Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No flash sound after mbam


  • Please log in to reply
7 replies to this topic

#1 branditx22

branditx22

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 07 June 2011 - 11:55 AM

Forgive me if I'm posting in the incorrect place. The lack of flash audio has me completely stumped. Two weeks ago I had the Vista Recovery virus on my computer. I found this site through a search engine. I used rkill and mbam, which worked great. Mbam found somewhere around 70 problems. Suddenly I had random audio popping up, but I just turned down the speakers and ignored it. I went on a long weekend with my family and my parents stayed at my house for a staycation with our pool. My mother called because my computer was yet again attacked by Vista Recovery. I did rkill and mbam again. Mbam didn't find as many problems this time. After that, no more random audio and suddenly no audio on flash. I have audio with iTunes and I have audio with media player if it's a video loaded through my camcorder. If I post the same video on-line, I can't access audio with it. Also, in the last few days while trying to figure out this audio problem my searches have starting being redirected. I would appreciate any help.

Edited by hamluis, 07 June 2011 - 02:26 PM.
Moved from Audio/Video to Am I Infected.


BC AdBot (Login to Remove)

 


#2 branditx22

branditx22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 10 June 2011 - 12:37 PM

I will be bumping the "haven't gotten a reply after three days" thread. I installed Firefox this morning just for the heck of it. I declined to transfer contacts, settings, etc. Flash sound is working with the Firefox browser. I'm not a Firefox fan, but I'll take what I can get for now. Still having the redirect problem with Firefox.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:11 PM

Posted 10 June 2011 - 09:28 PM

Hello,sorry you had to wait.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 branditx22

branditx22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 11 June 2011 - 11:25 AM

Unable to run TDSS. Tried all of your suggestions, but it wouldn't run.

RKill log

:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/11/2011 at 11:17:41.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 06/11/2011 at 11:17:48.



SAS log:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/11/2011 at 10:47 AM

Application Version : 4.54.1000

Core Rules Database Version : 7253
Trace Rules Database Version: 5065

Scan type : Complete Scan
Total Scan Time : 01:54:05

Memory items scanned : 713
Memory threats detected : 0
Registry items scanned : 7579
Registry threats detected : 130
File items scanned : 147415
File threats detected : 373

Adware.Tracking Cookie
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@charmingshoppes.112.2o7[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@serving-sys[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@adxpose[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ads.undertone[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@richmedia.yahoo[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@mediacollege[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@yieldmanager[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@realmedia[4].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@2o7[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@lucidmedia[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@newmusiccountdown.mevio[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@content.yieldmanager[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@www.burstnet[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@tribalfusion[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@fastclick[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@doubleclick[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@invitemedia[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@media6degrees[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ad.wsod[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@r1-ads.ace.advertising[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@adbrite[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@a1.interclick[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@advertising[4].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@pro-market[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@realmedia[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@serving-sys[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@atdmt[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@mediabrandsww[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ads.intergi[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ad.yieldmanager[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@insightexpressai[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@pointroll[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@r1-ads.ace.advertising[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ads.pubmatic[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@content.yieldmanager[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ru4[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@d.mediadakine[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ads.pointroll[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@atdmt[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@theclickcheck[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@invitemedia[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@citi.bridgetrack[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@cdn1.trafficmp[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@apmebf[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@advertising[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ad.yieldmanager[4].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@media.adfrontiers[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@adbrite[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ads.bleepingcomputer[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@pro-market[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@dc.tremormedia[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@mediadakine[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@zedo[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@interclick[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@pointroll[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@247realmedia[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@adtech[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@trafficmp[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@media6degrees[4].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@bs.serving-sys[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ads.undertone[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@imrworldwide[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@imrworldwide[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@www.find-quick-results[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@insightexpressai[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ads.advancedmn[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@apmebf[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ru4[4].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@adbrite[4].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@questionmarket[3].txt
secure-us.imrworldwide.com [ C:\Users\Brandi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VE2DS58E ]
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@a1.interclick[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ad.yieldmanager[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ad.yieldmanager[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@adbrite[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ads.pointroll[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ads.pubmatic[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ads.undertone[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@advertising[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@adxpose[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@apmebf[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@bs.serving-sys[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@burstbeacon[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@burstnet[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@casalemedia[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@cdn.jemamedia[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@cdn.jemamedia[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@cdn1.trafficmp[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@cdn1.trafficmp[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@citi.bridgetrack[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@collective-media[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@content.yieldmanager[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@d.mediadakine[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@d.mediadakine[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@dc.tremormedia[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@doubleclick[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@educationcom.112.2o7[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@educationcom.112.2o7[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@fastclick[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@fastclick[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@interclick[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@lucidmedia[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@media6degrees[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@mediabrandsww[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@mediadakine[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@mediaplex[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@mediaplex[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@network.realmedia[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@pointroll[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@questionmarket[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@realmedia[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@realmedia[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@revsci[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@revsci[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ru4[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@ru4[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@search.clicksthis[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@search.findxml[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@specificclick[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@statcounter[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@statcounter[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@trafficmp[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@tribalfusion[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@tribalfusion[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@www.burstbeacon[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@www.burstnet[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@www.burstnet[3].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@yieldmanager[1].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@yieldmanager[2].txt
C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Cookies\brandi@zedo[2].txt
www.porngame.com [ C:\Users\hannah\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\M4BL99MY ]
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@247realmedia[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@a1.interclick[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@ad.wsod[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@ad.yieldmanager[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@adbrite[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@adecn[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@ads.pointroll[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@ads.pubmatic[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@adserver.adtechus[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@adultfriendfinder[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@advertising[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@adxpose[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@atdmt[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@bs.serving-sys[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@burstbeacon[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@burstnet[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@casalemedia[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@collective-media[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@content.yieldmanager[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@content.yieldmanager[3].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@dc.tremormedia[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@doubleclick[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@edgeadx[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@fastclick[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@interclick[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@invitemedia[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@lucidmedia[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@media.adfrontiers[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@media6degrees[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@mediabrandsww[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@mysexgames[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@pointroll[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@porngame[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@pro-market[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@r1-ads.ace.advertising[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@realmedia[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@revsci[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@richmedia.yahoo[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@ru4[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@server.cpmstar[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@serving-sys[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@solvemedia[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@specificclick[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@specificmedia[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@statcounter[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@toplist[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@tribalfusion[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@www.burstbeacon[2].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@www.burstnet[1].txt
C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Cookies\Low\hannah@yieldmanager[2].txt
.247realmedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adbrite.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adbrite.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adbrite.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adecn.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.advertising.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.advertising.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.advertising.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.advertising.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.advertising.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adxpose.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.atdmt.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.atdmt.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.burstbeacon.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.burstnet.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.burstnet.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.collective-media.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.collective-media.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.collective-media.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.edgeadx.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.fastclick.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.fastclick.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.interclick.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.interclick.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.interclick.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.media.adfrontiers.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.pointroll.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.pointroll.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.pro-market.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.r1-ads.ace.advertising.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.realmedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.revsci.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.ru4.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.solvemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.solvemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.specificclick.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.specificclick.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.specificclick.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.specificclick.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.statcounter.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.www.burstbeacon.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.www.burstnet.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.yieldmanager.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adserve.rewards-confirmation.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adserve.rewards-confirmation.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.kontera.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.realmedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.mondomedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.revsci.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.revsci.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adtech.de [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.advertising.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adinterax.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adinterax.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.porn-w.org [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.porn-w.org [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.porn-w.org [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.porn-w.org [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.porn-w.org [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.cartoonsporn.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.cartoonsporn.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.toplist.cz [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adlegend.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adlegend.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adbrite.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.adbrite.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.nextag.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.nextag.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.apmebf.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.fastclick.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
wstat.wibiya.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.technoratimedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.revsci.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.revsci.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.advertising.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.revsci.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.revsci.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.revsci.net [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\o9eckjdj.default\cookies.sqlite ]

Adware.MyWebSearch/FunWebProducts
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version

Adware.Zango/ShoppingReport
HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}
HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\ProxyStubClsid
HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\ProxyStubClsid32
HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\TypeLib
HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\TypeLib#Version
HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}
HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\ProxyStubClsid
HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\ProxyStubClsid32
HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\TypeLib
HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\TypeLib#Version
HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}
HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\ProxyStubClsid
HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\ProxyStubClsid32
HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\TypeLib
HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\TypeLib#Version
HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}
HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid
HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid32
HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib
HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib#Version
HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}
HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\ProxyStubClsid
HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\ProxyStubClsid32
HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\TypeLib
HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\TypeLib#Version
HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}
HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\ProxyStubClsid
HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\ProxyStubClsid32
HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\TypeLib
HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\TypeLib#Version
HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}
HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\ProxyStubClsid
HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\ProxyStubClsid32
HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\TypeLib
HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\TypeLib#Version
HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}
HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\ProxyStubClsid
HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\ProxyStubClsid32
HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\TypeLib
HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\TypeLib#Version
HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}
HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid
HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid32
HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib
HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib#Version
HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}
HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\ProxyStubClsid
HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\ProxyStubClsid32
HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\TypeLib
HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\TypeLib#Version
HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}
HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\ProxyStubClsid
HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\ProxyStubClsid32
HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\TypeLib
HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\TypeLib#Version
HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}
HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\ProxyStubClsid
HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\ProxyStubClsid32
HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\TypeLib
HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\TypeLib#Version
HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}
HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\ProxyStubClsid
HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\ProxyStubClsid32
HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\TypeLib
HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\TypeLib#Version
HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}
HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\ProxyStubClsid
HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\ProxyStubClsid32
HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\TypeLib
HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\TypeLib#Version
HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}
HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\ProxyStubClsid
HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\ProxyStubClsid32
HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\TypeLib
HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\TypeLib#Version
HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}
HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\ProxyStubClsid
HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\ProxyStubClsid32
HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\TypeLib
HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\TypeLib#Version
HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}
HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\ProxyStubClsid
HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\ProxyStubClsid32
HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\TypeLib
HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\TypeLib#Version
HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}
HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\ProxyStubClsid
HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\ProxyStubClsid32
HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\TypeLib
HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\TypeLib#Version
HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}
HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\ProxyStubClsid
HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\ProxyStubClsid32
HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\TypeLib
HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\TypeLib#Version
HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}
HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\ProxyStubClsid
HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\ProxyStubClsid32
HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\TypeLib
HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\TypeLib#Version
HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}
HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\ProxyStubClsid
HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\ProxyStubClsid32
HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\TypeLib
HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\TypeLib#Version
HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}
HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid
HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid32
HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib
HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib#Version
HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}
HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\ProxyStubClsid
HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\ProxyStubClsid32
HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\TypeLib
HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\TypeLib#Version
HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}
HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\ProxyStubClsid
HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\ProxyStubClsid32
HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\TypeLib
HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\TypeLib#Version

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\USERS\BRANDI\APPDATA\LOCAL\TEMP\40503444.UNINSTALL\UNINSTALL.EXE
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\USERS\BRANDI\APPDATA\LOCAL\TEMP\ICREINSTALL\VIDEOCONVERTERSETUP[1].EXE
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\USERS\BRANDI\APPDATA\LOCAL\TEMP\SCXEWOMRAN.EXE

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\BRANDI\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\USERS\BRANDI\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
C:\USERS\BRANDI\APPDATA\LOCAL\TEMP\RARSFX2\NIRD\IEXPLORE.EXE
C:\Windows\Prefetch\IEXPLORE.EXE-25852D9F.pf
C:\Windows\Prefetch\IEXPLORE.EXE-3D7264F5.pf

Trojan.Agent/Gen-PEC
C:\USERS\BRANDI\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\USERS\BRANDI\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\EXPLORER.EXE
C:\USERS\BRANDI\APPDATA\LOCAL\TEMP\RARSFX2\PROCS\EXPLORER.EXE
C:\Windows\Prefetch\EXPLORER.EXE-20E2E9A6.pf



MBAM log:



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6835

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

6/11/2011 11:08:25 AM
mbam-log-2011-06-11 (11-08-25).txt

Scan type: Quick scan
Objects scanned: 166909
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




I was surprised to see all of the spyware. Still redirecting.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:11 PM

Posted 12 June 2011 - 06:34 PM

Hello did you rename TDSSkiller???
OR TDSSKiller from Command Prompt

Use the following command to scan the PC with a detailed log written into the file report.txt (created in the TDSSKiller.exe utility folder):
Open Command Prompt in XP = click Start >> Run,type cmd
copy and paste this at the flashing cursor and hit Enter

TDSSKiller.exe -l report.txt
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 branditx22

branditx22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 12 June 2011 - 09:06 PM

I did try everything including renaming the first time, but it somehow worked today. It crashed my pc, so I ran it in safe mode with networking


2011/06/12 20:58:29.0386 0712 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/12 20:58:29.0823 0712 ================================================================================
2011/06/12 20:58:29.0823 0712 SystemInfo:
2011/06/12 20:58:29.0823 0712
2011/06/12 20:58:29.0823 0712 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/12 20:58:29.0823 0712 Product type: Workstation
2011/06/12 20:58:29.0823 0712 ComputerName: BRANDI-PC
2011/06/12 20:58:29.0823 0712 UserName: Brandi
2011/06/12 20:58:29.0823 0712 Windows directory: C:\Windows
2011/06/12 20:58:29.0823 0712 System windows directory: C:\Windows
2011/06/12 20:58:29.0823 0712 Processor architecture: Intel x86
2011/06/12 20:58:29.0823 0712 Number of processors: 2
2011/06/12 20:58:29.0823 0712 Page size: 0x1000
2011/06/12 20:58:29.0823 0712 Boot type: Safe boot with network
2011/06/12 20:58:29.0823 0712 ================================================================================
2011/06/12 20:58:31.0086 0712 Initialize success
2011/06/12 20:58:34.0799 0220 ================================================================================
2011/06/12 20:58:34.0799 0220 Scan started
2011/06/12 20:58:34.0799 0220 Mode: Manual;
2011/06/12 20:58:34.0799 0220 ================================================================================
2011/06/12 20:58:35.0595 0220 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/12 20:58:35.0641 0220 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/12 20:58:35.0688 0220 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/12 20:58:35.0719 0220 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/12 20:58:35.0751 0220 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/12 20:58:35.0813 0220 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/12 20:58:35.0860 0220 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/06/12 20:58:35.0875 0220 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/12 20:58:35.0907 0220 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/06/12 20:58:35.0938 0220 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/06/12 20:58:35.0969 0220 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/06/12 20:58:35.0985 0220 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/12 20:58:36.0016 0220 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/12 20:58:36.0063 0220 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/12 20:58:36.0094 0220 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/12 20:58:36.0125 0220 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/12 20:58:36.0172 0220 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/12 20:58:36.0219 0220 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/12 20:58:36.0359 0220 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
2011/06/12 20:58:36.0453 0220 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/12 20:58:36.0484 0220 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/12 20:58:36.0499 0220 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/12 20:58:36.0531 0220 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/12 20:58:36.0546 0220 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/12 20:58:36.0562 0220 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/12 20:58:36.0593 0220 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/12 20:58:36.0609 0220 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/12 20:58:36.0655 0220 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/12 20:58:36.0687 0220 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/12 20:58:36.0733 0220 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/12 20:58:36.0780 0220 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/12 20:58:36.0827 0220 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/06/12 20:58:36.0858 0220 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2011/06/12 20:58:36.0874 0220 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/12 20:58:36.0905 0220 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/12 20:58:36.0967 0220 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/12 20:58:37.0014 0220 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/12 20:58:37.0092 0220 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/12 20:58:37.0108 0220 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/12 20:58:37.0155 0220 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/12 20:58:37.0201 0220 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/12 20:58:37.0279 0220 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/06/12 20:58:37.0311 0220 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/06/12 20:58:37.0357 0220 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/12 20:58:37.0404 0220 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/06/12 20:58:37.0451 0220 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/12 20:58:37.0498 0220 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/12 20:58:37.0576 0220 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/12 20:58:37.0623 0220 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/12 20:58:37.0669 0220 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/12 20:58:37.0732 0220 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/12 20:58:37.0779 0220 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/12 20:58:37.0825 0220 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/12 20:58:37.0872 0220 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/12 20:58:37.0903 0220 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/12 20:58:37.0919 0220 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/12 20:58:37.0935 0220 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/12 20:58:38.0028 0220 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/12 20:58:38.0044 0220 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/12 20:58:38.0091 0220 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/12 20:58:38.0137 0220 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/12 20:58:38.0153 0220 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/12 20:58:38.0169 0220 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/12 20:58:38.0200 0220 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/12 20:58:38.0231 0220 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/12 20:58:38.0325 0220 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/12 20:58:38.0356 0220 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/12 20:58:38.0403 0220 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/12 20:58:38.0434 0220 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/06/12 20:58:38.0465 0220 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/12 20:58:38.0590 0220 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110604.001\IDSvix86.sys
2011/06/12 20:58:38.0637 0220 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/12 20:58:38.0668 0220 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/12 20:58:38.0746 0220 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/12 20:58:38.0793 0220 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/12 20:58:38.0824 0220 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/12 20:58:38.0886 0220 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/12 20:58:38.0917 0220 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/12 20:58:38.0964 0220 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/12 20:58:38.0980 0220 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/06/12 20:58:39.0027 0220 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/12 20:58:39.0058 0220 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/12 20:58:39.0073 0220 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/12 20:58:39.0120 0220 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/12 20:58:39.0151 0220 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/12 20:58:39.0198 0220 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/12 20:58:39.0261 0220 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/12 20:58:39.0292 0220 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/12 20:58:39.0307 0220 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/12 20:58:39.0354 0220 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/12 20:58:39.0385 0220 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/12 20:58:39.0448 0220 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/12 20:58:39.0495 0220 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/12 20:58:39.0526 0220 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/12 20:58:39.0573 0220 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/12 20:58:39.0604 0220 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/12 20:58:39.0635 0220 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/12 20:58:39.0666 0220 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/12 20:58:39.0697 0220 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/12 20:58:39.0729 0220 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/12 20:58:39.0760 0220 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/12 20:58:39.0807 0220 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/12 20:58:39.0838 0220 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/12 20:58:39.0853 0220 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/12 20:58:39.0869 0220 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/06/12 20:58:39.0900 0220 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/12 20:58:39.0963 0220 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/12 20:58:39.0994 0220 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/12 20:58:40.0041 0220 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/12 20:58:40.0087 0220 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/12 20:58:40.0119 0220 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/12 20:58:40.0150 0220 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/12 20:58:40.0181 0220 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/12 20:58:40.0197 0220 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/12 20:58:40.0228 0220 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/12 20:58:40.0275 0220 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/12 20:58:40.0415 0220 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110612.002\NAVENG.SYS
2011/06/12 20:58:40.0509 0220 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110612.002\NAVEX15.SYS
2011/06/12 20:58:40.0587 0220 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/12 20:58:40.0618 0220 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/12 20:58:40.0665 0220 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/12 20:58:40.0680 0220 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/12 20:58:40.0727 0220 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/12 20:58:40.0774 0220 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/12 20:58:40.0821 0220 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/12 20:58:40.0883 0220 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/12 20:58:40.0930 0220 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/12 20:58:40.0977 0220 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/12 20:58:41.0039 0220 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/12 20:58:41.0055 0220 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/12 20:58:41.0101 0220 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/12 20:58:41.0133 0220 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/12 20:58:41.0148 0220 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/12 20:58:41.0179 0220 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/06/12 20:58:41.0242 0220 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/12 20:58:41.0289 0220 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/12 20:58:41.0320 0220 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/12 20:58:41.0335 0220 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/12 20:58:41.0382 0220 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/12 20:58:41.0413 0220 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/12 20:58:41.0445 0220 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/12 20:58:41.0491 0220 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/12 20:58:41.0616 0220 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/12 20:58:41.0632 0220 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/12 20:58:41.0694 0220 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/12 20:58:41.0725 0220 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/12 20:58:41.0788 0220 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/12 20:58:41.0819 0220 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/12 20:58:41.0850 0220 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/12 20:58:41.0928 0220 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/12 20:58:41.0975 0220 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/12 20:58:42.0022 0220 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/12 20:58:42.0069 0220 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/12 20:58:42.0100 0220 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/12 20:58:42.0147 0220 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/12 20:58:42.0178 0220 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/12 20:58:42.0225 0220 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/06/12 20:58:42.0240 0220 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/12 20:58:42.0287 0220 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/12 20:58:42.0349 0220 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/12 20:58:42.0427 0220 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/12 20:58:42.0443 0220 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/12 20:58:42.0459 0220 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/12 20:58:42.0521 0220 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/12 20:58:42.0537 0220 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/12 20:58:42.0568 0220 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/12 20:58:42.0599 0220 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/12 20:58:42.0646 0220 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/06/12 20:58:42.0661 0220 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/12 20:58:42.0693 0220 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/12 20:58:42.0708 0220 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/12 20:58:42.0739 0220 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/06/12 20:58:42.0755 0220 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/12 20:58:42.0786 0220 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/12 20:58:42.0833 0220 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/12 20:58:42.0864 0220 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/12 20:58:42.0942 0220 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
2011/06/12 20:58:42.0973 0220 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/06/12 20:58:43.0020 0220 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/12 20:58:43.0051 0220 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/12 20:58:43.0098 0220 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/12 20:58:43.0161 0220 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/12 20:58:43.0192 0220 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/12 20:58:43.0223 0220 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/06/12 20:58:43.0270 0220 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/06/12 20:58:43.0317 0220 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/06/12 20:58:43.0332 0220 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/06/12 20:58:43.0379 0220 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS
2011/06/12 20:58:43.0395 0220 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/12 20:58:43.0410 0220 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/12 20:58:43.0488 0220 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/12 20:58:43.0535 0220 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/12 20:58:43.0582 0220 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/12 20:58:43.0613 0220 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/12 20:58:43.0644 0220 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/12 20:58:43.0691 0220 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/12 20:58:43.0722 0220 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/12 20:58:43.0785 0220 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/12 20:58:43.0831 0220 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/12 20:58:43.0878 0220 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/12 20:58:43.0894 0220 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/12 20:58:43.0941 0220 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/12 20:58:43.0972 0220 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/12 20:58:44.0003 0220 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/12 20:58:44.0019 0220 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/12 20:58:44.0050 0220 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/12 20:58:44.0081 0220 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/12 20:58:44.0128 0220 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/12 20:58:44.0175 0220 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/06/12 20:58:44.0206 0220 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/12 20:58:44.0237 0220 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/12 20:58:44.0268 0220 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/06/12 20:58:44.0315 0220 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/12 20:58:44.0362 0220 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/12 20:58:44.0393 0220 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/06/12 20:58:44.0424 0220 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/12 20:58:44.0455 0220 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/12 20:58:44.0502 0220 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/12 20:58:44.0533 0220 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/12 20:58:44.0580 0220 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/12 20:58:44.0611 0220 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/12 20:58:44.0658 0220 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/12 20:58:44.0689 0220 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/06/12 20:58:44.0705 0220 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/12 20:58:44.0736 0220 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/06/12 20:58:44.0767 0220 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/12 20:58:44.0814 0220 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/12 20:58:44.0830 0220 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/06/12 20:58:44.0830 0220 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: e503f89127e18062402672414b3ad344
2011/06/12 20:58:44.0845 0220 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/12 20:58:44.0861 0220 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/12 20:58:44.0908 0220 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/06/12 20:58:44.0939 0220 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/12 20:58:44.0970 0220 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/12 20:58:45.0017 0220 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/12 20:58:45.0033 0220 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/12 20:58:45.0064 0220 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/12 20:58:45.0111 0220 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/12 20:58:45.0189 0220 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/06/12 20:58:45.0251 0220 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\Windows\system32\drivers\windrvr6.sys
2011/06/12 20:58:45.0298 0220 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/12 20:58:45.0376 0220 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/12 20:58:45.0423 0220 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/12 20:58:45.0485 0220 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/12 20:58:45.0563 0220 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/12 20:58:45.0594 0220 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
2011/06/12 20:58:45.0594 0220 ================================================================================
2011/06/12 20:58:45.0594 0220 Scan finished
2011/06/12 20:58:45.0594 0220 ================================================================================
2011/06/12 20:58:45.0610 1312 Detected object count: 1
2011/06/12 20:58:45.0610 1312 Actual detected object count: 1
2011/06/12 20:59:30.0865 1312 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/06/12 20:59:30.0865 1312 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: e503f89127e18062402672414b3ad344
2011/06/12 20:59:34.0687 1312 Backup copy found, using it..
2011/06/12 20:59:34.0687 1312 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/06/12 20:59:34.0687 1312 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/06/12 21:00:01.0348 1588 Deinitialize success

#7 branditx22

branditx22
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 12 June 2011 - 09:10 PM

Just checked IE. No redirects and now have sound with flash on IE so no more forced Firefox for us. Thank you!!!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:11 PM

Posted 12 June 2011 - 09:18 PM

Yhis was the real troublemaker,2011/06/12 20:59:30.0865 1312 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys


I recommend you change all passwords especially any financials as thats what its after.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users