Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Processes killed / Redirected Searched


  • This topic is locked This topic is locked
9 replies to this topic

#1 Zink

Zink

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 15 May 2011 - 12:41 AM

Recently I was infected with 3 rogue software at the same time. XP Total Security, MS Recovey tool, Windows Recovery Tool(Same thing basically). I was able to remove them with the help of Malwarebytes, Hijack This, and RogueKiller. After they were gone I mentioned the accomplishment on facebook and a friends of mine told me to get MSE. So I looked it up on google and noticed something was redirecting my search results to random websites when clicked on.

So I downloaded MSE and got it installed but when I try to run it something kills it instantaneously, thinking the problem was the same culprit that was redirecting my search results I goggled it and learned about TDSS. TDSS "downloads and executes other malware, delivers advertisements to your computer, and block programs from running."(Bleeping computer removal guide) Thought that was what i was infected with,so I downloaded TDSSkiller, which this site provided the link for and followed your guides instruction ran its scan and sure enough I was infected by it under the name Alureon, it removed it no problem, I restarted and went to google to try it out, but much to my dismay it still does it and it wont let MSE boot either. I thought I would be sneaky and rename the .exe file name to .com.exe. It booted up and would start to update and then something would kill its connection to their update server.. and then it would kill the real-time protection after a few minutes not even allowing it enough time to scan 250 files. So I decided to download Stinger by McAfee off their website; ran that and found another infection and deleted it, restarted, and it was still doing it both in google and when trying to get MSE running.

Feeling defeated here I am. Let me know what you guys think it could be. Thank you in advance.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:39 AM

Posted 15 May 2011 - 12:59 AM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#3 Zink

Zink
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 15 May 2011 - 03:22 PM

Here is what you asked for. :D

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6582

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/15/2011 6:50:48 AM
mbam-log-2011-05-15 (06-50-48).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 248302
Time elapsed: 34 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Alex\my documents\downloads\keylogger\FreeKL.exe (PUP.FreeKeylogger) -> Not selected for removal.

===========================================================================================================================

===========================================================================================================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/15/2011 at 12:15 PM

Application Version : 4.52.1000

Core Rules Database Version : 7060
Trace Rules Database Version: 4872

Scan type : Complete Scan
Total Scan Time : 05:08:04

Memory items scanned : 238
Memory threats detected : 0
Registry items scanned : 5538
Registry threats detected : 1
File items scanned : 87401
File threats detected : 456

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
C:\Documents and Settings\Alex\Cookies\alex@clickaider[1].txt
C:\Documents and Settings\Alex\Cookies\alex@247realmedia[1].txt
C:\Documents and Settings\Alex\Cookies\alex@imrworldwide[2].txt
C:\Documents and Settings\Alex\Cookies\alex@adserv.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\Alex\Cookies\alex@lucidmedia[4].txt
C:\Documents and Settings\Alex\Cookies\alex@mediasrv[1].txt
C:\Documents and Settings\Alex\Cookies\alex@clicksor[1].txt
C:\Documents and Settings\Alex\Cookies\alex@doubleclick[1].txt
C:\Documents and Settings\Alex\Cookies\alex@adserver.adreactor[1].txt
C:\Documents and Settings\Alex\Cookies\alex@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Alex\Cookies\alex@cgi-bin[2].txt
C:\Documents and Settings\Alex\Cookies\alex@www.googleadservices[1].txt
C:\Documents and Settings\Alex\Cookies\alex@adxpose[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ru4[1].txt
C:\Documents and Settings\Alex\Cookies\alex@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\Alex\Cookies\alex@m1.mediasrv[2].txt
C:\Documents and Settings\Alex\Cookies\alex@realmedia[2].txt
C:\Documents and Settings\Alex\Cookies\alex@atdmt[2].txt
C:\Documents and Settings\Alex\Cookies\alex@adserving.versaneeds[2].txt
C:\Documents and Settings\Alex\Cookies\alex@invitemedia[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.react2media[1].txt
C:\Documents and Settings\Alex\Cookies\alex@harrenmedianetwork[1].txt
C:\Documents and Settings\Alex\Cookies\alex@content.yieldmanager[2].txt
C:\Documents and Settings\Alex\Cookies\alex@questionmarket[2].txt
C:\Documents and Settings\Alex\Cookies\alex@indoormedia.co[1].txt
C:\Documents and Settings\Alex\Cookies\alex@content.yieldmanager[3].txt
C:\Documents and Settings\Alex\Cookies\alex@trafficmp[1].txt
C:\Documents and Settings\Alex\Cookies\alex@adserver.adtechus[1].txt
C:\Documents and Settings\Alex\Cookies\alex@msnportal.112.2o7[1].txt
C:\Documents and Settings\Alex\Cookies\alex@specificmedia[1].txt
C:\Documents and Settings\Alex\Cookies\alex@advertnation[2].txt
C:\Documents and Settings\Alex\Cookies\alex@yieldmanager[1].txt
C:\Documents and Settings\Alex\Cookies\alex@crackle[2].txt
C:\Documents and Settings\Alex\Cookies\alex@api.socialmedia[1].txt
C:\Documents and Settings\Alex\Cookies\alex@pointroll[1].txt
C:\Documents and Settings\Alex\Cookies\alex@zedo[2].txt
C:\Documents and Settings\Alex\Cookies\alex@advertising[2].txt
C:\Documents and Settings\Alex\Cookies\alex@in.getclicky[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ad.wsod[2].txt
C:\Documents and Settings\Alex\Cookies\alex@rotator.adjuggler[2].txt
C:\Documents and Settings\Alex\Cookies\alex@mediaplex[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.pointroll[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.pubmatic[1].txt
C:\Documents and Settings\Alex\Cookies\alex@serving-sys[1].txt
C:\Documents and Settings\Alex\Cookies\alex@adbrite[1].txt
C:\Documents and Settings\Alex\Cookies\alex@pro-market[2].txt
C:\Documents and Settings\Alex\Cookies\alex@media6degrees[1].txt
C:\Documents and Settings\Alex\Cookies\alex@dc.tremormedia[1].txt
C:\Documents and Settings\Alex\Cookies\alex@cgi-bin[1].txt
C:\Documents and Settings\Alex\Cookies\alex@lucidmedia[2].txt
C:\Documents and Settings\Alex\Cookies\alex@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ad.yieldmanager[3].txt
C:\Documents and Settings\Alex\Cookies\alex@network.realmedia[2].txt
C:\Documents and Settings\Alex\Cookies\alex@interclick[1].txt
C:\Documents and Settings\Alex\Cookies\alex@lucidmedia[3].txt
C:\Documents and Settings\Alex\Cookies\alex@myroitracking[1].txt
C:\Documents and Settings\Alex\Cookies\alex@revsci[1].txt
C:\Documents and Settings\Alex\Cookies\alex@tribalfusion[2].txt
C:\Documents and Settings\Alex\Cookies\alex@mediabrandsww[2].txt
C:\Documents and Settings\Alex\Cookies\alex@adjuggler[1].txt
C:\Documents and Settings\Alex\Cookies\alex@statcounter[2].txt
C:\Documents and Settings\Alex\Cookies\alex@trafficking.nabbr[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.inextmedia[1].txt
C:\Documents and Settings\Alex\Cookies\alex@collective-media[1].txt
C:\Documents and Settings\Alex\Cookies\alex@bs.serving-sys[1].txt
C:\Documents and Settings\Alex\Cookies\alex@insightexpressai[2].txt
C:\Documents and Settings\Alex\Cookies\alex@a1.interclick[1].txt
C:\Documents and Settings\Alex\Cookies\alex@specificclick[2].txt
C:\Documents and Settings\Alex\Cookies\alex@atdmt[1].txt
C:\Documents and Settings\Alex\Cookies\alex@fastclick[1].txt
C:\Documents and Settings\Alex\Cookies\alex@apmebf[1].txt
C:\Documents and Settings\Alex\Cookies\alex@socialmedia[2].txt
C:\Documents and Settings\Alex\Cookies\alex@vidasco.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\Alex\Cookies\alex@popcapgames.122.2o7[1].txt
C:\Documents and Settings\Alex\Cookies\alex@lucidmedia[5].txt
C:\Documents and Settings\Alex\Cookies\alex@eyewonder[2].txt
C:\Documents and Settings\Alex\Cookies\alex@eas.apm.emediate[1].txt
.adxpose.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
www.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
www.find-quick-results.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.dexporn.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.dexporn.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.adxpansion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.dexporn.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.bizzclick.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bl0h5esb.default\cookies.sqlite ]
cdn.insights.gravity.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
cdn4.specificclick.net [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
convoad.technoratimedia.net [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
crackle.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
ec.atdmt.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
ia.media-imdb.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
interclick.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
m1.2mdn.net [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media.fleshlight.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media.ktvb.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media.kyte.tv [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media.mtvnservices.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media.mtvu.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media.nbcphiladelphia.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media.oprah.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media.scanscout.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media.xfire.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media01.kyte.tv [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media1.break.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
media2.firstshowing.net [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
mediaplex.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
mediaserver.vrxstudios.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
msnbcmedia.msn.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
naiadsystems.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
objects.tremormedia.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
s0.2mdn.net [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
sftrack.searchforce.net [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
udn.specificclick.net [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
us.media.blizzard.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
www.naiadsystems.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
www.pornhub.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
wwwstatic.megaporn.com [ C:\Documents and Settings\Alex\Application Data\Macromedia\Flash Player\#SharedObjects\ZKSPYMWP ]
.doubleclick.net [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xroc81nm.default\cookies.sqlite ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\BAUKVST8 ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\BAUKVST8 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\BAUKVST8 ]
spe.atdmt.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\BAUKVST8 ]
C:\Documents and Settings\LocalService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adxpose[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ar.atwola[1].txt
C:\Documents and Settings\LocalService\Cookies\system@at.atwola[2].txt
C:\Documents and Settings\LocalService\Cookies\system@beacon.dmsinsights[2].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bridefinds[2].txt
C:\Documents and Settings\LocalService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\LocalService\Cookies\system@cdn.jemamedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@click.fastpartner[1].txt
C:\Documents and Settings\LocalService\Cookies\system@clicks.zippyfind[1].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@enhance[2].txt
C:\Documents and Settings\LocalService\Cookies\system@findology[2].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\LocalService\Cookies\system@interclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\LocalService\Cookies\system@lfstmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@liveperson[1].txt
C:\Documents and Settings\LocalService\Cookies\system@liveperson[3].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[3].txt
C:\Documents and Settings\LocalService\Cookies\system@media.adfrontiers[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\LocalService\Cookies\system@r2.unicornmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@revsci[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[1].txt
C:\Documents and Settings\LocalService\Cookies\system@search.clicksthis[1].txt
C:\Documents and Settings\LocalService\Cookies\system@search.clickwhale[2].txt
C:\Documents and Settings\LocalService\Cookies\system@server.cpmstar[2].txt
C:\Documents and Settings\LocalService\Cookies\system@shefinds[2].txt
C:\Documents and Settings\LocalService\Cookies\system@socialmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@tacoda[1].txt
C:\Documents and Settings\LocalService\Cookies\system@tracking.foxnews[2].txt
C:\Documents and Settings\LocalService\Cookies\system@trafficengine[2].txt
C:\Documents and Settings\LocalService\Cookies\system@www.bridefinds[2].txt
C:\Documents and Settings\LocalService\Cookies\system@www.burstnet[2].txt
C:\Documents and Settings\LocalService\Cookies\system@www.find-quick-results[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.findstuff[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.shefinds[1].txt
C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@zippyfind[1].txt
crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TQXSYBLY ]
media.kyte.tv [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TQXSYBLY ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TQXSYBLY ]
msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TQXSYBLY ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TQXSYBLY ]
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adknowledge[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.ad4game[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.associatedcontent[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.blogtalkradio[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.financialcontent[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lycos[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lycos[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.monster[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.shorttail[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserv.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserv.rotator.hadj7.adjuggler[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserving.localpages[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertisefirst[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertnation[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertnation[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ar.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ar.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@associatedcontent.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cbs.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn1.trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.thespecialsearch[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicksor[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@crackle[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@d.mediadakine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@educationcom.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@indieclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@interchangecorporation.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@intermundomedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.adfrontiers[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.adfrontiers[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@movieticketscom.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mtvn.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@optimize.indieclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@p216t1s859069.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.amazeclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.orfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.seekfinds[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.seekfinds[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@searchnet.chitika[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@server.cpmstar[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@t.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@t.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tradedoubler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tradedoubler[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficking.nabbr[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficking.nabbr[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@uiadserver[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.find-quick-results[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findeven[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findeven[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findsearchengineresults[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findstuff[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[3].txt

Keylogger.Actual Spy
C:\WINDOWS\system\actualspystart.lnk

===========================================================================================================================

===========================================================================================================================

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-15 15:15:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5 WDC_WD2500KS-00MJB0 rev.02.01C03
Running: 3ku02uno.exe; Driver: C:\DOCUME~1\Alex\LOCALS~1\Temp\kwddqkod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5022380, 0x3DEB95, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 02B9BD87
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02B9CD56
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02B9C8CB
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02B9CAF2
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 02B9BCC6
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02B9C970
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02B9CA1E
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 02B9C15D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 02B9CFE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 02B9D514
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 02B9CF14
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 02B9D430
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 02B9D8D4
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 02B9D9A1
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02B9C23C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 02B9D349
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 02B9D187
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 02B9CDFD
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 02B9D0AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 02B9D262
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] WININET.dll!InternetCrackUrlW 3D9340C0 5 Bytes JMP 02B9DDB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2576] WININET.dll!InternetCrackUrlA 3D954928 5 Bytes JMP 02B9DC67

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!SetWindowPlacement] [66603F0E] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!MoveWindow] [66603F52] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!GetWindowPlacement] [66603F30] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!LoadImageW] [6602AD34] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!CallWindowProcW] [66604121] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!SendMessageW] [6602B7E6] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TrackPopupMenuEx] [6602B7B4] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TrackPopupMenu] [6602B77F] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\Explorer.EXE [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [66604121] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SendMessageW] [6602B7E6] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [6602B77F] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [6602B7B4] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!LoadImageW] [6602AD34] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SendMessageW] [6602B7E6] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [66604121] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [666040F4] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!LoadImageW] [6602AD34] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SendMessageW] [6602B7E6] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SizeofResource] [66028C6C] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FindResourceW] [6602AC6B] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadResource] [66028D2B] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6602878C] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [6602B7B4] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!LoadStringW] [66028D30] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!LoadImageW] [6602AD34] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SendMessageW] [6602B7E6] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [66603F30] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [6602B77F] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [66604121] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\WINDOWS\Explorer.EXE[1992] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [6602B7B4] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [66603F30] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [6602B77F] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [6602B77F] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [6602B7B4] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2576] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [6602B7B4] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [66603F30] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [6602B77F] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [6602B77F] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [6602B7B4] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [66603F52] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6602B73E] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6602B6E1] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6602B6E7] C:\Program Files\AlienGUIse\WBlind.dll (WindowBlinds/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [66603F82] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Documents and Settings\Alex\My Documents\Downloads\3ku02uno.exe[2744] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\AlienGUIse\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:39 AM

Posted 15 May 2011 - 05:54 PM

Can you post the log that TDSSKiller created?

#5 Zink

Zink
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 15 May 2011 - 08:06 PM

Yea here it is took some searching..

2011/05/13 02:51:06.0343 2744 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/13 02:51:06.0937 2744 ================================================================================
2011/05/13 02:51:06.0937 2744 SystemInfo:
2011/05/13 02:51:06.0937 2744
2011/05/13 02:51:06.0937 2744 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/13 02:51:06.0937 2744 Product type: Workstation
2011/05/13 02:51:06.0937 2744 ComputerName: ALEX-6C69A828BA
2011/05/13 02:51:06.0937 2744 UserName: Alex
2011/05/13 02:51:06.0937 2744 Windows directory: C:\WINDOWS
2011/05/13 02:51:06.0937 2744 System windows directory: C:\WINDOWS
2011/05/13 02:51:06.0937 2744 Processor architecture: Intel x86
2011/05/13 02:51:06.0937 2744 Number of processors: 2
2011/05/13 02:51:06.0937 2744 Page size: 0x1000
2011/05/13 02:51:06.0937 2744 Boot type: Normal boot
2011/05/13 02:51:06.0937 2744 ================================================================================
2011/05/13 02:51:07.0546 2744 Initialize success
2011/05/13 02:51:09.0671 2828 ================================================================================
2011/05/13 02:51:09.0671 2828 Scan started
2011/05/13 02:51:09.0671 2828 Mode: Manual;
2011/05/13 02:51:09.0671 2828 ================================================================================
2011/05/13 02:51:11.0796 2828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/13 02:51:11.0843 2828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/13 02:51:11.0968 2828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/13 02:51:12.0031 2828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/13 02:51:12.0640 2828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/13 02:51:12.0687 2828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/13 02:51:12.0765 2828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/13 02:51:12.0812 2828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/13 02:51:12.0890 2828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/13 02:51:12.0953 2828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/13 02:51:13.0000 2828 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/13 02:51:13.0062 2828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/13 02:51:13.0093 2828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/13 02:51:13.0140 2828 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/13 02:51:13.0468 2828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/13 02:51:13.0546 2828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/13 02:51:13.0593 2828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/13 02:51:13.0640 2828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/13 02:51:13.0703 2828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/13 02:51:13.0812 2828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/13 02:51:13.0937 2828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/13 02:51:13.0984 2828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/13 02:51:14.0031 2828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/13 02:51:14.0046 2828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/13 02:51:14.0078 2828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/13 02:51:14.0109 2828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/13 02:51:14.0125 2828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/13 02:51:14.0281 2828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/13 02:51:14.0296 2828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/13 02:51:14.0375 2828 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/13 02:51:14.0453 2828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/13 02:51:14.0531 2828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/13 02:51:14.0593 2828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/13 02:51:14.0843 2828 IntcAzAudAddService (8998a1e6f899f790e5eff9cd2c431a23) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/13 02:51:14.0953 2828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/13 02:51:14.0968 2828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/13 02:51:15.0015 2828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/13 02:51:15.0046 2828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/13 02:51:15.0125 2828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/13 02:51:15.0203 2828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/13 02:51:15.0281 2828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/13 02:51:15.0343 2828 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
2011/05/13 02:51:15.0375 2828 JRAID (f5bf72eabc7e160bb6624168aad52dfe) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/05/13 02:51:15.0437 2828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/13 02:51:15.0484 2828 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/13 02:51:15.0562 2828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/13 02:51:15.0609 2828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/13 02:51:15.0890 2828 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/05/13 02:51:15.0953 2828 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/05/13 02:51:16.0046 2828 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/05/13 02:51:16.0156 2828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/13 02:51:16.0234 2828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/13 02:51:16.0250 2828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/13 02:51:16.0296 2828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/13 02:51:16.0328 2828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/13 02:51:16.0421 2828 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/05/13 02:51:16.0593 2828 MpKsld04c4712 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EAA41C4-DD93-424E-BCA8-CFA703BBDEF8}\MpKsld04c4712.sys
2011/05/13 02:51:16.0656 2828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/13 02:51:16.0687 2828 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/13 02:51:16.0781 2828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/13 02:51:16.0843 2828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/13 02:51:16.0890 2828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/13 02:51:16.0921 2828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/13 02:51:16.0984 2828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/13 02:51:17.0031 2828 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/13 02:51:17.0078 2828 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/13 02:51:17.0125 2828 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/13 02:51:17.0156 2828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/13 02:51:17.0218 2828 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/13 02:51:17.0265 2828 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/13 02:51:17.0312 2828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/13 02:51:17.0375 2828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/13 02:51:17.0406 2828 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/13 02:51:17.0437 2828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/13 02:51:17.0468 2828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/13 02:51:17.0609 2828 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/05/13 02:51:17.0656 2828 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2011/05/13 02:51:17.0703 2828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/13 02:51:17.0781 2828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/13 02:51:17.0890 2828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/13 02:51:18.0109 2828 nv (f85e109844787668ce8aab54ef14362a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/13 02:51:18.0328 2828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/13 02:51:18.0375 2828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/13 02:51:18.0437 2828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/13 02:51:18.0468 2828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/13 02:51:18.0515 2828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/13 02:51:18.0578 2828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/13 02:51:18.0906 2828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/13 02:51:18.0937 2828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/13 02:51:19.0265 2828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/13 02:51:19.0312 2828 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/13 02:51:19.0375 2828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/13 02:51:19.0453 2828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/13 02:51:19.0671 2828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/13 02:51:19.0718 2828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/13 02:51:19.0765 2828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/13 02:51:19.0796 2828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/13 02:51:19.0859 2828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/13 02:51:19.0875 2828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/13 02:51:19.0968 2828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/13 02:51:20.0015 2828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/13 02:51:20.0078 2828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/13 02:51:20.0234 2828 rt2870 (678c8fdb9d6094d41f322b7159853c54) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/05/13 02:51:20.0359 2828 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/05/13 02:51:20.0437 2828 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/13 02:51:20.0531 2828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/13 02:51:20.0609 2828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/13 02:51:20.0640 2828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/13 02:51:20.0750 2828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/13 02:51:20.0906 2828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/13 02:51:21.0015 2828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/13 02:51:21.0046 2828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/13 02:51:21.0125 2828 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/13 02:51:21.0234 2828 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/13 02:51:21.0312 2828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/13 02:51:21.0359 2828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/13 02:51:21.0656 2828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/13 02:51:21.0750 2828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/13 02:51:21.0828 2828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/13 02:51:21.0921 2828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/13 02:51:21.0968 2828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/13 02:51:22.0140 2828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/13 02:51:22.0296 2828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/13 02:51:22.0375 2828 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/13 02:51:22.0437 2828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/13 02:51:22.0468 2828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/13 02:51:22.0515 2828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/13 02:51:22.0562 2828 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/13 02:51:22.0609 2828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/13 02:51:22.0656 2828 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/13 02:51:22.0734 2828 usbvm328 (6dc94d0d4f2472056d14e987f729eccb) C:\WINDOWS\system32\Drivers\usbvm326.sys
2011/05/13 02:51:22.0796 2828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/13 02:51:22.0906 2828 vmfilter323 (6c21422d47ed3d8f65ed667bfd1cc759) C:\WINDOWS\system32\drivers\vmfilter323.sys
2011/05/13 02:51:22.0984 2828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/13 02:51:23.0062 2828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/13 02:51:23.0187 2828 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/13 02:51:23.0343 2828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/13 02:51:23.0531 2828 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/05/13 02:51:23.0609 2828 WLAN(WLAN) (b183823cfa0ec393556261a817cd4ad8) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
2011/05/13 02:51:23.0687 2828 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/13 02:51:23.0843 2828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/13 02:51:23.0906 2828 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/13 02:51:23.0953 2828 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/13 02:51:24.0062 2828 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/05/13 02:51:24.0156 2828 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/05/13 02:51:24.0296 2828 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/13 02:51:25.0937 2828 ================================================================================
2011/05/13 02:51:25.0937 2828 Scan finished
2011/05/13 02:51:25.0937 2828 ================================================================================
2011/05/13 02:51:25.0968 2832 Detected object count: 1
2011/05/13 02:51:42.0937 2832 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/13 02:51:42.0937 2832 \HardDisk0 - ok
2011/05/13 02:51:42.0937 2832 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/13 02:51:47.0031 2708 Deinitialize success

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:39 AM

Posted 15 May 2011 - 08:17 PM

I am going to have you get a deeper look to make sure that there are no remnants.

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#7 Zink

Zink
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 15 May 2011 - 08:34 PM

I read over that guide can i use the same gmer log i just gave you? and it may take awhile to post everything i dont have anything to back my data up on at the moment.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:39 AM

Posted 15 May 2011 - 08:50 PM

Just do as much as you can, and yes use the same gmer log as you used here.

#9 Zink

Zink
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 16 May 2011 - 07:46 PM

http://www.bleepingcomputer.com/forums/topic397790.html

#10 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:02:39 AM

Posted 16 May 2011 - 08:08 PM

Since you have a log posted, this topic is now closed. Please follow only the advice of the helper that takes your log.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users