Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus


  • Please log in to reply
6 replies to this topic

#1 TrialOrc

TrialOrc

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 02 June 2011 - 09:22 PM

Hello, I hope this is the right forum.
I'm having trouble getting rid of a virus that redirects my Google, and other, search results to "goingonearth.com"
I've run mbam and it came up with nothing.
It also keeps my Anti-Virus from running.

I'd post my log, but the rules say not to post logs here.

Any help is appreciated.
Thank you.

Edited by TrialOrc, 02 June 2011 - 11:43 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:49 PM

Posted 03 June 2011 - 10:20 PM

Hello, please run these,post the logs and tell us how it is. I have to go now nut will look back early tomorrow.

No DDS, HijackThis, or ComboFix logs should be posted in this forum.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe

) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0)

from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you

    do not see the file extension, please refer to
    How to change the file extension

    .
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local

    Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension

(i.e. 123abc.com). If you do not see the file extension, please refer to these[/color]

instructions
. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 TrialOrc

TrialOrc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 04 June 2011 - 03:44 PM

Ah, thank you very much!
That seemed to do the trick. My AV will turn on now and no more redirects.

Here are the two logs you asked for:

2011/06/03 22:34:00.0873 7532	TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/03 22:34:01.0357 7532	================================================================================
2011/06/03 22:34:01.0357 7532	SystemInfo:
2011/06/03 22:34:01.0357 7532	
2011/06/03 22:34:01.0358 7532	OS Version: 6.1.7601 ServicePack: 1.0
2011/06/03 22:34:01.0358 7532	Product type: Workstation
2011/06/03 22:34:01.0358 7532	ComputerName: BENN-PC
2011/06/03 22:34:01.0359 7532	UserName: Benn
2011/06/03 22:34:01.0359 7532	Windows directory: C:\Windows
2011/06/03 22:34:01.0359 7532	System windows directory: C:\Windows
2011/06/03 22:34:01.0359 7532	Processor architecture: Intel x86
2011/06/03 22:34:01.0359 7532	Number of processors: 1
2011/06/03 22:34:01.0359 7532	Page size: 0x1000
2011/06/03 22:34:01.0359 7532	Boot type: Normal boot
2011/06/03 22:34:01.0359 7532	================================================================================
2011/06/03 22:34:02.0619 7532	Initialize success
2011/06/03 22:34:04.0547 5692	================================================================================
2011/06/03 22:34:04.0547 5692	Scan started
2011/06/03 22:34:04.0547 5692	Mode: Manual; 
2011/06/03 22:34:04.0547 5692	================================================================================
2011/06/03 22:34:05.0983 5692	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/06/03 22:34:06.0064 5692	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/06/03 22:34:06.0202 5692	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/06/03 22:34:06.0284 5692	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/03 22:34:06.0433 5692	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
2011/06/03 22:34:06.0514 5692	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
2011/06/03 22:34:06.0723 5692	AFD             (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/06/03 22:34:06.0784 5692	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/06/03 22:34:06.0848 5692	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
2011/06/03 22:34:07.0022 5692	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/06/03 22:34:07.0077 5692	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/06/03 22:34:07.0134 5692	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/06/03 22:34:07.0209 5692	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
2011/06/03 22:34:07.0352 5692	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/03 22:34:07.0426 5692	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/06/03 22:34:07.0563 5692	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
2011/06/03 22:34:07.0623 5692	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/06/03 22:34:07.0685 5692	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/06/03 22:34:07.0954 5692	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
2011/06/03 22:34:08.0034 5692	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
2011/06/03 22:34:08.0250 5692	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/03 22:34:08.0478 5692	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/06/03 22:34:08.0574 5692	athr            (614a60aee03a6151fdcbac295854a9cb) C:\Windows\system32\DRIVERS\athr.sys
2011/06/03 22:34:08.0801 5692	AVGIDSDriver    (2177e7448c1ecfb35a5db417603d205a) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/03 22:34:08.0877 5692	AVGIDSEH        (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/06/03 22:34:08.0938 5692	AVGIDSFilter    (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/03 22:34:09.0023 5692	AVGIDSShim      (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/06/03 22:34:09.0226 5692	Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/06/03 22:34:09.0317 5692	Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/06/03 22:34:09.0485 5692	Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/06/03 22:34:09.0592 5692	Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/06/03 22:34:09.0766 5692	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
2011/06/03 22:34:09.0883 5692	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/03 22:34:10.0030 5692	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/03 22:34:10.0129 5692	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/03 22:34:10.0257 5692	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/03 22:34:10.0321 5692	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
2011/06/03 22:34:10.0388 5692	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
2011/06/03 22:34:10.0501 5692	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/03 22:34:10.0566 5692	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/03 22:34:10.0650 5692	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/03 22:34:10.0726 5692	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/03 22:34:10.0791 5692	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
2011/06/03 22:34:10.0967 5692	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/03 22:34:11.0073 5692	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/03 22:34:11.0221 5692	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
2011/06/03 22:34:11.0295 5692	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/03 22:34:11.0462 5692	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/03 22:34:11.0527 5692	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/06/03 22:34:11.0587 5692	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/03 22:34:11.0758 5692	CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
2011/06/03 22:34:11.0837 5692	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/03 22:34:11.0969 5692	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/03 22:34:12.0071 5692	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
2011/06/03 22:34:12.0251 5692	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/06/03 22:34:12.0340 5692	dc3d            (94010220445f181ade8e7ca9c3a98bf4) C:\Windows\system32\DRIVERS\dc3d.sys
2011/06/03 22:34:12.0523 5692	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/06/03 22:34:12.0618 5692	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/03 22:34:12.0773 5692	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
2011/06/03 22:34:12.0870 5692	dmvsc           (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
2011/06/03 22:34:13.0018 5692	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/03 22:34:13.0154 5692	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/03 22:34:13.0456 5692	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
2011/06/03 22:34:13.0708 5692	ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/06/03 22:34:13.0792 5692	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
2011/06/03 22:34:13.0919 5692	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/06/03 22:34:14.0007 5692	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/03 22:34:14.0168 5692	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/03 22:34:14.0247 5692	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
2011/06/03 22:34:14.0332 5692	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/03 22:34:14.0452 5692	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/03 22:34:14.0530 5692	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
2011/06/03 22:34:14.0669 5692	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/03 22:34:14.0764 5692	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/03 22:34:14.0874 5692	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/03 22:34:14.0952 5692	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/03 22:34:15.0032 5692	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/03 22:34:15.0183 5692	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/03 22:34:15.0318 5692	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/03 22:34:15.0486 5692	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/06/03 22:34:15.0582 5692	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/03 22:34:15.0710 5692	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
2011/06/03 22:34:15.0768 5692	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
2011/06/03 22:34:15.0854 5692	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
2011/06/03 22:34:16.0000 5692	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/03 22:34:16.0167 5692	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/03 22:34:16.0357 5692	HSF_DPV         (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/03 22:34:16.0436 5692	HSXHWAZL        (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/03 22:34:16.0595 5692	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/06/03 22:34:16.0659 5692	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/03 22:34:16.0787 5692	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/03 22:34:16.0901 5692	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/06/03 22:34:17.0089 5692	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
2011/06/03 22:34:17.0178 5692	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/06/03 22:34:17.0234 5692	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
2011/06/03 22:34:17.0381 5692	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/03 22:34:17.0474 5692	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/03 22:34:17.0536 5692	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/03 22:34:17.0670 5692	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/03 22:34:17.0746 5692	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/06/03 22:34:17.0810 5692	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/06/03 22:34:17.0943 5692	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/03 22:34:18.0034 5692	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/06/03 22:34:18.0111 5692	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/03 22:34:18.0230 5692	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/03 22:34:18.0363 5692	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/03 22:34:18.0521 5692	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/03 22:34:18.0596 5692	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/03 22:34:18.0723 5692	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
2011/06/03 22:34:18.0835 5692	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/03 22:34:18.0910 5692	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/03 22:34:19.0139 5692	LVUVC           (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/06/03 22:34:19.0439 5692	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/03 22:34:19.0504 5692	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
2011/06/03 22:34:19.0652 5692	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
2011/06/03 22:34:19.0739 5692	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/03 22:34:19.0813 5692	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/03 22:34:19.0970 5692	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/03 22:34:20.0066 5692	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/03 22:34:20.0200 5692	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/06/03 22:34:20.0295 5692	MpFilter        (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/03 22:34:20.0434 5692	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/06/03 22:34:21.0056 5692	MpNWMon         (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/03 22:34:21.0125 5692	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/03 22:34:21.0193 5692	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/06/03 22:34:21.0355 5692	mrxsmb          (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/03 22:34:21.0412 5692	mrxsmb10        (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/03 22:34:21.0468 5692	mrxsmb20        (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/03 22:34:21.0590 5692	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/06/03 22:34:21.0642 5692	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/06/03 22:34:21.0730 5692	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/03 22:34:21.0852 5692	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/03 22:34:21.0911 5692	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/06/03 22:34:22.0050 5692	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/03 22:34:22.0163 5692	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/03 22:34:22.0267 5692	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/03 22:34:22.0334 5692	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/03 22:34:22.0432 5692	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/03 22:34:22.0529 5692	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/03 22:34:22.0605 5692	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
2011/06/03 22:34:22.0701 5692	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/03 22:34:22.0867 5692	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/03 22:34:23.0000 5692	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/06/03 22:34:23.0175 5692	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/03 22:34:23.0245 5692	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/03 22:34:23.0307 5692	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/03 22:34:23.0436 5692	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/03 22:34:23.0509 5692	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/06/03 22:34:23.0589 5692	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/03 22:34:23.0793 5692	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/03 22:34:24.0226 5692	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
2011/06/03 22:34:24.0362 5692	NisDrv          (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/03 22:34:24.0475 5692	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/03 22:34:24.0603 5692	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/03 22:34:24.0768 5692	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/06/03 22:34:24.0921 5692	NuidFltr        (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/06/03 22:34:25.0009 5692	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/03 22:34:25.0086 5692	NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/06/03 22:34:25.0226 5692	NVHDA           (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
2011/06/03 22:34:25.0596 5692	nvlddmkm        (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/03 22:34:26.0027 5692	NVNET           (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
2011/06/03 22:34:26.0115 5692	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/06/03 22:34:26.0260 5692	nvsmu           (f13618f0cb1e95232f4c2401592a59e9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/06/03 22:34:26.0355 5692	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/06/03 22:34:26.0522 5692	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/06/03 22:34:26.0599 5692	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/06/03 22:34:26.0821 5692	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
2011/06/03 22:34:26.0880 5692	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/06/03 22:34:26.0936 5692	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
2011/06/03 22:34:27.0098 5692	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/06/03 22:34:27.0161 5692	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/06/03 22:34:27.0221 5692	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
2011/06/03 22:34:27.0370 5692	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/03 22:34:27.0446 5692	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/03 22:34:27.0616 5692	Point32         (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys
2011/06/03 22:34:27.0791 5692	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/03 22:34:27.0898 5692	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
2011/06/03 22:34:28.0074 5692	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/03 22:34:28.0181 5692	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
2011/06/03 22:34:28.0330 5692	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
2011/06/03 22:34:28.0433 5692	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/03 22:34:28.0493 5692	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/03 22:34:28.0620 5692	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/03 22:34:28.0700 5692	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/03 22:34:28.0855 5692	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/03 22:34:28.0953 5692	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/03 22:34:29.0013 5692	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/03 22:34:29.0182 5692	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/03 22:34:29.0241 5692	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/03 22:34:29.0330 5692	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/06/03 22:34:29.0457 5692	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/03 22:34:29.0531 5692	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/03 22:34:29.0616 5692	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/06/03 22:34:29.0683 5692	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/06/03 22:34:29.0811 5692	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/06/03 22:34:29.0960 5692	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/03 22:34:30.0094 5692	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/06/03 22:34:30.0203 5692	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/06/03 22:34:30.0334 5692	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/03 22:34:30.0445 5692	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/03 22:34:30.0616 5692	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
2011/06/03 22:34:30.0690 5692	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
2011/06/03 22:34:30.0743 5692	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
2011/06/03 22:34:30.0915 5692	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/06/03 22:34:30.0998 5692	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/03 22:34:31.0049 5692	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/03 22:34:31.0120 5692	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
2011/06/03 22:34:31.0282 5692	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/06/03 22:34:31.0369 5692	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
2011/06/03 22:34:31.0424 5692	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
2011/06/03 22:34:31.0557 5692	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/03 22:34:31.0671 5692	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/03 22:34:31.0838 5692	srv             (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/06/03 22:34:31.0902 5692	srv2            (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/03 22:34:31.0992 5692	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/03 22:34:32.0155 5692	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/03 22:34:32.0267 5692	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/06/03 22:34:32.0410 5692	srvnet          (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/03 22:34:32.0615 5692	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
2011/06/03 22:34:32.0727 5692	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/06/03 22:34:32.0868 5692	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/06/03 22:34:32.0954 5692	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/03 22:34:33.0056 5692	Synth3dVsc      (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
2011/06/03 22:34:33.0228 5692	SynTP           (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/03 22:34:33.0362 5692	Tcpip           (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/06/03 22:34:33.0562 5692	TCPIP6          (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/03 22:34:33.0722 5692	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/03 22:34:33.0787 5692	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/06/03 22:34:33.0845 5692	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/06/03 22:34:33.0903 5692	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/03 22:34:34.0036 5692	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/03 22:34:34.0114 5692	terminpt        (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
2011/06/03 22:34:34.0328 5692	TPkd            (409a577fd5781c717e55a28717514c58) C:\Windows\system32\drivers\TPkd.sys
2011/06/03 22:34:34.0454 5692	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/03 22:34:34.0573 5692	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/03 22:34:34.0637 5692	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
2011/06/03 22:34:34.0719 5692	tsusbhub        (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
2011/06/03 22:34:34.0868 5692	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/03 22:34:34.0931 5692	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
2011/06/03 22:34:34.0997 5692	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/03 22:34:35.0164 5692	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/03 22:34:35.0236 5692	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/03 22:34:35.0286 5692	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
2011/06/03 22:34:35.0484 5692	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/03 22:34:35.0558 5692	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/06/03 22:34:35.0632 5692	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/03 22:34:35.0769 5692	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/06/03 22:34:35.0854 5692	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/03 22:34:35.0911 5692	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/03 22:34:36.0028 5692	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/03 22:34:36.0097 5692	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
2011/06/03 22:34:36.0179 5692	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/03 22:34:36.0320 5692	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
2011/06/03 22:34:36.0421 5692	VClone          (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
2011/06/03 22:34:36.0485 5692	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/03 22:34:36.0633 5692	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/03 22:34:36.0702 5692	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/03 22:34:36.0799 5692	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/06/03 22:34:36.0934 5692	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/06/03 22:34:36.0994 5692	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
2011/06/03 22:34:37.0055 5692	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/06/03 22:34:37.0209 5692	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/06/03 22:34:37.0260 5692	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/06/03 22:34:37.0341 5692	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/06/03 22:34:37.0469 5692	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/03 22:34:37.0534 5692	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/06/03 22:34:37.0622 5692	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
2011/06/03 22:34:37.0780 5692	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/03 22:34:37.0853 5692	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/03 22:34:37.0948 5692	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
2011/06/03 22:34:38.0078 5692	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 22:34:38.0186 5692	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 22:34:38.0376 5692	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
2011/06/03 22:34:38.0520 5692	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/03 22:34:38.0745 5692	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/03 22:34:38.0811 5692	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/03 22:34:38.0912 5692	winachsf        (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/03 22:34:39.0199 5692	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/03 22:34:39.0322 5692	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/03 22:34:39.0438 5692	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/06/03 22:34:39.0608 5692	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/03 22:34:39.0714 5692	XAudio          (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/06/03 22:34:39.0804 5692	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/03 22:34:39.0841 5692	MBR (0x1B8)     (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR4
2011/06/03 22:34:39.0872 5692	================================================================================
2011/06/03 22:34:39.0872 5692	Scan finished
2011/06/03 22:34:39.0872 5692	================================================================================
2011/06/03 22:34:39.0916 7776	Detected object count: 0
2011/06/03 22:34:39.0916 7776	Actual detected object count: 0
2011/06/03 22:35:44.0473 6676	Deinitialize success



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/04/2011 at 06:38 AM

Application Version : 4.53.1000

Core Rules Database Version : 7200
Trace Rules Database Version: 5012

Scan type       : Complete Scan
Total Scan Time : 04:37:15

Memory items scanned      : 416
Memory threats detected   : 0
Registry items scanned    : 8763
Registry threats detected : 0
File items scanned        : 375400
File threats detected     : 319

Adware.Tracking Cookie
	C:\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.react2media[2].txt
	C:\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@adserving.versaneeds[2].txt
	C:\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.adk2[2].txt
	C:\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.inextmedia[2].txt
	C:\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@m1.mediasrv[2].txt
	C:\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@www.find-quick-results[1].txt
	acvs.mediaonenetwork.net [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	banners.securedataimages.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	bc.youporn.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	cdn.insights.gravity.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	cdn2.themis-media.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	files.youporn.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	googleads.g.doubleclick.net [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	i.adultswim.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	ia.media-imdb.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	interclick.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media.ign.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media.mtvnservices.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media.podaddies.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media.resulthost.org [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media.scanscout.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media.spicynodes.org [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media.tattomedia.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media1.break.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media1.clubpenguin.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	msnbcmedia.msn.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	naiadsystems.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	objects.tremormedia.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	richmedia247.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	secure-us.imrworldwide.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	serving-sys.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	www.adultswim.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	www.bleeptube.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	www.hentaimedia.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	www.media2cn.info [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	www.mofosex.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	www.naiadsystems.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	www.pornhub.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	www.pornpros.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	www.ziporn.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	wwwstatic.megaporn.com [ G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@247realmedia[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@247realmedia[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@2o7[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@2o7[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ad.wsod[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ad.yieldmanager[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ad.yieldmanager[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ad.yieldmanager[4].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@adbrite[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@adbrite[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@adlegend[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.bridgetrack[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.bridgetrack[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.bridgetrack[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.bridgetrack[4].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.pointroll[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.pointroll[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@advertising[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@advertising[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@advertising[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@advertising[4].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@advertising[5].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@advertising[6].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@advertising[7].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@advertising[8].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@advertising[9].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@apmebf[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@apmebf[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ar.atwola[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ar.atwola[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ar.atwola[4].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@at.atwola[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@at.atwola[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atdmt[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atdmt[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[11].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[4].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[5].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[6].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[7].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[8].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[9].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@bs.serving-sys[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@bs.serving-sys[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@burstnet[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@casalemedia[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[10].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[4].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[5].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[6].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[7].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[8].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[9].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@citi.bridgetrack[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@content.yieldmanager[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@content.yieldmanager[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@content.yieldmanager[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@content.yieldmanager[4].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@doubleclick[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@doubleclick[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@fastclick[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@imrworldwide[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@insightexpressai[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@interclick[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@invitemedia[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@kontera[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@linksynergy[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@lynxtrack[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@marriottinternational.122.2o7[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@media6degrees[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@media6degrees[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@mediaplex[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@mediaplex[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@microsoftwindows.112.2o7[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@oasn04.247realmedia[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@oasn04.247realmedia[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@pointroll[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@pointroll[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@questionmarket[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@questionmarket[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@questionmarket[4].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@questionmarket[5].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@serving-sys[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@serving-sys[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@statcounter[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@tacoda[10].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@tacoda[11].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@tacoda[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@tacoda[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@tacoda[3].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@tacoda[4].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@tacoda[5].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@tacoda[6].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@tacoda[7].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@tacoda[8].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@user.lucidmedia[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@www.burstbeacon[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@www.burstnet[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@yieldmanager[1].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@yieldmanager[2].txt
	G:\Maxtor backup\BENN-PC\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@zedo[2].txt
	acvs.mediaonenetwork.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	googleads.g.doubleclick.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	interclick.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media.mtvnservices.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media.scanscout.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media.tattomedia.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media1.break.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	media1.clubpenguin.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	www.pornhub.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U92FJZV7 ]
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@247realmedia[2].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ad.yieldmanager[2].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@adopt.euroclick[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.bridgetrack[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ads.pointroll[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@advertising[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@ar.atwola[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@at.atwola[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atdmt[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@atwola[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@cdn.at.atwola[2].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@doubleclick[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@insightexpressai[2].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@interclick[2].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@questionmarket[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\benn@revsci[1].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\Low\benn@ad.yieldmanager[2].txt
	G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Microsoft\Windows\Cookies\Low\benn@advertising[1].txt
	ad.yieldmanager.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	1xxx.cqcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.doubleclick.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.ice.112.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	statse.webtrendslive.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	stat.onestat.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	stat.onestat.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	stats.gamestop.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.b5media.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	www.ez-tracks.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	www.ez-tracks.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	www.ez-tracks.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.ez-tracks.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.ez-tracks.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.ez-tracks.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.motionbox.112.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.atdmt.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.divx.112.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.pornhub.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.pornhub.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.overture.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.overture.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.imrworldwide.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.imrworldwide.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.media.17vn.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.media.17vn.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	stat.onestat.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.eaeacom.112.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.megaporn.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.megaporn.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.melodeo.112.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.revsci.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.e-2dj6wjnyundjmdp.stats.esomniture.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.homemade-porn-tube.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.homemade-porn-tube.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.sweetteentube.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	server.iad.liveperson.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.livesex.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.livesex.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.youporn.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.youporn.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.youporn.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.youporn.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.revsci.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.nielsen.112.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.ehg-wizardsofthecoast.hitbox.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.ehg-wizardsofthecoast.hitbox.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.ehg-wizardsofthecoast.hitbox.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	ad.yieldmanager.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.ehg-oreilly.hitbox.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.hitbox.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.ehg-oreilly.hitbox.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	statse.webtrendslive.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.phg.hitbox.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.tns-counter.ru [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	media.movies.ign.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	media.movies.ign.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.revsci.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.yadro.ru [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.revsci.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.www.pornkolt.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.www.pornkolt.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.hotlog.ru [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.xiti.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.webpower.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.freeporn.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.freeporn.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	stat.onestat.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	stat.onestat.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	ad3.clickhype.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	checkmystats.com.au [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	checkmystats.com.au [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.friendfinder.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.friendfinder.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.friendfinder.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.friendfinder.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.apmebf.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.fastclick.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.fastclick.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.tripod.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.statcounter.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.www.pornkolt.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.www.pornkolt.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.www.pornkolt.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.dmtracker.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.revsci.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.revsci.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.mediafire.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.mediafire.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.mediafire.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.content.yieldmanager.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.media.photobucket.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.2o7.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.revsci.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.revsci.net [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.media6degrees.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.media6degrees.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.media6degrees.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.media6degrees.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]
	.media6degrees.com [ G:\Maxtor backup\BENN-PC\Local Disk\Users\Benn\AppData\Roaming\Mozilla\Firefox\Profiles\r64rpmx8.default\cookies.sqlite ]

Trojan.Agent/Gen-IExplorer[Fake]
	C:\USERS\BENN\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
	C:\USERS\BENN\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE

Trojan.Agent/Gen-OnlineGames[Wilao]
	G:\MAXTOR BACKUP\BENN-PC\BENN\APPDATA\LOCAL\TEMP\RARSFX0\DATA\7LD.EXE
	G:\MAXTOR BACKUP\BENN-PC\BENN\APPDATA\LOCAL\TEMP\RARSFX0\DATA\HAZAR.EXE
	G:\MAXTOR BACKUP\BENN-PC\BENN\APPDATA\LOCAL\TEMP\RARSFX1\DATA\7LD.EXE
	G:\MAXTOR BACKUP\BENN-PC\BENN\APPDATA\LOCAL\TEMP\RARSFX1\DATA\HAZAR.EXE

When I rebooted my computer my AV found this:

Category: Trojan

Description: This program displays advertisements and may be difficult to remove.

Recommended action:
Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:C:\Windows\System32\msvfw324.dll
file:C:\Windows\Tasks\Hgbf.job
taskscheduler:C:\Windows\Tasks\Hgbf.job


I cleaned and removed this threat.

Edited by TrialOrc, 04 June 2011 - 03:47 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:49 PM

Posted 04 June 2011 - 10:10 PM

Ok, sorry, had an emergency and was gone all day.. Looks real good. I would still like to do one more tio be sure we left nothing be fore we mop up.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 TrialOrc

TrialOrc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 06 June 2011 - 04:32 PM

Don't worry about being busy. I understand, it happens to all of us.
Alright I finished the scan. No threats founds, no log file produced.
Thank you again for helping

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:49 PM

Posted 06 June 2011 - 07:02 PM

Hello and you
re welcome. This looks good now. If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 TrialOrc

TrialOrc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 06 June 2011 - 10:44 PM

Done and done.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users