D41F3-3EDA-4DAC-9403-839708EA0667}" = Install(US)2
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91E8A85F-2960-40ED-BA84-7F4567BB00C0}" = Dell | Support
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A9E140D0-1363-4949-8249-832281537F9F}" = LEAD MPEG-4 Video Decoder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D048A3AD-31D3-44A5-9D12-C4ADD3253B00}" = ActivePerl 5.6.1 Build 638
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.32
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Wonders II" = Age of Wonders II
"Age of Wonders Shadow Magic" = Age of Wonders Shadow Magic
"All ATI Software" = ATI - Software Uninstall Utility
"BFGC" = Big Fish Games Client
"Castle Wars_is1" = Castle Wars
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"CoH" = City of Heroes (remove only)
"Comical_is1" = Comical 0.8
"Cradle of Rome" = Cradle of Rome (remove only)
"Digital Media Converter_is1" = Digital Media Converter 2.57
"DivX Setup.divx.com" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 1856] [2008-02-10]
"Free Download Manager_is1" = Free Download Manager 2.5
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mpeg2Decoder_is1" = Mpeg2Decoder 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"Panda ActiveScan" = Panda ActiveScan
"PokerStars" = PokerStars
"QuickPar" = QuickPar 0.9
"RadLight 4.0" = RadLight 4.0 FINAL
"RealPlayer 12.0" = RealPlayer
"Roxio UDF Reader" = Roxio UDF Reader
"Shockwave" = Shockwave
"Sins of a Solar Empire" = Sins of a Solar Empire
"SmartPar" = SmartPar
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"sportsbook.com lite" = sportsbook.com lite
"ST6UNST #1" = MetalSpy
"Starcraft" = Starcraft
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tera Term Pro" = Tera Term Pro
"The 80 Classic Games" = Atari: The 80 Classic Games
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Total Annihilation" = Total Annihilation
"Total Annihilation: Kingdoms" = Total Annihilation: Kingdoms
"VLC media player" = VLC media player 1.1.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"yProxy" = yProxy

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"burst" = burst! v3.1.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2010 11:14:16 PM | Computer Name = FASTPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a61ae.

Error - 10/14/2010 7:18:14 PM | Computer Name = FASTPC | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.4.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/16/2010 2:46:23 PM | Computer Name = FASTPC | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.4.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/16/2010 2:47:52 PM | Computer Name = FASTPC | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.4.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2010 12:27:01 AM | Computer Name = FASTPC | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.8.7, faulting module
mplayerc.exe, version 6.4.8.7, fault address 0x001c0cb9.

Error - 11/8/2010 11:41:43 PM | Computer Name = FASTPC | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.4.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/11/2010 12:39:01 PM | Computer Name = FASTPC | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.4.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/15/2010 9:53:15 PM | Computer Name = FASTPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/16/2010 12:23:24 AM | Computer Name = FASTPC | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15530, faulting module
gmer.exe, version 1.0.15.15530, fault address 0x0000c551.

Error - 11/22/2010 8:21:21 PM | Computer Name = FASTPC | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.4.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/26/2010 2:17:19 AM | Computer Name = FASTPC | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2

Error - 11/26/2010 2:17:19 AM | Computer Name = FASTPC | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/26/2010 2:17:20 AM | Computer Name = FASTPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
UdfReadr_xp

Error - 11/27/2010 1:25:11 PM | Computer Name = FASTPC | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2

Error - 11/27/2010 1:25:11 PM | Computer Name = FASTPC | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/27/2010 1:25:13 PM | Computer Name = FASTPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
UdfReadr_xp

Error - 11/27/2010 10:49:50 PM | Computer Name = FASTPC | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 11/28/2010 4:44:42 AM | Computer Name = FASTPC | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2

Error - 11/28/2010 4:44:42 AM | Computer Name = FASTPC | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 11/28/2010 4:44:44 AM | Computer Name = FASTPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
UdfReadr_xp


< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:45 AM

Posted 28 November 2010 - 05:22 AM

There's some nasty traces of malware in the SAS log. TDSS and cognac are both persistent.

Please run OTL

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
[2010/03/07 12:13:01 | 000,014,176 | -HS- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\Nd4uB3I0oF
[2010/03/04 20:43:20 | 000,003,782 | -HS- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\d3KSy4nSLAL
[2010/02/19 22:47:51 | 000,013,940 | -HS- | C] () -- C:\Documents and Settings\a\Local Settings\Application Data\v66l66MW5Tq
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77D27163
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97
:commands
[EmptyTemp]
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please now run the PC through ESET's online scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#13 Baldric

Baldric
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 28 November 2010 - 06:57 PM

Here's the OTL log. ESET found nothing.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Documents and Settings\a\Local Settings\Application Data\Nd4uB3I0oF moved successfully.
C:\Documents and Settings\a\Local Settings\Application Data\d3KSy4nSLAL moved successfully.
C:\Documents and Settings\a\Local Settings\Application Data\v66l66MW5Tq moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:77D27163 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: a
->Temp folder emptied: 359450730 bytes
->Temporary Internet Files folder emptied: 354841615 bytes
->Java cache emptied: 282791 bytes
->FireFox cache emptied: 83723779 bytes
->Google Chrome cache emptied: 557424 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 878250 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 111826 bytes
->Flash cache emptied: 405 bytes

User: New Account
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4271559 bytes
%systemroot%\System32 .tmp files removed: 210221329 bytes
%systemroot%\System32\dllcache .tmp files removed: 4096 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 967.00 mb

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.17.3 log created on 11282010_141532

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:45 AM

Posted 28 November 2010 - 07:14 PM

It looks good to me, Baldric. :thumbup2:

Are you having any problems currently?
Posted Image
m0le is a proud member of UNITE

#15 Baldric

Baldric
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 29 November 2010 - 07:27 PM

Nope! If that's all you've got, then thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users