Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with keylogger


  • This topic is locked This topic is locked
14 replies to this topic

#1 Omar Yehia

Omar Yehia

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 11 August 2011 - 11:03 AM

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by R0M at 11:12:17 on 2011-08-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1518 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\R0M\AppData\Local\Audiogalaxy\Audiogalaxy.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\GetRight\GetRight.exe
C:\Users\R0M\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4081008
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Audiogalaxy] "c:\users\r0m\appdata\local\audiogalaxy\Audiogalaxy.exe" /startup
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Google Update] "c:\users\r0m\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\r0m\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\r0m\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\r0m\appdata\roaming\microsoft\windows\start menu\programs\startup\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\getright.lnk - c:\program files\getright\GetRight.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
TCP: Interfaces\{5AA86C8E-11D9-49BC-B0A3-5A4DAFD1F8E7} : DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
TCP: Interfaces\{873CAC62-B718-47D2-82ED-BE05D4BF6D88} : DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl3bdcbbdb;MpKsl3bdcbbdb;c:\programdata\microsoft\microsoft antimalware\definition updates\{cc281721-1b8f-4b25-b20b-086d4262e621}\MpKsl3bdcbbdb.sys [2011-8-11 28752]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-10-8 73728]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-10-27 366640]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-10-8 27648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-10-25 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-10-27 22712]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-5-12 21744]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-10-8 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-10-8 19008]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-24 27632]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-27 127496]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);"c:\program files\common files\doctor web\scanning engine\dwengine.exe" --> c:\program files\common files\doctor web\scanning engine\dwengine.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-13 13224]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-10-25 29192]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-10-15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-10-15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-10-15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-10-15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-10-15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-10-15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-10-15 117672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-11 14:49:54 -------- d-----w- c:\users\r0m\appdata\local\{36D7E7C4-349B-4026-8D02-CC35CB7A3EEA}
2011-08-11 14:49:40 -------- d-----w- c:\users\r0m\appdata\local\{76823E61-DACA-4EE5-8FC5-4304D4EC710E}
2011-08-11 14:44:34 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cc281721-1b8f-4b25-b20b-086d4262e621}\MpKsl3bdcbbdb.sys
2011-08-11 00:22:10 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 00:22:06 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 00:22:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-11 00:21:50 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 00:21:49 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 00:21:47 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 00:21:46 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-10 22:34:16 709968 ----a-w- c:\windows\isRS-000.tmp
2011-08-10 22:25:30 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cc281721-1b8f-4b25-b20b-086d4262e621}\mpengine.dll
2011-08-05 17:15:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-05 17:15:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-05 17:15:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-05 17:15:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-05 17:15:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-05 17:15:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-05 17:15:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-04 21:36:47 -------- d-----w- c:\windows\en
2011-08-04 21:32:35 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2011-08-04 21:22:29 -------- d-----w- c:\users\r0m\appdata\local\{F9006EC2-AB16-4116-9196-A4B087C42E19}
2011-08-03 17:42:35 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-03 17:42:33 -------- d-----w- c:\users\r0m\appdata\local\temp
2011-08-03 17:28:07 -------- d-----w- C:\ComboFix
2011-08-03 10:27:42 -------- d-----w- c:\users\r0m\appdata\local\{8E49F801-933A-4F63-83CC-59AE8EBFA116}
2011-08-02 22:27:52 -------- d-----w- c:\users\r0m\appdata\local\{7B833D77-9936-4DCA-B045-4C58CF804F74}
2011-08-02 20:36:19 -------- d-----w- c:\users\r0m\appdata\local\{45A0E19C-15B7-4285-8929-FB381CD2FDEA}
2011-08-02 20:36:08 -------- d-----w- c:\users\r0m\appdata\local\{DA82216F-BC3C-48EC-B446-A2D5405EBF08}
2011-08-02 10:30:34 -------- d-----w- c:\users\r0m\appdata\local\{15849E99-ADAA-4481-AC31-B735778FB79E}
2011-07-31 19:41:01 -------- d-----w- c:\program files\Photo Story 3 for Windows
2011-07-26 22:27:31 -------- d-----w- c:\users\r0m\appdata\local\{5F0B10ED-24CD-499C-9A67-2F2135B1AC46}
2011-07-26 22:26:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 16:31:40 -------- d-----w- c:\program files\iPod
2011-07-22 16:31:39 -------- d-----w- c:\program files\iTunes
2011-07-22 16:28:03 -------- d-----w- c:\program files\Bonjour
2011-07-14 19:16:33 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-14 19:15:33 -------- d-----w- c:\program files\Winamp Detect
2011-07-13 17:31:48 -------- d-----w- c:\users\r0m\appdata\local\{9C7AA381-325D-4F94-BAFE-EB9D778FB8AC}
2011-07-13 00:04:21 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 00:04:21 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 00:04:19 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 00:04:15 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
==================== Find3M ====================
.
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-05-13 20:03:34 49016 ----a-w- c:\windows\system32\sirenacm.dll
2011-05-13 19:42:24 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
============= FINISH: 11:13:02.11 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 AM

Posted 16 August 2011 - 03:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/413915 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 16 August 2011 - 05:56 PM

1- I think i have a keylogger since hacker keeps changing my password on facebook, i do not want to format the system
2- See attachments
3- No it has been a while, i don't think i have them anymore

Regards,

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:41 AM

Posted 17 August 2011 - 05:11 AM

Hello Omar Yehia,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 17 August 2011 - 10:59 AM

Alright, thanks

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:41 AM

Posted 19 August 2011 - 05:19 PM

Hello,

I don't see anything prevalent to say you have a keylogger. Lets run a couple of tools and see what we come up with.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.5.6.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 20 August 2011 - 11:37 AM

2011/08/20 12:13:47.0110 4040 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/20 12:13:47.0518 4040 ================================================================================
2011/08/20 12:13:47.0519 4040 SystemInfo:
2011/08/20 12:13:47.0519 4040
2011/08/20 12:13:47.0519 4040 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/20 12:13:47.0519 4040 Product type: Workstation
2011/08/20 12:13:47.0519 4040 ComputerName: ROMSTER2
2011/08/20 12:13:47.0519 4040 UserName: R0M
2011/08/20 12:13:47.0519 4040 Windows directory: C:\Windows
2011/08/20 12:13:47.0519 4040 System windows directory: C:\Windows
2011/08/20 12:13:47.0519 4040 Processor architecture: Intel x86
2011/08/20 12:13:47.0519 4040 Number of processors: 4
2011/08/20 12:13:47.0519 4040 Page size: 0x1000
2011/08/20 12:13:47.0519 4040 Boot type: Normal boot
2011/08/20 12:13:47.0519 4040 ================================================================================
2011/08/20 12:13:49.0582 4040 Initialize success
2011/08/20 12:14:03.0838 6804 ================================================================================
2011/08/20 12:14:03.0838 6804 Scan started
2011/08/20 12:14:03.0838 6804 Mode: Manual;
2011/08/20 12:14:03.0838 6804 ================================================================================
2011/08/20 12:14:04.0281 6804 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/20 12:14:04.0361 6804 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/20 12:14:04.0421 6804 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/20 12:14:04.0471 6804 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/20 12:14:04.0521 6804 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/20 12:14:04.0713 6804 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/20 12:14:04.0758 6804 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/20 12:14:04.0807 6804 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/20 12:14:04.0849 6804 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/20 12:14:04.0905 6804 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/20 12:14:04.0952 6804 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/20 12:14:04.0986 6804 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/20 12:14:05.0025 6804 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/20 12:14:05.0275 6804 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/20 12:14:05.0404 6804 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/20 12:14:05.0477 6804 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/20 12:14:05.0516 6804 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/20 12:14:05.0568 6804 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/20 12:14:05.0631 6804 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/20 12:14:05.0692 6804 AtiHdmiService (d7672d90ef03d0e2efdb02df5045a359) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/20 12:14:05.0881 6804 atikmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/20 12:14:06.0083 6804 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/20 12:14:06.0167 6804 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/20 12:14:06.0209 6804 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/20 12:14:06.0293 6804 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/20 12:14:06.0343 6804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/20 12:14:06.0366 6804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/20 12:14:06.0402 6804 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/20 12:14:06.0445 6804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/20 12:14:06.0478 6804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/20 12:14:06.0508 6804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/20 12:14:06.0658 6804 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/20 12:14:06.0730 6804 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/20 12:14:06.0769 6804 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/20 12:14:06.0833 6804 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/08/20 12:14:06.0880 6804 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/20 12:14:06.0956 6804 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\Windows\system32\Drivers\btnetBus.sys
2011/08/20 12:14:07.0113 6804 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/20 12:14:07.0184 6804 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/20 12:14:07.0220 6804 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/20 12:14:07.0289 6804 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/20 12:14:07.0343 6804 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/20 12:14:07.0387 6804 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/08/20 12:14:07.0408 6804 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/20 12:14:07.0443 6804 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/20 12:14:07.0521 6804 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/20 12:14:07.0612 6804 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/20 12:14:07.0685 6804 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/20 12:14:07.0714 6804 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/20 12:14:07.0739 6804 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/20 12:14:07.0784 6804 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/20 12:14:07.0973 6804 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/20 12:14:08.0037 6804 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/08/20 12:14:08.0103 6804 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/20 12:14:08.0191 6804 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/20 12:14:08.0251 6804 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/20 12:14:08.0303 6804 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/20 12:14:08.0389 6804 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/20 12:14:08.0425 6804 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/20 12:14:08.0449 6804 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/20 12:14:08.0502 6804 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/20 12:14:08.0532 6804 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/20 12:14:08.0564 6804 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/20 12:14:08.0593 6804 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/20 12:14:08.0630 6804 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/20 12:14:08.0663 6804 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/20 12:14:08.0711 6804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/20 12:14:08.0777 6804 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/08/20 12:14:08.0843 6804 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/08/20 12:14:08.0918 6804 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/20 12:14:08.0998 6804 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/20 12:14:09.0063 6804 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/20 12:14:09.0106 6804 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/20 12:14:09.0182 6804 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/20 12:14:09.0216 6804 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/20 12:14:09.0318 6804 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/20 12:14:09.0375 6804 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/20 12:14:09.0457 6804 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/20 12:14:09.0516 6804 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\drivers\iastor.sys
2011/08/20 12:14:09.0567 6804 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/20 12:14:09.0631 6804 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/20 12:14:09.0727 6804 IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/20 12:14:09.0779 6804 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/20 12:14:09.0815 6804 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/20 12:14:09.0879 6804 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/20 12:14:09.0917 6804 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/20 12:14:09.0945 6804 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/20 12:14:09.0977 6804 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/20 12:14:10.0004 6804 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/20 12:14:10.0073 6804 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/20 12:14:10.0105 6804 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/20 12:14:10.0149 6804 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/20 12:14:10.0191 6804 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/20 12:14:10.0229 6804 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/20 12:14:10.0303 6804 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/20 12:14:10.0355 6804 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/20 12:14:10.0408 6804 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/20 12:14:10.0440 6804 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/20 12:14:10.0470 6804 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/20 12:14:10.0486 6804 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/20 12:14:10.0540 6804 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/20 12:14:10.0583 6804 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/20 12:14:10.0630 6804 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/20 12:14:10.0678 6804 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/20 12:14:10.0751 6804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/20 12:14:10.0773 6804 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/20 12:14:10.0794 6804 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/20 12:14:10.0820 6804 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/20 12:14:10.0910 6804 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/20 12:14:10.0941 6804 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/20 12:14:11.0111 6804 MpKslf248fe77 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA44C5C2-BFB2-422D-9A3E-F9F1AD87F206}\MpKslf248fe77.sys
2011/08/20 12:14:11.0182 6804 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/20 12:14:11.0235 6804 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/20 12:14:11.0294 6804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/20 12:14:11.0345 6804 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/20 12:14:11.0411 6804 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/20 12:14:11.0479 6804 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/20 12:14:11.0501 6804 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/20 12:14:11.0526 6804 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/08/20 12:14:11.0562 6804 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/20 12:14:11.0619 6804 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/20 12:14:11.0652 6804 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/20 12:14:11.0702 6804 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/20 12:14:11.0755 6804 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/20 12:14:11.0785 6804 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/20 12:14:11.0857 6804 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/20 12:14:11.0890 6804 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/20 12:14:11.0936 6804 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/20 12:14:11.0965 6804 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/20 12:14:12.0093 6804 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/20 12:14:12.0151 6804 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/20 12:14:12.0216 6804 Ndisprot (d3cc1a514fd1ae44a7ed3c5e170961c7) C:\Windows\system32\drivers\Ndisprot.sys
2011/08/20 12:14:12.0241 6804 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/20 12:14:12.0288 6804 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/20 12:14:12.0392 6804 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/20 12:14:12.0413 6804 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/20 12:14:12.0459 6804 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/20 12:14:12.0526 6804 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/20 12:14:12.0581 6804 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/20 12:14:12.0649 6804 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/20 12:14:12.0701 6804 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/20 12:14:12.0725 6804 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/20 12:14:12.0800 6804 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/20 12:14:12.0838 6804 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/20 12:14:12.0854 6804 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/20 12:14:12.0884 6804 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/20 12:14:12.0913 6804 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/20 12:14:12.0953 6804 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/20 12:14:13.0067 6804 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/20 12:14:13.0103 6804 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/20 12:14:13.0143 6804 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/20 12:14:13.0188 6804 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/20 12:14:13.0297 6804 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
2011/08/20 12:14:13.0372 6804 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/20 12:14:13.0433 6804 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/20 12:14:13.0468 6804 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/20 12:14:13.0511 6804 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/08/20 12:14:13.0563 6804 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/20 12:14:13.0660 6804 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
2011/08/20 12:14:13.0685 6804 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
2011/08/20 12:14:13.0748 6804 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/20 12:14:13.0779 6804 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/20 12:14:13.0945 6804 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/20 12:14:13.0976 6804 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/20 12:14:14.0016 6804 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/20 12:14:14.0061 6804 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/20 12:14:14.0096 6804 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/20 12:14:14.0331 6804 R300 (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/20 12:14:14.0410 6804 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/20 12:14:14.0445 6804 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/20 12:14:14.0508 6804 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/20 12:14:14.0567 6804 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/20 12:14:14.0642 6804 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/20 12:14:14.0681 6804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/20 12:14:14.0723 6804 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/20 12:14:14.0742 6804 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/20 12:14:14.0811 6804 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/20 12:14:14.0864 6804 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/20 12:14:14.0916 6804 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/20 12:14:15.0015 6804 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/08/20 12:14:15.0037 6804 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
2011/08/20 12:14:15.0073 6804 s0017bus (6381d7fac6ce956f37aa76031939f8cc) C:\Windows\system32\DRIVERS\s0017bus.sys
2011/08/20 12:14:15.0112 6804 s0017mdfl (3a0b4fc02d9d79a4f7ee9c13e287c5eb) C:\Windows\system32\DRIVERS\s0017mdfl.sys
2011/08/20 12:14:15.0148 6804 s0017mdm (aa689c79d62caf565357520cae065f17) C:\Windows\system32\DRIVERS\s0017mdm.sys
2011/08/20 12:14:15.0200 6804 s0017mgmt (547b1a09017a4c4ce6b535ba810523da) C:\Windows\system32\DRIVERS\s0017mgmt.sys
2011/08/20 12:14:15.0240 6804 s0017nd5 (6db4820821e819cf61546e1f991a298d) C:\Windows\system32\DRIVERS\s0017nd5.sys
2011/08/20 12:14:15.0268 6804 s0017obex (d623bf6f04f7603ee1c4b59c737b69a7) C:\Windows\system32\DRIVERS\s0017obex.sys
2011/08/20 12:14:15.0309 6804 s0017unic (0c970a53fc43815e948628442f8983ad) C:\Windows\system32\DRIVERS\s0017unic.sys
2011/08/20 12:14:15.0396 6804 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
2011/08/20 12:14:15.0422 6804 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
2011/08/20 12:14:15.0452 6804 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
2011/08/20 12:14:15.0482 6804 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys
2011/08/20 12:14:15.0507 6804 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys
2011/08/20 12:14:15.0537 6804 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys
2011/08/20 12:14:15.0561 6804 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys
2011/08/20 12:14:15.0601 6804 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/20 12:14:15.0665 6804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/20 12:14:15.0749 6804 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/08/20 12:14:15.0794 6804 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/20 12:14:15.0824 6804 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/20 12:14:15.0852 6804 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/20 12:14:15.0905 6804 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/20 12:14:15.0934 6804 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/20 12:14:15.0959 6804 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/20 12:14:15.0989 6804 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/20 12:14:16.0054 6804 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/20 12:14:16.0055 6804 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/20 12:14:16.0085 6804 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/20 12:14:16.0156 6804 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/20 12:14:16.0199 6804 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/20 12:14:16.0288 6804 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2011/08/20 12:14:16.0369 6804 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/20 12:14:16.0462 6804 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/20 12:14:16.0489 6804 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/20 12:14:16.0533 6804 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/20 12:14:16.0569 6804 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/20 12:14:16.0648 6804 symsnap (c9273531eac75ee225e3170fb6107fa3) C:\Windows\system32\DRIVERS\symsnap.sys
2011/08/20 12:14:16.0678 6804 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/20 12:14:16.0713 6804 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/20 12:14:16.0824 6804 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
2011/08/20 12:14:16.0863 6804 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/20 12:14:16.0892 6804 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/20 12:14:16.0922 6804 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/20 12:14:16.0960 6804 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/20 12:14:17.0020 6804 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/20 12:14:17.0082 6804 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/20 12:14:17.0171 6804 TotRec7 (e9c2642ec635b01f19f343df5eb488d3) C:\Windows\system32\drivers\TotRec7.sys
2011/08/20 12:14:17.0222 6804 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/20 12:14:17.0264 6804 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/20 12:14:17.0319 6804 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/20 12:14:17.0393 6804 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/20 12:14:17.0459 6804 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/20 12:14:17.0517 6804 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/20 12:14:17.0563 6804 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/20 12:14:17.0600 6804 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/20 12:14:17.0636 6804 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/20 12:14:17.0672 6804 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/20 12:14:17.0716 6804 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/20 12:14:17.0803 6804 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/20 12:14:17.0914 6804 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/08/20 12:14:17.0979 6804 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/20 12:14:18.0010 6804 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/20 12:14:18.0056 6804 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/20 12:14:18.0124 6804 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/20 12:14:18.0155 6804 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/20 12:14:18.0202 6804 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/20 12:14:18.0253 6804 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/20 12:14:18.0282 6804 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/20 12:14:18.0308 6804 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/20 12:14:18.0379 6804 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\Windows\system32\DRIVERS\v2imount.sys
2011/08/20 12:14:18.0454 6804 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/20 12:14:18.0478 6804 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/20 12:14:18.0502 6804 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/20 12:14:18.0542 6804 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/20 12:14:18.0579 6804 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/20 12:14:18.0610 6804 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/20 12:14:18.0680 6804 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/20 12:14:18.0728 6804 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/20 12:14:18.0782 6804 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/20 12:14:18.0918 6804 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/20 12:14:18.0938 6804 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/20 12:14:18.0958 6804 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/20 12:14:19.0008 6804 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/20 12:14:19.0048 6804 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/20 12:14:19.0157 6804 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/20 12:14:19.0252 6804 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/20 12:14:19.0286 6804 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/20 12:14:19.0366 6804 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/20 12:14:19.0465 6804 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/20 12:14:19.0527 6804 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/08/20 12:14:19.0543 6804 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
2011/08/20 12:14:19.0568 6804 MBR (0x1B8) (23383cc287fd76b17e273ca06c80a2b3) \Device\Harddisk7\DR12
2011/08/20 12:14:19.0622 6804 Boot (0x1200) (0df498043b82843b314c4ad3a1003fbe) \Device\Harddisk0\DR0\Partition0
2011/08/20 12:14:19.0633 6804 Boot (0x1200) (77e51061eabc1cabe2bbf3eb09a94bf9) \Device\Harddisk0\DR0\Partition1
2011/08/20 12:14:19.0649 6804 Boot (0x1200) (fcf3f24fe94ee950cbadaf40dfef6605) \Device\Harddisk1\DR1\Partition0
2011/08/20 12:14:19.0664 6804 Boot (0x1200) (05cbe7383c2980dec8d654434cebfff4) \Device\Harddisk6\DR6\Partition0
2011/08/20 12:14:19.0674 6804 ================================================================================
2011/08/20 12:14:19.0674 6804 Scan finished
2011/08/20 12:14:19.0674 6804 ================================================================================
2011/08/20 12:14:19.0687 5552 Detected object count: 0
2011/08/20 12:14:19.0687 5552 Actual detected object count: 0
2011/08/20 12:14:34.0269 7480 Deinitialize success


ComboFix 11-08-19.02 - R0M 20/08/2011 12:22:03.18.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.994 [GMT -4:00]
Running from: c:\users\R0M\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\R0M\Documents\1180.avi
.
.
((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-20 16:30 . 2011-08-20 16:30 -------- d-----w- c:\users\R0M\AppData\Local\temp
2011-08-20 16:30 . 2011-08-20 16:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-20 16:30 . 2011-08-20 16:30 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-08-20 16:30 . 2011-08-20 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-15 16:17 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-12 14:53 . 2010-11-30 15:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED8CB7B0-CE15-437A-960C-D4FC77094405}\gapaengine.dll
2011-08-11 00:22 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 00:22 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 00:22 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-11 00:21 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 00:21 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 00:21 . 2011-06-17 20:13 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 00:21 . 2011-06-17 13:31 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-05 17:15 . 2011-08-05 17:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-05 17:15 . 2011-08-05 17:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-05 17:15 . 2011-08-05 17:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-05 17:15 . 2011-08-05 17:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-05 17:15 . 2011-08-05 17:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-05 17:15 . 2011-08-05 17:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-05 17:15 . 2011-08-05 17:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-05 17:15 . 2011-08-05 17:15 -------- d-----w- c:\program files\QuickTime
2011-08-04 21:36 . 2011-08-04 21:36 -------- d-----w- c:\windows\en
2011-08-04 21:32 . 2011-08-04 21:32 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-31 19:41 . 2011-07-31 19:41 -------- d-----w- c:\program files\Photo Story 3 for Windows
2011-07-26 22:26 . 2011-07-26 22:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 16:31 . 2011-07-22 16:31 -------- d-----w- c:\program files\iPod
2011-07-22 16:31 . 2011-07-22 16:32 -------- d-----w- c:\program files\iTunes
2011-07-22 16:28 . 2011-07-22 16:28 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2011-02-27 07:14 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-06 23:52 . 2008-10-27 22:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 23:52 . 2008-10-27 22:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-02 13:34 . 2011-07-13 00:04 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\R0M\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\R0M\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\R0M\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\R0M\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2011-05-13 4283256]
"Audiogalaxy"="c:\users\R0M\AppData\Local\Audiogalaxy\Audiogalaxy.exe" [2011-06-20 2953448]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\R0M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\R0M\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
hpqtra08.exe [2008-3-25 214360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2008-10-23 4657424]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-08 17:59 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R1 MpKsleb09c178;MpKsleb09c178;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D82E689B-BBE5-44D8-9734-9ED8E8EE563B}\MpKsleb09c178.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-08-13 13224]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2008-10-25 29192]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-09-29 436792]
S1 MpKsl6835acf1;MpKsl6835acf1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C04C93B8-A747-431A-A264-2A98B164B6FB}\MpKsl6835acf1.sys [x]
S1 MpKslf248fe77;MpKslf248fe77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA44C5C2-BFB2-422D-9A3E-F9F1AD87F206}\MpKslf248fe77.sys [2011-08-19 28752]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-07-21 27648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-05-12 21744]
S3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
S3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-28 127496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 57325149
*NewlyCreated* - MPKSL80DE2BEF
*NewlyCreated* - MPKSL8731C6EE
*NewlyCreated* - MPKSLF248FE77
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
*Deregistered* - 57325149
*Deregistered* - MpKsl80de2bef
*Deregistered* - MpKsl8731c6ee
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255320971-820056546-208935856-1000Core.job
- c:\users\R0M\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-23 03:15]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255320971-820056546-208935856-1000UA.job
- c:\users\R0M\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-23 03:15]
.
2011-08-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-08-15 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-10-08 11:18]
.
2011-08-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4081008
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 12:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\R0M\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-20 12:33:18
ComboFix-quarantined-files.txt 2011-08-20 16:33
ComboFix2.txt 2011-08-03 17:42
ComboFix3.txt 2011-06-10 16:10
ComboFix4.txt 2011-05-04 00:57
ComboFix5.txt 2011-08-20 16:18
.
Pre-Run: 11,655,090,176 bytes free
Post-Run: 11,785,146,368 bytes free
.
- - End Of File - - 9B1850A8C6D918F5ABD48162366428BE

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:41 AM

Posted 20 August 2011 - 03:26 PM

Hello,


I still see no signs of a keylogger. I see you have run Combofix multiple times before. Please go to C:\ComboFix2.txt And copy and post that log. In the meantime we will try a couple other scanners.

1.
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

2.
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

3.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Things to include in your next reply::
RkuUnHooker log
SAS log
Eset log
Combofix2.txt

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 20 August 2011 - 08:52 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #4
==============================================
>Drivers
==============================================
0x9400F000 C:\Windows\system32\DRIVERS\atikmdag.sys 7888896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82418000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82418000 PnpManager 3907584 bytes
0x82418000 RAW 3907584 bytes
0x82418000 WMIxWDM 3907584 bytes
0x94E04000 C:\Windows\system32\drivers\RTKVHDA.sys 2150400 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x9DE10000 Win32k 2113536 bytes
0x9DE10000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8AA08000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8307B000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x83209000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x806D8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA3E7D000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA2208000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x93E48000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x93EE8000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x82A06000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8300A000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8060E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA231B000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA3E2E000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x82B2B000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x950E8000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x82A8F000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80697000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x9492E000 C:\Windows\system32\DRIVERS\Rtlh86.sys 266240 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x949BC000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x93E09000 C:\Windows\system32\DRIVERS\atikmpag.sys 258048 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x947AC000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x95199000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x831B1000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x94D9D000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8AB18000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x94C0F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x827D2000 ACPI_HAL 208896 bytes
0x827D2000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xACA0F000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x82BC7000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x95130000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x9498D000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8333B000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x83186000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8338D000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA22C8000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x83311000 C:\Windows\system32\drivers\TotRec7.sys 172032 bytes (High Criteria inc., Total Recorder WDM audio driver)
0xA3F71000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA3E06000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8AB68000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x95011000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x82AE6000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x94CD8000 C:\Windows\system32\DRIVERS\Dot4.sys 151552 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
0x83368000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x93F8C000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8ABA0000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA23D3000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9506B000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x807D2000 C:\Windows\system32\DRIVERS\symsnap.sys 131072 bytes (StorageCraft, StorageCraft Volume Snap-Shot)
0x94D7E000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82BA9000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA2388000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x832F6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x94D63000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x94C55000 C:\Windows\system32\drivers\AtiHdmi.sys 106496 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xA23A5000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9496F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x94DD6000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x951E5000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x93F75000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x94C6F000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xACA57000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x95162000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x950BE000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA23BE000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x93FD2000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x94C9F000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA3FA1000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x93FBE000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x950D4000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0xA22FC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x95186000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x94D49000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0xA3FB6000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8AB8F000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x94C44000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8067E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x807B8000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x94C86000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA22B8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82B91000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x94910000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x833C6000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x833B7000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x94D30000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AB59000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xACB20000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 61440 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0x82B0D000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x93FAF000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x947EA000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82B1C000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x94920000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9E050000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x95178000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x950A7000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82B7C000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x94D06000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x94CCB000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
0x833EB000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x94CB4000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x82A82000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x93FE7000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xA230F000 C:\Windows\system32\DRIVERS\RtNdPt60.sys 49152 bytes (Windows ® Codename Longhorn DDK provider, NDIS User mode I/O Driver)
0xA3F65000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA3FD3000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x9505F000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x94795000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x94D13000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x93FF3000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x833D6000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x9509C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x94000000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x94800000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xA3FC8000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8ABEA000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x947A1000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x94D26000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0xACADD000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x833E1000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA22F2000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x951D5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x94D3F000 C:\Windows\system32\DRIVERS\pmxmouse.sys 40960 bytes (Primax Electronics Ltd., Mouse Suite Driver (For Windows 2000 and Whistler Only))
0x807C8000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA3F5B000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x94CC1000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0xACB3B000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8ABC1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x94CFD000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
0x95038000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9504F000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x94C96000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x950B5000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9E030000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8ABF5000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82AD5000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82BA1000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8068F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xACB11000 C:\Users\R0M\AppData\Local\Temp\catchme.sys 32768 bytes
0x94D1E000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x94D5B000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x82ADE000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9508C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x95094000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AB51000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA3F99000 C:\Windows\system32\DRIVERS\v2imount.sys 32768 bytes (Symantec Corporation, V2iMount.sys - Image Mounting Device Driver)
0x95048000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x95058000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x82B75000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80607000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x95041000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x82B8A000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x94987000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x951DF000 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C04C93B8-A747-431A-A264-2A98B164B6FB}\MpKsl6835acf1.sys 24576 bytes
0xACB35000 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FCDEDC8-0E54-4E34-ACBC-037F99B5A27E}\MpKsld7e59d57.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x947F9000 C:\Windows\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0xACA6D000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xACA71000 c:\program files\dell support center\pcdsrvc.pkms 16384 bytes (PC-Doctor, Inc., Kernel Driver)
0x94E00000 C:\Windows\system32\DRIVERS\pmxusblf.sys 12288 bytes (Primax Electronics Ltd., USB Mouse Low Filter Driver(Win2000 only))
0xACB0F000 C:\Windows\system32\Drivers\PROCEXP113.SYS 8192 bytes
0x9480B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x951FC000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2011 at 05:11 PM

Application Version : 5.0.1118

Core Rules Database Version : 7585
Trace Rules Database Version: 5397

Scan type : Quick Scan
Total Scan Time : 00:03:47

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 341
Memory threats detected : 0
Registry items scanned : 30644
Registry threats detected : 2
File items scanned : 8359
File threats detected : 736

Adware.Tracking Cookie
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@247realmedia[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@2o7[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@2o7[3].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@a.websponsors[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@account.live[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.100.tbn[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.120.tbn[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.600.tbn[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.adocean[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.associatedcontent[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.convertsmart[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.lookery[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.strict.tbn[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.tbn[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.xtendmedia[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.yieldmanager[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad.zanox[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad1.clickhype[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ad2.doublepimp[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adbrite[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adbureau[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adcentriconline[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adecn[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adinterax[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adlegend[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@admarketplace[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adopt.euroclick[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adopt.specificclick[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads-dev.youporn[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.ad4game[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.adonion[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.as4x.tmcs.ticketmaster[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.as4x.tmcs[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.bleepingcomputer[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.bootcampmedia[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.clicksor[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.gamersmedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.glispa[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.infinite-ads[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.lucidmedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.mediamayhemcorp[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.networldmedia[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.ookla[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.opensubtitles[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.pointroll[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.pugetsoundsoftware[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.realtechnetwork[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.techguy[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.teleint[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.us.e-planning[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.w-ads[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ads.widgetbucks[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adserve.atedra[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adserver.adtechus[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adserver.easyad[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adserver.tqs[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adserving.contextualmarketplace[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adstat.4u[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adstats.cdfreaks[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adtech[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adultfriendfinder[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@advertising[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adwarealert[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@adxpose[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@aff.primaryads[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@affiliates.commissionaccount[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@apmebf[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@at.atwola[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@atdmt[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@atdmt[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@atdmt[3].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@atdmt[5].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@atdmt[6].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@atlas.entrepreneur[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@atwola[3].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@azjmp[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@bb.clickad[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@bellcan.adbureau[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@bellglobemediapublishing.122.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@biskeducation.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@bluestreak[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@boursoramabanque.solution.weborama[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@bravenet[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@bridge1.admarketplace[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@bs.serving-sys[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@casalemedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@cgm.adbureau[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@chitika[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@citi.bridgetrack[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@clicksor[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@clicktorrent[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@collective-media[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@content.yieldmanager[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@content.yieldmanager[3].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@counter.hitslink[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@countrycodes[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@cracks[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@cracktorrents[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ctv.122.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@dboomdev.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@dealtime[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@dmtracker[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@doubleclick[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@e-2dj6wflogjcpafp.stats.esomniture[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@e-2dj6whlykkczmfq.stats.esomniture[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@eas.apm.emediate[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ehg-bestbuy.hitbox[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@enhance[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@entrepreneur.122.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ero-advertising[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@euroclick[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@euros4click[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ext-us.bestofmedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@fastclick[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@fl01.ct2.comclick[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@focalex[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@freecorder.media-toolbar[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@gigawarez[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@hearstmagazines.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@hitbox[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@hotlog[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@imagesc05.247realmedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@imrworldwide[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@insightexpressai[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@interclick[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@invitemedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@jamster[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@kontera[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@lfstmedia[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@lucidmedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@mansion.122.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@media-toolbar[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@media6degrees[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@mediafire[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@mediainfo.sourceforge[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@mediaplex[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@mediaplex[3].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@mediatraffic[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@microsoftmachinetranslation.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@microsoftwindows.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@mixxx[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@msnaccountservices.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@msnportal.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@myroitracking[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@networldmedia[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@nextag[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@oasc05.247realmedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@oasn04.247realmedia[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@oneclickmoviez[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@optimize.indieclick[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@overture[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@pandasoftware.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@partyaccount[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@partypoker[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@paypal.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@perf.overture[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@perf.overture[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@pointroll[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@popularscreensavers[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@precisionclick[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@pro-market[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@questionmarket[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@rbc.bridgetrack[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@rbc.bridgetrack[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@rbc.bridgetrack[3].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@rbc.bridgetrack[4].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@realmedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@revenue[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@revsci[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@roiservice[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@rotator.adjuggler[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@ru4[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@secure.partyaccount[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@serv.clicksor[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@serv103.clicksor[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@servedby.adxpower[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@servedby.adxpower[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@servedby.onlinemediadiva[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@server.cpmstar[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@server.iad.liveperson[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@server.iad.liveperson[3].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@server.lon.liveperson[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@server.lon.liveperson[3].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@serving-sys[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@serw.clicksor[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@smartadserver[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@smileycentral[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@socialmedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@sonymediasoftware.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@specificclick[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@specificmedia[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@stat.dealtime[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@statcounter[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@stats.paypal[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@support.mediafire[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@tacoda[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@toplist[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@toplist[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@toseeka[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@track.adform[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@trackalyzer[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@traffic.weatherbytech[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@trafficmp[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@tribalfusion[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@viamtvcom.112.2o7[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@videoegg.adbureau[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@vitamine.networldmedia[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@warezscene[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@webmasterplan[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@weborama[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@webpresseaccount.ads.streamtheworld[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www.burstbeacon[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www.cracktorrents[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www.findstuff[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www.gigawarez[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www.googleadservices[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www.movableadnetwork[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www.toseeka[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www.w3counter[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www.warezscene[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www.zanox-affiliate[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www6.addfreestats[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@www7.addfreestats[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@xiti[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@xwarezzz[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@yadro[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@yieldmanager[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@yieldmanager[3].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@youporn[2].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\r0m@zedo[1].txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\7DNPF6TA.txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\TCYG4RSO.txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\B6WEVQQ6.txt
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Cookies\G7J0UQ6I.txt
.adbrite.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bellcan.adbureau.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.youporn.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vitamine.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbureau.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rotator.adjuggler.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bellcan.adbureau.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.122.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bellcan.adbureau.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bellcan.adbureau.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bellcan.adbureau.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.youporn.videobox.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.media-servers.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.partypoker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stat.4u.pl [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
user.lucidmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficrevenue.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.harrenmedianetwork.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vitamine.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.view.atdmt.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftwindows.112.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.youporn.videobox.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gscounters.gigya.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.indoormedia.co.uk [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trekmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cisco.112.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.hostgator.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertstream.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.youpornmate.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
acewebtraffic.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
trackstatsnow.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
acewebtraffic.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.superstats.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.journalregistercompany.122.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.adreactor.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revenue.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.buycom.122.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserv.rotator.hadj7.adjuggler.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www3.addfreestats.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.web-stat.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.web-stat.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.web-stat.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.web-stat.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.web-stat.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.web-stat.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.800sextalk.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.800sextalk.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adulthostingonly.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adulthostingonly.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpansion.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rambler.ru [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viewablemedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kaspersky.122.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.visit-tracker.biz [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clicks.search312.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.theclickcheck.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.theclickcheck.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserverpremium.ca [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserverpremium.ca [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pelmorexmedia.122.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.youporn.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bannersrv.cereusplatform.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kantarmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pornografish.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.rncmedia.ca [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserv.rotator.hadj7.adjuggler.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countomat.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserving.localpages.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserving.localpages.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rev.remnantmedianetwork.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rev.remnantmedianetwork.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
secure.partyaccount.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
optimize.indieclick.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
optimize.indieclick.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver2.exgfnetwork.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediabrandsww.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mtvn.112.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viacom.adbureau.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viacom.adbureau.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads2.zeusclicks.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.star-advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.star-advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.youporn.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.youporn.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.trafficjunky.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickmusic.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.openstat.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.barrirepoker.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.barrirepoker.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.barrirepoker.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.barrirepoker.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.boursoramabanque.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.boursoramabanque.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.boursoramabanque.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.boursoramabanque.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.samsungdive.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ipcmedia.122.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.clickmusic.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.clickmusic.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickmusic.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickmusic.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickmusic.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserve.atedra.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracklistings.forum.st [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracklistings.forum.st [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracklistings.forum.st [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.popularscreensavers.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.popularscreensavers.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xm.xtendmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sympatico.112.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.numericable.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.numericable.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.numericable.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.numericable.112.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.numericable.solution.weborama.fr [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertstream.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bubblestat.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.royalbank.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clicks.thespecialsearch.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rbc.bridgetrack.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myroitracking.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking1.aleadpay.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adcentriconline.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mds.profcitymedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.valwa.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vitamine.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rbc.bridgetrack.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rotator.adjuggler.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
vitamine.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
vitamine.networldmedia.net [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.emediatrack.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.emediatrack.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\R0M\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Rootkit.NDisProt/Fake
HKLM\System\CurrentControlSet\Services\NDISPROT
C:\WINDOWS\SYSTEM32\DRIVERS\NDISPROT.SYS
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_NDISPROT

C:\downloads\DVDFAB5232 - Boredatwork.nl.rar a variant of Win32/PSW.VB.NFA trojan deleted - quarantined
C:\downloads\CollageMaker\Collage_Maker_v3.0_downarchive\Patch\collage.maker.3.0-patch.exe Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\downloads\MixMeister Fusion v7.3.2\Patch\Patch.exe Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\downloads\Total Video Converter 3.50 + Patch\Total Video Converter 3.50 Patch\Total Video Converter HD_3.50_Patch_Dr.XJ.exe Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\downloads\Virtual DJ 5.2 Pro With Add-On Pack\Virtual DJ Ultimate Add-on Pack\VirtualDJ.Best.Skins.by.mickyz.rar probably a variant of Win32/Agent.EPPUZWN trojan deleted - quarantined
C:\downloads\Virtual DJ Ultimate Add-on Pack\VirtualDJ.Best.Skins.by.mickyz.rar probably a variant of Win32/Agent.EPPUZWN trojan deleted - quarantined
C:\Program Files\Collage Maker3\collage.maker.3.0-patch.exe Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\Program Files\MixMeister Fusion\Patch.exe Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\Users\R0M\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\691e0a8e-31abba57 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\R0M\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\472bdecf-15f9760f a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\R0M\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-693dad3f probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\R0M\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-578d2990 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\R0M\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5974e79e-4398de1f probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\R0M\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\375e065f-1513abe8 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\R0M\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\43458f85-3995b163 Java/Exploit.CVE-2010-3562.A trojan deleted - quarantined
C:\Users\R0M\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\46bafab4-31b4b24b Java/Exploit.CVE-2009-3867.AH trojan deleted - quarantined
C:\Users\R0M\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\52614f75-228fd7e1 probably a variant of Java/Agent.BR trojan deleted - quarantined

There is no Combofix2.txt

Regards,

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:41 AM

Posted 21 August 2011 - 11:03 AM

Hello,

Looks like we found and got rid of the problem.

[quote]Rootkit.NDisProt/Fake
HKLM\System\CurrentControlSet\Services\NDISPROT
C:\WINDOWS\SYSTEM32\DRIVERS\NDISPROT.SYS
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_NDISPROT
[/quote]

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan. Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:[quote]Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system[/quote]Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.[quote]The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Because your computer was compromised please read:

Edited by fireman4it, 21 August 2011 - 11:04 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 21 August 2011 - 01:37 PM

Wow he has access to all that, no wonder he keeps changing my passwords on e-mail, msn and facebook, so i guess time to format, there is no hope left...

Is my system clean now, can i get rid of the logs, or you need something else?

Thanks for finally putting the nail on the nasty keylogger

Regards,

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:41 AM

Posted 21 August 2011 - 03:56 PM

Hello, Omar Yehia.
Congratulations! You now appear clean! :cool:



Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:41 AM

Posted 23 August 2011 - 05:29 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 23 August 2011 - 08:04 PM

Yes i am here just takes forever to backup my system, unfortunately since the only solution is formatting so be it, looks like the problem is solved, i will inform you if i get hacked again on this new account, so far so good

Thanks for everything you have done

Regards,

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:41 AM

Posted 23 August 2011 - 08:16 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users