Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not a Valid Win32 Application


  • Please log in to reply
12 replies to this topic

#1 lokoryan

lokoryan

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:09 AM

Posted 16 May 2011 - 01:23 AM

Hi All,

At the moment, I'm unable to open any applications including my usual anti-spyware tools such as Malwarebytes, Spyware Doctor, and SpyBot. When I try, a message would pop up to the effect of "[filename] is not a valid Win32 application." I've tried renaming the .exe file, but I would still get the same error message. I also did this in Safe Mode, but same results.

This all happened when I was browsing online (using Firefox) opening up a slew of sites on different tabs. I have been to all of these sites hundreds of times before and they are totally legit and trusted sites (film blogs, etc.). It took longer than usual for them to download and when they did Firefox closed and I was greeted by two fake anti-virus software pop-ups. I should've noted their names, but I immediately closed them and tried to run Malwarebytes. And as I said above, that didn't work. And that's where I am right now.

I googled my problem and this seems to be related to Bagle/Beagle? Is there anything to confirm this? If it is, what should my next steps be? Any guidance would be much appreciated.

My operation system is Windows XP.

Many thanks.

- Ryan

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:09 AM

Posted 19 May 2011 - 12:41 PM

Hello and welocme..
Let try it like this. Run this first and then MBAm and post that log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


EXE Helper
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Edited by boopme, 19 May 2011 - 12:42 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 lokoryan

lokoryan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:09 AM

Posted 19 May 2011 - 06:27 PM

Hi boopme! Thanks for your help. Here are the logs you requested:

exeHelper by Raktor
Build 20100414
Run at 17:38:55 on 05/19/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

After that I was able to run MBAM which I never thought I'd be able to do. It only found file infected. Here's the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5725

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/19/2011 7:19:11 PM
mbam-log-2011-05-19 (19-19-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 289995
Time elapsed: 1 hour(s), 33 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Ryan\local settings\temp\0.3783346705396641.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:09 AM

Posted 19 May 2011 - 07:38 PM

Ok, that was good now a safe mode scan and tell me how it is after.

Next run ATF and SAS:

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Reboot to Normal mode MBAM seems to not have fully updated. Last look was 6620 and your log shows Database version: 5725

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 lokoryan

lokoryan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:09 AM

Posted 19 May 2011 - 08:22 PM

Thanks. I actually updated MBAM already and ran it again after the first time (BUT NOT on SAFE MODE) and it found a few more. Here's the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6620

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/19/2011 9:06:49 PM
mbam-log-2011-05-19 (21-06-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 304226
Time elapsed: 1 hour(s), 32 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\wmstms.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\itesocukexugu.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bfedubasebiweyif (Trojan.Hiloti) -> Value: Bfedubasebiweyif -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dfinuk (IPH.Trojan.Hiloti.B) -> Value: Dfinuk -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\wmstms.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\itesocukexugu.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot.
c:\documents and settings\Ryan\application data\Adobe\plugs\mmc741143250.txt (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Ryan\application data\Sun\Java\deployment\cache\6.0\53\253c3975-1a6aac51 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ryan\application data\Adobe\plugs\mmc195.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Ryan\2gweorjqjutp92vjy9gake (Malware.Trace) -> Quarantined and deleted successfully.

Now, I'll do the next steps you've laid out here, including running MBAM again in SAFE MODE. Thanks.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:09 AM

Posted 19 May 2011 - 08:29 PM

Scanning with MBAM in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, it loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails.

There are times we have to run it in Safe,but when we can we use normal, now SAS is the opposite.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 lokoryan

lokoryan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:09 AM

Posted 20 May 2011 - 08:47 AM

You're right. When I ran MBAM again in safe mode, it didn't find anything else so I just went and ran ATFCleaner and SAS as you said. Here's the log for SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2011 at 04:20 AM

Application Version : 4.51.1000

Core Rules Database Version : 7096
Trace Rules Database Version: 4908

Scan type : Complete Scan
Total Scan Time : 04:28:08

Memory items scanned : 230
Memory threats detected : 0
Registry items scanned : 8246
Registry threats detected : 6
File items scanned : 110626
File threats detected : 342

System.BrokenFileAssociation
HKCR\.exe

Rogue.Component/Trace
HKLM\Software\Microsoft\BCB80A04
HKLM\Software\Microsoft\BCB80A04#bcb80a04
HKLM\Software\Microsoft\BCB80A04#Version
HKLM\Software\Microsoft\BCB80A04#bcb8a784
HKLM\Software\Microsoft\BCB80A04#bcb8ce61

Adware.Tracking Cookie
media01.kyte.tv [ C:\Documents and Settings\Dad\Application Data\Macromedia\Flash Player\#SharedObjects\BNTJBNLZ ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Q9NVUQS9 ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Q9NVUQS9 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\Q9NVUQS9 ]
105-bmp.googleadservices.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
2mdn.net [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
adknowledge.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
broadcast.piximedia.fr [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
cdn4.specificclick.net [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
emea.2mdn.net [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
files.adbrite.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
interclick.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
linkinpark.media.sparkart.net [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
macromedia.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
media.mtvnservices.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
media.scanscout.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
media.sparkart.net [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
media.tattomedia.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
media01.kyte.tv [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
media1.break.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
objects.tremormedia.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
pornotube.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
stat.radioblogclub.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
video.redorbit.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
web.adknowledge.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
www.soundclick.com [ C:\Documents and Settings\Patrick\Application Data\Macromedia\Flash Player\#SharedObjects\6B8ZHGR2 ]
.atdmt.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.media.mtvnservices.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
media.mtvnservices.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.yieldmanager.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.rambler.ru [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adopt.euroclick.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
webtrack.dhlglobalmail.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
webtrack.dhlglobalmail.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.webtrack.dhlglobalmail.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.network.realmedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.devart.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
www6.addfreestats.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.b5media.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.e-2dj6wjkyshajmlp.stats.esomniture.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.paypal.112.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.stats.paypal.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adopt.specificclick.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.exittracking.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.exittracking.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.highbeam.122.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.game-advertising-online.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.iacas.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adultadworld.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.hornymatches.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.redorbit.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.redorbit.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.redorbit.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
tour.sexsearchcom.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
wt.sexsearch.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.media.photobucket.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.buzznet.112.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.media.revlon-sample.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.bizrate.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
stat.onestat.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.cnetasiapacific.122.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.warnerbros.112.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.kakakucom.112.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.popunderadvertise.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
www.adtrak.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
counter.top.ge [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
counter.top.ge [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
counter.top.ge [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
counter.top.ge [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.banners.exitexchange.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adcentriconline.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.qnsr.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
adserv.brandaffinity.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.gostats.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adtech.de [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.nextag.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.bizrate.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.bizrate.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.bizrate.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.track.parse.ly [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.traveladvertising.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.traveladvertising.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.traveladvertising.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\lic63lqn.default\cookies.sqlite ]
a.media.abcfamily.go.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
a.media.community.abcfamily.go.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
bbca.channelfinder.net [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
broadcast.piximedia.fr [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
cdn.insights.gravity.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
cdn2.themis-media.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
cdn4.specificclick.net [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
cloudfront.mediamatters.org [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
demos.immersivemedia.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
ds.serving-sys.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
ec.atdmt.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
files.adbrite.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
host-d.oddcast.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
i.adultswim.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
ia.media-imdb.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
ictv-cdn-hw.indieclicktv.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
ictv-tf-ec.indieclicktv.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
indieclick.3janecdn.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
interclick.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
m1.2mdn.net [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
macromedia.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.bimvid.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.colton-haynes.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.expedia.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.hamptonroads.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.ign.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.jambocast.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.kgw.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.kyte.tv [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.movieweb.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.mtvnservices.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.mtvu.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.myfoxmaine.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.noob.us [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.scanscout.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.socialvibe.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.tattomedia.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.theonion.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.wcnc.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media.whosay.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media01.kyte.tv [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media1.break.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media1.nfb.ca [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media10.washingtonpost.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
media2.firstshowing.net [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
msnbcmedia.msn.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
objects.tremormedia.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
oddcast.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
picayune.uclick.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
pointroll.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
reelinsight.podomatic.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
secure-uk.imrworldwide.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
serving-sys.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
spe.atdmt.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
tracksimple.s3.amazonaws.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
twitchfilm.indieclicktv.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
udn.specificclick.net [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
videos.mediaite.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
widgets.buddymedia.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]
zedo.com [ C:\Documents and Settings\Ryan\Application Data\Macromedia\Flash Player\#SharedObjects\L9YSJHJ9 ]

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP433\A0025299.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP433\A0025300.DLL

Rootkit.TDSServ-Trace
C:\WINDOWS\SYSTEM32\TDSSMTVE.DAT

My computer seems to be okay now. Thank you SO MUCH for all of your help.

#8 lokoryan

lokoryan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:09 AM

Posted 21 May 2011 - 05:41 PM

So everything is looking fine, except now there seems to be a problem with svchost.exe.

From time to time (for an extended time), it's hogging memory usage and CPU slowing down my computer. Now I know it's normal for this to happen if I'm doing a lot of things or have a lot of tabs open on my browser, but now it's doing this when I'm on a single web page or even when I'm doing absolutely nothing at all. Is this is anyway related to the virus I may have had (still have?) or to the ways that we got rid of the virus?

I ran all of the anti-spyware software again just to make sure I didn't miss anything, but none found anything. So I'm a bit stumped.

Thanks for your assistance.

Edited by lokoryan, 21 May 2011 - 05:42 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:09 AM

Posted 22 May 2011 - 09:29 PM

OK, first sorry we had construction and lost internet.
Go in the system tray(by the clock) see if ther's an SAS icon there. if so open and Close/End SAS. This may be some slowness.


We still mat have a TDSS infection.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • [color=green]Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 lokoryan

lokoryan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:09 AM

Posted 23 May 2011 - 12:19 AM

No worries, thanks for your help! And it seems to were right. Both of the scans found something and at the moment seems to fix it.

Here's the log from the TDSSKiller:

2011/05/22 23:28:56.0142 3260 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 23:28:56.0439 3260 ================================================================================
2011/05/22 23:28:56.0439 3260 SystemInfo:
2011/05/22 23:28:56.0439 3260
2011/05/22 23:28:56.0439 3260 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/22 23:28:56.0439 3260 Product type: Workstation
2011/05/22 23:28:56.0439 3260 ComputerName: PAT
2011/05/22 23:28:56.0439 3260 UserName: Ryan
2011/05/22 23:28:56.0439 3260 Windows directory: C:\WINDOWS
2011/05/22 23:28:56.0439 3260 System windows directory: C:\WINDOWS
2011/05/22 23:28:56.0439 3260 Processor architecture: Intel x86
2011/05/22 23:28:56.0439 3260 Number of processors: 2
2011/05/22 23:28:56.0439 3260 Page size: 0x1000
2011/05/22 23:28:56.0439 3260 Boot type: Normal boot
2011/05/22 23:28:56.0439 3260 ================================================================================
2011/05/22 23:28:56.0798 3260 Initialize success
2011/05/22 23:29:34.0978 3000 ================================================================================
2011/05/22 23:29:34.0978 3000 Scan started
2011/05/22 23:29:34.0978 3000 Mode: Manual;
2011/05/22 23:29:34.0978 3000 ================================================================================
2011/05/22 23:29:36.0540 3000 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/22 23:29:36.0587 3000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/22 23:29:36.0634 3000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/22 23:29:36.0680 3000 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/22 23:29:36.0727 3000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/22 23:29:36.0790 3000 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/22 23:29:36.0837 3000 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/22 23:29:36.0899 3000 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/22 23:29:36.0962 3000 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/22 23:29:36.0993 3000 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/22 23:29:37.0024 3000 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/22 23:29:37.0071 3000 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/22 23:29:37.0102 3000 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/22 23:29:37.0180 3000 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/22 23:29:37.0196 3000 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/22 23:29:37.0243 3000 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/22 23:29:37.0258 3000 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/22 23:29:37.0290 3000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/22 23:29:37.0352 3000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/22 23:29:37.0399 3000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/22 23:29:37.0462 3000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/22 23:29:37.0508 3000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/22 23:29:37.0571 3000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/22 23:29:37.0665 3000 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
2011/05/22 23:29:37.0790 3000 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/22 23:29:37.0821 3000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/22 23:29:37.0883 3000 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/22 23:29:37.0930 3000 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/22 23:29:37.0977 3000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/22 23:29:38.0008 3000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/22 23:29:38.0040 3000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/22 23:29:38.0196 3000 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/22 23:29:38.0289 3000 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/22 23:29:38.0336 3000 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2011/05/22 23:29:38.0368 3000 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
2011/05/22 23:29:38.0414 3000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/22 23:29:38.0461 3000 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/22 23:29:38.0524 3000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/22 23:29:38.0602 3000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/22 23:29:38.0633 3000 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/22 23:29:38.0664 3000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/22 23:29:38.0727 3000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/22 23:29:38.0774 3000 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/22 23:29:38.0805 3000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/22 23:29:38.0977 3000 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/05/22 23:29:39.0102 3000 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/05/22 23:29:39.0180 3000 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/22 23:29:39.0289 3000 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/22 23:29:39.0336 3000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/22 23:29:39.0383 3000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/22 23:29:39.0414 3000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/22 23:29:39.0461 3000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/22 23:29:39.0492 3000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/22 23:29:39.0539 3000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/22 23:29:39.0586 3000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/22 23:29:39.0633 3000 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/22 23:29:39.0680 3000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/22 23:29:39.0758 3000 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/22 23:29:39.0805 3000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/22 23:29:39.0852 3000 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/22 23:29:39.0867 3000 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/22 23:29:39.0899 3000 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/22 23:29:39.0992 3000 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/22 23:29:40.0086 3000 IKFileSec (ff9f262494fc23d77a6148d49d87d2de) C:\WINDOWS\system32\drivers\ikfilesec.sys
2011/05/22 23:29:40.0180 3000 IKSysFlt (7e359671fd9595ecb1b0a33fb4184b19) C:\WINDOWS\system32\drivers\iksysflt.sys
2011/05/22 23:29:40.0227 3000 IKSysSec (a44cb3cf3af266665261a6e6c9cac27c) C:\WINDOWS\system32\drivers\iksyssec.sys
2011/05/22 23:29:40.0273 3000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/22 23:29:40.0352 3000 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/22 23:29:40.0430 3000 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/05/22 23:29:40.0523 3000 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/05/22 23:29:40.0555 3000 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/05/22 23:29:40.0601 3000 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/22 23:29:40.0664 3000 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/22 23:29:40.0695 3000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/22 23:29:40.0742 3000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/22 23:29:40.0805 3000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/22 23:29:40.0836 3000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/22 23:29:40.0867 3000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/22 23:29:40.0898 3000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/22 23:29:40.0961 3000 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/22 23:29:40.0992 3000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/22 23:29:41.0023 3000 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/22 23:29:41.0070 3000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/22 23:29:41.0101 3000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/22 23:29:41.0242 3000 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2011/05/22 23:29:41.0320 3000 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/05/22 23:29:41.0383 3000 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/05/22 23:29:41.0461 3000 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/22 23:29:41.0508 3000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/22 23:29:41.0554 3000 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/22 23:29:41.0601 3000 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/22 23:29:41.0617 3000 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/05/22 23:29:41.0679 3000 MotDev (80bda4ac4b2834ca522b7386fc1f6a20) C:\WINDOWS\system32\DRIVERS\motodrv.sys
2011/05/22 23:29:41.0711 3000 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/05/22 23:29:41.0773 3000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/22 23:29:41.0804 3000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/22 23:29:41.0851 3000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/22 23:29:41.0898 3000 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/22 23:29:41.0929 3000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/22 23:29:41.0992 3000 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/22 23:29:42.0039 3000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/22 23:29:42.0101 3000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/22 23:29:42.0148 3000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/22 23:29:42.0179 3000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/22 23:29:42.0226 3000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/22 23:29:42.0273 3000 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/22 23:29:42.0320 3000 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/22 23:29:42.0351 3000 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/22 23:29:42.0414 3000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/22 23:29:42.0460 3000 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/22 23:29:42.0492 3000 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/22 23:29:42.0523 3000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/22 23:29:42.0554 3000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/22 23:29:42.0617 3000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/22 23:29:42.0648 3000 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/22 23:29:42.0679 3000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/22 23:29:42.0757 3000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/22 23:29:42.0804 3000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/22 23:29:42.0851 3000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/22 23:29:42.0945 3000 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/22 23:29:43.0038 3000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/22 23:29:43.0054 3000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/22 23:29:43.0148 3000 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/22 23:29:43.0195 3000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/22 23:29:43.0226 3000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/22 23:29:43.0257 3000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/22 23:29:43.0320 3000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/22 23:29:43.0367 3000 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/22 23:29:43.0523 3000 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/05/22 23:29:43.0570 3000 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/22 23:29:43.0601 3000 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/22 23:29:43.0757 3000 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/05/22 23:29:43.0976 3000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/22 23:29:44.0038 3000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/22 23:29:44.0132 3000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/22 23:29:44.0194 3000 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/22 23:29:44.0257 3000 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/22 23:29:44.0288 3000 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/22 23:29:44.0335 3000 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/22 23:29:44.0366 3000 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/22 23:29:44.0398 3000 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/22 23:29:44.0460 3000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/22 23:29:44.0523 3000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/22 23:29:44.0569 3000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/22 23:29:44.0601 3000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/22 23:29:44.0632 3000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/22 23:29:44.0663 3000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/22 23:29:44.0710 3000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/22 23:29:44.0757 3000 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/22 23:29:44.0819 3000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/22 23:29:44.0976 3000 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/22 23:29:45.0007 3000 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/22 23:29:45.0116 3000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/22 23:29:45.0179 3000 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/22 23:29:45.0241 3000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/22 23:29:45.0257 3000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/22 23:29:45.0366 3000 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/22 23:29:45.0429 3000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/22 23:29:45.0475 3000 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/22 23:29:45.0522 3000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/22 23:29:45.0616 3000 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/22 23:29:45.0616 3000 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
2011/05/22 23:29:45.0616 3000 sptd - detected LockedFile.Multi.Generic (1)
2011/05/22 23:29:45.0663 3000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/22 23:29:45.0741 3000 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/22 23:29:45.0835 3000 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/22 23:29:45.0928 3000 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/22 23:29:46.0007 3000 StyleXPHelper (8d04e5d6acb07d2c53b3e51a573efc3f) C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
2011/05/22 23:29:46.0053 3000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/22 23:29:46.0085 3000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/22 23:29:46.0163 3000 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/22 23:29:46.0194 3000 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/22 23:29:46.0241 3000 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/22 23:29:46.0257 3000 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/22 23:29:46.0319 3000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/22 23:29:46.0397 3000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/22 23:29:46.0428 3000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/22 23:29:46.0475 3000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/22 23:29:46.0522 3000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/22 23:29:46.0600 3000 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/22 23:29:46.0647 3000 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/22 23:29:46.0694 3000 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/22 23:29:46.0756 3000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/22 23:29:46.0850 3000 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/22 23:29:46.0881 3000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/22 23:29:46.0913 3000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/22 23:29:46.0960 3000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/22 23:29:47.0022 3000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/22 23:29:47.0053 3000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/22 23:29:47.0084 3000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/22 23:29:47.0100 3000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/22 23:29:47.0163 3000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/22 23:29:47.0209 3000 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/22 23:29:47.0241 3000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/22 23:29:47.0303 3000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/22 23:29:47.0366 3000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/22 23:29:47.0444 3000 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/22 23:29:47.0522 3000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/22 23:29:47.0678 3000 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/22 23:29:47.0725 3000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/22 23:29:47.0787 3000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/22 23:29:47.0834 3000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/22 23:29:47.0912 3000 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/22 23:29:48.0069 3000 ================================================================================
2011/05/22 23:29:48.0069 3000 Scan finished
2011/05/22 23:29:48.0069 3000 ================================================================================
2011/05/22 23:29:48.0084 3176 Detected object count: 2
2011/05/22 23:31:57.0151 3176 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/22 23:31:57.0166 3176 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/22 23:31:57.0166 3176 \HardDisk1 - ok
2011/05/22 23:31:57.0166 3176 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/05/22 23:32:05.0493 3220 Deinitialize success


And here's the log from the ESET OnlineScan:

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.ADM trojan cleaned by deleting - quarantined

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:09 AM

Posted 23 May 2011 - 12:37 PM

OK great, looks good update and one more quick scan.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 lokoryan

lokoryan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:09 AM

Posted 23 May 2011 - 07:52 PM

Thanks for all of your help!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6658

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/23/2011 8:47:49 PM
mbam-log-2011-05-23 (20-47-49).txt

Scan type: Quick scan
Objects scanned: 211837
Time elapsed: 26 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:09 AM

Posted 23 May 2011 - 08:33 PM

OK, good to go.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users