Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

www.google.com being redirected to www.searchtargeted.com


  • Please log in to reply
10 replies to this topic

#1 eraye1

eraye1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 19 September 2011 - 12:59 AM

Every time I try to get to www.google.com, I get sent to some website called www.searchtargeted.com instead. My URL still says www.google.com, but the page source is from www.searchtargeted.com instead. I've tried doing a system restore, but nothing changed. This redirect happens to me regardless of browser. I'd really appreciate any help or advice.

Additional details: I'm running windows 7. I've tried MBAM and nothing showed up. Same with Avast!



Thanks,

Ray

Edited by eraye1, 19 September 2011 - 01:39 AM.


BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:47 PM

Posted 19 September 2011 - 07:58 AM

Hi and :welcome: to BC.

Step 1:
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 2:
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Step 3:
Please download Malwarebytes' Anti-Malware (v1.51) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.


Step 4:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:47 PM

Posted 22 September 2011 - 01:46 PM

BUMP

It's been over 48 hrs since I replied. Do you still require assistance?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#4 eraye1

eraye1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 01 October 2011 - 03:47 AM

Hey,

I actually fixed this issue only to have it appear again. Sorry for digging up the zombie thread.

Here are the results I got:


Results of screen317's Security Check version 0.99.19
Windows 7 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````







MiniToolBox by Farbar
Ran by Ray (administrator) on 01-10-2011 at 01:41:14
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection 3" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Ray-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain_not_set.invalid

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6150
Physical Address. . . . . . . . . : 64-D4-DA-51-F2-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 40-25-C2-24-CA-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-24-CA-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : B8-70-F4-C2-BF-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-24-CA-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3184:5283:3d69:c6e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.74(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, October 01, 2011 12:13:43 AM
Lease Expires . . . . . . . . . . : Sunday, October 02, 2011 12:13:42 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239084994
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-AD-62-CE-40-25-C2-24-CA-D8
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.238.64.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{45C8284B-4847-4942-B13B-30CDE501FF61}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4CCFF61A-2F0C-469D-9718-0FF0A9DE7E8D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5D665178-4475-4CF8-BD96-F618B691F433}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain_not_set.invalid:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:30b5:11fa:b85f:cd79(Preferred)
Link-local IPv6 Address . . . . . : fe80::30b5:11fa:b85f:cd79%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{B5F7D3E1-7988-470C-85D6-CFAC87E7372D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dslmodem.domain
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.224.52
74.125.224.51
74.125.224.49
74.125.224.48
74.125.224.50


Pinging google.com [74.125.224.52] with 32 bytes of data:
Reply from 74.125.224.52: bytes=32 time=46ms TTL=56
Reply from 74.125.224.52: bytes=32 time=45ms TTL=56

Ping statistics for 74.125.224.52:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 45ms, Maximum = 46ms, Average = 45ms
Server: dslmodem.domain
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=58ms TTL=56
Reply from 98.137.149.56: bytes=32 time=44ms TTL=56

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 58ms, Average = 51ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
===========================================================================
Interface List
15...64 d4 da 51 f2 57 ......Intel® Centrino® WiMAX 6150
14...40 25 c2 24 ca d9 ......Microsoft Virtual WiFi Miniport Adapter #2
13...40 25 c2 24 ca d9 ......Microsoft Virtual WiFi Miniport Adapter
12...b8 70 f4 c2 bf d9 ......Realtek PCIe FE Family Controller
11...40 25 c2 24 ca d8 ......Intel® Centrino® Wireless-N 6150
1...........................Software Loopback Interface 1
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
26...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.74 40
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.74 296
192.168.1.74 255.255.255.255 On-link 192.168.1.74 296
192.168.1.255 255.255.255.255 On-link 192.168.1.74 296
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.74 296
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.74 296
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:30b5:11fa:b85f:cd79/128
On-link
11 296 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::30b5:11fa:b85f:cd79/128
On-link
11 296 fe80::3184:5283:3d69:c6e/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
11 296 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/30/2011 04:49:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2011 07:31:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2011 09:55:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2011 08:44:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2011 09:59:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2011 05:25:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2011 00:53:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2011 00:49:54 AM) (Source: Application Hang) (User: )
Description: The program vpngui.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1348

Start Time: 01cc7c7fa599a717

Termination Time: 15

Application Path: C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe

Report Id: c399a3bf-e8d8-11e0-8b70-c7fb42bdde5c

Error: (09/26/2011 00:06:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2011 04:58:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/01/2011 00:13:48 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 00:13:43 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 00:13:40 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/30/2011 10:11:19 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/30/2011 10:11:14 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/30/2011 10:11:13 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/30/2011 04:49:56 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/30/2011 04:49:55 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/30/2011 04:49:54 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (09/30/2011 04:49:54 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================


2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Reader X MUI (Version: 10.0.0)
Best Buy pc app (Version: 3.2.0.0)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
Corel WinDVD (Version: 10.0.5.822)
D3DX10 (Version: 15.4.2368.0902)
Heroes of Newerth (Version: 1.0.16)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2353)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Intel® Wireless Display
Intel® Wireless Display (Version: 2.0.29.0)
Intel® PROSet/Wireless WiMAX Software (Version: 6.02.1000)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
JMicron Flash Media Controller Driver (Version: 1.0.57.2)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MATLAB R2008b (Version: 7.7)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6416.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6416.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6416.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6416.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Notepad++ (Version: 5.9.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
PowerISO (Version: 4.8)
Realtek Ethernet Controller Driver (Version: 7.38.113.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6305)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Security Task Manager 1.8d (Version: 1.8d)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 4.02.02)
Toshiba Book Place (Version: 2.2.6775)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.7 for x64)
TOSHIBA eco Utility (Version: 1.2.24.64)
TOSHIBA Face Recognition (Version: 3.1.9.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.12C)
TOSHIBA Hardware Setup (Version: 1.63.1.34C)
TOSHIBA HDD Protection (Version: 2.2.1.12)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.8)
TOSHIBA Media Controller (Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (Version: 1.0.6.1)
TOSHIBA PC Health Monitor (Version: 1.7.5.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.0)
TOSHIBA Service Station (Version: 2.1.52)
TOSHIBA Sleep Utility (Version: 1.4.2.7)
TOSHIBA Supervisor Password (Version: 1.63.51.2C)
TOSHIBA Value Added Package (Version: 1.5.4.64)
TOSHIBA VIDEO PLAYER (Version: 4.00.6.08-A)
TOSHIBA Web Camera Application (Version: 2.0.0.19)
TOSHIBA Wireless Display Monitor (Version: 1.0.1)
TOSHIBA Wireless LAN Indicator (Version: 1.0.3)
ToshibaRegistration (Version: 1.0.4)
Utility Common Driver (Version: 1.0.52.2C)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinSCP 4.3.4 (Version: 4.3.4)

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 6050.69 MB
Available physical RAM: 3647.52 MB
Total Pagefile: 12099.57 MB
Available Pagefile: 9734.17 MB
Total Virtual: 4095.88 MB
Available Virtual: 3984.05 MB

========================= Partitions: =====================================

1 Drive c: (TI106151W0F) (Fixed) (Total:580.59 GB) (Free:526.43 GB) NTFS

========================= Users: ========================================

User accounts for \\RAY-PC

Administrator Guest Ray


**** End of log ****





Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7827

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/1/2011 1:44:46 AM
mbam-log-2011-10-01 (01-44-46).txt

Scan type: Quick scan
Objects scanned: 179138
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:47 PM

Posted 01 October 2011 - 10:53 AM

Hi eraye1,

Welcome back.

How did you manage to fix this issue previously?

Is the redirect with IE or Firefox?

I do not see an Anti Virus Program running on your machine.
  • Please download and install an antivirus program, and make sure that you keep it updated.
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are avast! Free Antivirus and Avira AntiVir Personal - Free Antivirus.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Please run a scan with your chosen anti virus program and tell me anything it finds.


Your "hosts" file has been hijacked.
Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.


Please run MiniToolBox again and post the log in your next reply.



We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Report tab.
  • Click the Scan button.
  • Check all seven boxes: Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, a logfile will open Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


Please post Results.txt from MiniToolBox, RootRepeal.txt from RootRepeal and the GMER login your next reply.

How is your machine behaving now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#6 eraye1

eraye1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 01 October 2011 - 11:24 AM

I'm not sure how I managed to fix this issue previously. I do know that I had my Malwarebytes antimalware installed and it kept blocking bitcomet.exe, which was trying to access the internet through a variety of ports. However, I think the trial version is over and it no longer blocked it. I've uninstalled bitcomet as is.

This redirect is with all browsers. IE, Chrome, etc.

Rootkit repeal says it cannot open because I'm running on a 64-bit OS. Is ther a 64-bit version of this?

I ran the fixit and I still get the redirect problem.

My gmer log did not detect anything and is completely empty. I also ran MBAM and it did not detect anything either.


MiniToolBox by Farbar
Ran by Ray (administrator) on 01-10-2011 at 09:18:44
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection 3" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Ray-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain_not_set.invalid

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6150
Physical Address. . . . . . . . . : 64-D4-DA-51-F2-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 40-25-C2-24-CA-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-24-CA-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : B8-70-F4-C2-BF-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-24-CA-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3184:5283:3d69:c6e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.74(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, October 01, 2011 9:12:20 AM
Lease Expires . . . . . . . . . . : Sunday, October 02, 2011 9:12:19 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239084994
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-AD-62-CE-40-25-C2-24-CA-D8
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.238.64.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{B5F7D3E1-7988-470C-85D6-CFAC87E7372D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4CCFF61A-2F0C-469D-9718-0FF0A9DE7E8D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain_not_set.invalid:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5D665178-4475-4CF8-BD96-F618B691F433}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{45C8284B-4847-4942-B13B-30CDE501FF61}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:30b5:11fa:b85f:cd79(Preferred)
Link-local IPv6 Address . . . . . : fe80::30b5:11fa:b85f:cd79%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dslmodem.domain
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.224.112
74.125.224.113
74.125.224.116
74.125.224.114
74.125.224.115


Pinging google.com [74.125.224.48] with 32 bytes of data:
Reply from 74.125.224.48: bytes=32 time=446ms TTL=56
Reply from 74.125.224.48: bytes=32 time=431ms TTL=56

Ping statistics for 74.125.224.48:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 431ms, Maximum = 446ms, Average = 438ms
Server: dslmodem.domain
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43
98.137.149.56


Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=523ms TTL=49
Reply from 98.139.180.149: bytes=32 time=528ms TTL=48

Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 523ms, Maximum = 528ms, Average = 525ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 2ms, Average = 2ms
===========================================================================
Interface List
15...64 d4 da 51 f2 57 ......Intel® Centrino® WiMAX 6150
14...40 25 c2 24 ca d9 ......Microsoft Virtual WiFi Miniport Adapter #2
13...40 25 c2 24 ca d9 ......Microsoft Virtual WiFi Miniport Adapter
12...b8 70 f4 c2 bf d9 ......Realtek PCIe FE Family Controller
11...40 25 c2 24 ca d8 ......Intel® Centrino® Wireless-N 6150
1...........................Software Loopback Interface 1
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
26...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
46...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
48...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.74 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.74 286
192.168.1.74 255.255.255.255 On-link 192.168.1.74 286
192.168.1.255 255.255.255.255 On-link 192.168.1.74 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.74 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.74 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:30b5:11fa:b85f:cd79/128
On-link
11 286 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::30b5:11fa:b85f:cd79/128
On-link
11 286 fe80::3184:5283:3d69:c6e/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/01/2011 09:12:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2011 04:49:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2011 07:31:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2011 09:55:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2011 08:44:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2011 09:59:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2011 05:25:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2011 00:53:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2011 00:49:54 AM) (Source: Application Hang) (User: )
Description: The program vpngui.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1348

Start Time: 01cc7c7fa599a717

Termination Time: 15

Application Path: C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe

Report Id: c399a3bf-e8d8-11e0-8b70-c7fb42bdde5c

Error: (09/26/2011 00:06:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/01/2011 09:13:22 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 09:13:14 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 09:12:24 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 09:12:24 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 09:12:23 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 09:12:22 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 09:12:20 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 09:12:19 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 09:12:15 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/01/2011 09:11:19 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================


2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Reader X MUI (Version: 10.0.0)
Best Buy pc app (Version: 3.2.0.0)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
Corel WinDVD (Version: 10.0.5.822)
D3DX10 (Version: 15.4.2368.0902)
Heroes of Newerth (Version: 1.0.16)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2353)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Intel® Wireless Display
Intel® Wireless Display (Version: 2.0.29.0)
Intel® PROSet/Wireless WiMAX Software (Version: 6.02.1000)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
JMicron Flash Media Controller Driver (Version: 1.0.57.2)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MATLAB R2008b (Version: 7.7)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6416.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6416.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6416.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6416.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6416.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Notepad++ (Version: 5.9.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
PowerISO (Version: 4.8)
Realtek Ethernet Controller Driver (Version: 7.38.113.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6305)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Security Task Manager 1.8d (Version: 1.8d)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 4.02.02)
Toshiba Book Place (Version: 2.2.6775)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.7 for x64)
TOSHIBA eco Utility (Version: 1.2.24.64)
TOSHIBA Face Recognition (Version: 3.1.9.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.12C)
TOSHIBA Hardware Setup (Version: 1.63.1.34C)
TOSHIBA HDD Protection (Version: 2.2.1.12)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.8)
TOSHIBA Media Controller (Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (Version: 1.0.6.1)
TOSHIBA PC Health Monitor (Version: 1.7.5.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.0)
TOSHIBA Service Station (Version: 2.1.52)
TOSHIBA Sleep Utility (Version: 1.4.2.7)
TOSHIBA Supervisor Password (Version: 1.63.51.2C)
TOSHIBA Value Added Package (Version: 1.5.4.64)
TOSHIBA VIDEO PLAYER (Version: 4.00.6.08-A)
TOSHIBA Web Camera Application (Version: 2.0.0.19)
TOSHIBA Wireless Display Monitor (Version: 1.0.1)
TOSHIBA Wireless LAN Indicator (Version: 1.0.3)
ToshibaRegistration (Version: 1.0.4)
Utility Common Driver (Version: 1.0.52.2C)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinSCP 4.3.4 (Version: 4.3.4)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 6050.69 MB
Available physical RAM: 4256.82 MB
Total Pagefile: 12099.57 MB
Available Pagefile: 10187.69 MB
Total Virtual: 4095.88 MB
Available Virtual: 3992.55 MB

========================= Partitions: =====================================

1 Drive c: (TI106151W0F) (Fixed) (Total:580.59 GB) (Free:526.09 GB) NTFS
3 Drive e: () (Removable) (Total:3.69 GB) (Free:2.27 GB) FAT32

========================= Users: ========================================

User accounts for \\RAY-PC

Administrator Guest Ray


**** End of log ****

#7 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:47 PM

Posted 01 October 2011 - 01:05 PM

Hello eraye1,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

In your next reply, please copy/paste the contents of the following:
  • SuperAntiSpyware Scan Log
  • TDSSKiller Log


How is your machine running now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#8 eraye1

eraye1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 01 October 2011 - 04:19 PM

I've included the two logs. My computer now starts up much slower, and the problem is unfortunately still present, even after I removed the 321 detected items.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/01/2011 at 11:32 AM

Application Version : 5.0.1128

Core Rules Database Version : 7745
Trace Rules Database Version: 5557

Scan type : Quick Scan
Total Scan Time : 00:06:10

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 695
Memory threats detected : 0
Registry items scanned : 60038
Registry threats detected : 0
File items scanned : 11178
File threats detected : 321

Adware.Tracking Cookie
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OB2YL1CN.txt [ Cookie:ray@adserver.adtechus.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ray@solvemedia[2].txt [ Cookie:ray@solvemedia.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FAR7MCON.txt [ Cookie:ray@dmtracker.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ray@synacortoshiba.112.2o7[1].txt [ Cookie:ray@synacortoshiba.112.2o7.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ray@histats[1].txt [ Cookie:ray@histats.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6IINSKY1.txt [ Cookie:ray@adsonar.com/adserving ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\RCLFGVSW.txt [ Cookie:ray@adbrite.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\LGG8Z993.txt [ Cookie:ray@realmedia.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\DVDSGY1H.txt [ Cookie:ray@advertising.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\3S06COB7.txt [ Cookie:ray@apmebf.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\4X97KNNK.txt [ Cookie:ray@usnews.122.2o7.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OBOL9MS2.txt [ Cookie:ray@in.getclicky.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\KXHUXBVZ.txt [ Cookie:ray@allbritton.122.2o7.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ULAPZYM5.txt [ Cookie:ray@atdmt.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZV6K604H.txt [ Cookie:ray@collective-media.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5KCSVS4K.txt [ Cookie:ray@adtech.de/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\CUOZHYWJ.txt [ Cookie:ray@burstnet.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\223V7FJ1.txt [ Cookie:ray@mediabrandsww.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FHUMBBVA.txt [ Cookie:ray@cbsdigitalmedia.112.2o7.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3DO8I78.txt [ Cookie:ray@premiumtv.122.2o7.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YDI0OVO.txt [ Cookie:ray@serving-sys.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZE0CFBM.txt [ Cookie:ray@specificclick.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\THZZ25QB.txt [ Cookie:ray@google.com/accounts/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\2KQVH564.txt [ Cookie:ray@adinterax.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1C0R8DS.txt [ Cookie:ray@ad.yieldmanager.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\F6RIV1V9.txt [ Cookie:ray@mediaplex.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DFL50K7.txt [ Cookie:ray@yieldmanager.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\BDHPD2YW.txt [ Cookie:ray@lucidmedia.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ray@avgtechnologies.112.2o7[1].txt [ Cookie:ray@avgtechnologies.112.2o7.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\QYXK1KMF.txt [ Cookie:ray@media6degrees.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XRPJHE81.txt [ Cookie:ray@clickbank.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ray@r1-ads.ace.advertising[1].txt [ Cookie:ray@r1-ads.ace.advertising.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JNGWZHNB.txt [ Cookie:ray@at.atwola.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\NSG26LGR.txt [ Cookie:ray@rtst.122.2o7.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\DOXE3X3Y.txt [ Cookie:ray@bs.serving-sys.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\G01IBRDK.txt [ Cookie:ray@zedo.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\BU532SQ3.txt [ Cookie:ray@content.yieldmanager.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\OAQQGKBX.txt [ Cookie:ray@overture.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JKTJW8FY.txt [ Cookie:ray@ads.pointroll.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\07H5LI4V.txt [ Cookie:ray@netspiderads2.indiatimes.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ARHIRFB4.txt [ Cookie:ray@pro-market.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ray@imrworldwide[2].txt [ Cookie:ray@imrworldwide.com/cgi-bin ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GR45B287.txt [ Cookie:ray@www.burstnet.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\O9JAF66Q.txt [ Cookie:ray@hornymatches.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\TBBAVIEE.txt [ Cookie:ray@statcounter.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ray@kontera[1].txt [ Cookie:ray@kontera.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\V95RT440.txt [ Cookie:ray@interclick.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZX72TLX.txt [ Cookie:ray@googleads.g.doubleclick.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\LK6DN82T.txt [ Cookie:ray@adxpose.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZM8JTIE2.txt [ Cookie:ray@ru4.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9KAYTM8O.txt [ Cookie:ray@tacoda.at.atwola.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\8AC1W2YQ.txt [ Cookie:ray@idgenterprise.112.2o7.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FCEZ188H.txt [ Cookie:ray@questionmarket.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\WOMBBX22.txt [ Cookie:ray@fastclick.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZEB5AKT.txt [ Cookie:ray@atwola.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\IG09R1E6.txt [ Cookie:ray@indieclick.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GPMQDRUC.txt [ Cookie:ray@2o7.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\X912DO33.txt [ Cookie:ray@citi.bridgetrack.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GOGC6IHN.txt [ Cookie:ray@timesofindia.indiatimes.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\4X6S31SR.txt [ Cookie:ray@themis-media.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\G5IBLKYD.txt [ Cookie:ray@247realmedia.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\RGCUICW0.txt [ Cookie:ray@www.clicker.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\6JM7QG3Z.txt [ Cookie:ray@ar.atwola.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PYW51R6F.txt [ Cookie:ray@adverts.timesofmalta.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JSKDY83N.txt [ Cookie:ray@bonniercorp.122.2o7.net/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\VWSDF8ZT.txt [ Cookie:ray@lfstmedia.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\67IYO1CK.txt [ Cookie:ray@insightexpressai.com/ ]
C:\USERS\RAY\AppData\Roaming\Microsoft\Windows\Cookies\Low\839PELBR.txt [ Cookie:ray@www.cnn.com/2011/09/24/world/asia/china-sex-dungeon/index.html ]
ad.yieldmanager.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.questionhub.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.questionhub.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.questionhub.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.questionhub.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.questionhub.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.anrtx.tacoda.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.target.122.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.uclavignette.122.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.usatoday1.112.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.gartnerinsight.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gartnerinsight.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gartnerinsight.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gartnerinsight.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediabrandsww.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.scrabblefinder.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.scrabblefinder.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.scrabblefinder.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.roadandtrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.roadandtrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.roadandtrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.roadandtrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.roadandtrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.roadandtrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.roadandtrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.roadandtrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mathworks.112.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftwindows.112.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chicagosuntimes.122.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.usnews.122.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findtheword.info [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findtheword.info [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findtheword.info [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.studentmedia.ucla.edu [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RAY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]



11:18:48.0860 5196 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
11:18:49.0541 5196 ============================================================
11:18:49.0541 5196 Current date / time: 2011/10/01 11:18:49.0541
11:18:49.0541 5196 SystemInfo:
11:18:49.0541 5196
11:18:49.0541 5196 OS Version: 6.1.7601 ServicePack: 1.0
11:18:49.0541 5196 Product type: Workstation
11:18:49.0541 5196 ComputerName: RAY-PC
11:18:49.0541 5196 UserName: Ray
11:18:49.0541 5196 Windows directory: C:\windows
11:18:49.0541 5196 System windows directory: C:\windows
11:18:49.0541 5196 Running under WOW64
11:18:49.0541 5196 Processor architecture: Intel x64
11:18:49.0541 5196 Number of processors: 4
11:18:49.0541 5196 Page size: 0x1000
11:18:49.0541 5196 Boot type: Normal boot
11:18:49.0541 5196 ============================================================
11:18:50.0555 5196 Initialize success
11:18:51.0894 6792 ============================================================
11:18:51.0894 6792 Scan started
11:18:51.0894 6792 Mode: Manual;
11:18:51.0894 6792 ============================================================
11:18:52.0601 6792 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
11:18:52.0617 6792 1394ohci - ok
11:18:52.0741 6792 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
11:18:52.0741 6792 ACPI - ok
11:18:52.0855 6792 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
11:18:52.0858 6792 AcpiPmi - ok
11:18:53.0012 6792 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
11:18:53.0023 6792 adp94xx - ok
11:18:53.0154 6792 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
11:18:53.0163 6792 adpahci - ok
11:18:53.0297 6792 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
11:18:53.0302 6792 adpu320 - ok
11:18:53.0458 6792 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
11:18:53.0469 6792 AFD - ok
11:18:53.0558 6792 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
11:18:53.0562 6792 agp440 - ok
11:18:53.0699 6792 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
11:18:53.0701 6792 aliide - ok
11:18:53.0808 6792 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
11:18:53.0810 6792 amdide - ok
11:18:53.0921 6792 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
11:18:53.0921 6792 AmdK8 - ok
11:18:54.0046 6792 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
11:18:54.0046 6792 AmdPPM - ok
11:18:54.0155 6792 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
11:18:54.0170 6792 amdsata - ok
11:18:54.0280 6792 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
11:18:54.0295 6792 amdsbs - ok
11:18:54.0410 6792 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
11:18:54.0411 6792 amdxata - ok
11:18:54.0522 6792 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
11:18:54.0526 6792 AppID - ok
11:18:54.0650 6792 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
11:18:54.0653 6792 arc - ok
11:18:54.0767 6792 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
11:18:54.0771 6792 arcsas - ok
11:18:54.0900 6792 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\windows\system32\drivers\aswFsBlk.sys
11:18:54.0902 6792 aswFsBlk - ok
11:18:55.0056 6792 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\windows\system32\drivers\aswMonFlt.sys
11:18:55.0057 6792 aswMonFlt - ok
11:18:55.0169 6792 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\windows\system32\drivers\aswRdr.sys
11:18:55.0171 6792 aswRdr - ok
11:18:55.0249 6792 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\windows\system32\drivers\aswSnx.sys
11:18:55.0256 6792 aswSnx - ok
11:18:55.0396 6792 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\windows\system32\drivers\aswSP.sys
11:18:55.0396 6792 aswSP - ok
11:18:55.0428 6792 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\windows\system32\drivers\aswTdi.sys
11:18:55.0428 6792 aswTdi - ok
11:18:55.0552 6792 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
11:18:55.0552 6792 AsyncMac - ok
11:18:55.0662 6792 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
11:18:55.0662 6792 atapi - ok
11:18:55.0833 6792 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
11:18:55.0849 6792 b06bdrv - ok
11:18:55.0955 6792 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
11:18:55.0963 6792 b57nd60a - ok
11:18:56.0077 6792 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
11:18:56.0079 6792 Beep - ok
11:18:56.0203 6792 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
11:18:56.0217 6792 blbdrive - ok
11:18:56.0326 6792 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
11:18:56.0330 6792 bowser - ok
11:18:56.0451 6792 bpenum (3dcb409bcbd02ab0675682f8e42a410f) C:\windows\system32\DRIVERS\bpenum.sys
11:18:56.0454 6792 bpenum - ok
11:18:56.0586 6792 bpmp (6c66eef6669b14df4f426990a1ca5112) C:\windows\system32\DRIVERS\bpmp.sys
11:18:56.0592 6792 bpmp - ok
11:18:56.0717 6792 bpusb (2ee68405bbade51cbe1c973ff3a1a400) C:\windows\system32\Drivers\bpusb.sys
11:18:56.0721 6792 bpusb - ok
11:18:56.0827 6792 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
11:18:56.0830 6792 BrFiltLo - ok
11:18:56.0851 6792 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
11:18:56.0854 6792 BrFiltUp - ok
11:18:56.0982 6792 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
11:18:56.0982 6792 Brserid - ok
11:18:57.0107 6792 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
11:18:57.0107 6792 BrSerWdm - ok
11:18:57.0216 6792 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
11:18:57.0216 6792 BrUsbMdm - ok
11:18:57.0341 6792 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
11:18:57.0341 6792 BrUsbSer - ok
11:18:57.0372 6792 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
11:18:57.0372 6792 BTHMODEM - ok
11:18:57.0514 6792 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
11:18:57.0517 6792 cdfs - ok
11:18:57.0652 6792 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
11:18:57.0657 6792 cdrom - ok
11:18:57.0776 6792 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
11:18:57.0778 6792 CeKbFilter - ok
11:18:57.0885 6792 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
11:18:57.0888 6792 circlass - ok
11:18:57.0992 6792 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
11:18:58.0002 6792 CLFS - ok
11:18:58.0130 6792 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
11:18:58.0132 6792 CmBatt - ok
11:18:58.0159 6792 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
11:18:58.0161 6792 cmdide - ok
11:18:58.0288 6792 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
11:18:58.0298 6792 CNG - ok
11:18:58.0404 6792 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
11:18:58.0406 6792 Compbatt - ok
11:18:58.0505 6792 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
11:18:58.0505 6792 CompositeBus - ok
11:18:58.0614 6792 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
11:18:58.0614 6792 crcdisk - ok
11:18:58.0754 6792 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\windows\system32\DRIVERS\CVirtA64.sys
11:18:58.0754 6792 CVirtA - ok
11:18:58.0910 6792 CVPNDRVA (79af0e203d089af442a3f70ed00a37fb) C:\windows\system32\Drivers\CVPNDRVA.sys
11:18:58.0910 6792 CVPNDRVA - ok
11:18:59.0052 6792 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
11:18:59.0056 6792 DfsC - ok
11:18:59.0074 6792 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
11:18:59.0075 6792 discache - ok
11:18:59.0170 6792 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
11:18:59.0173 6792 Disk - ok
11:18:59.0286 6792 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\windows\system32\DRIVERS\dne64x.sys
11:18:59.0290 6792 DNE - ok
11:18:59.0337 6792 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
11:18:59.0339 6792 drmkaud - ok
11:18:59.0424 6792 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
11:18:59.0436 6792 DXGKrnl - ok
11:18:59.0546 6792 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
11:18:59.0655 6792 ebdrv - ok
11:18:59.0768 6792 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
11:18:59.0777 6792 elxstor - ok
11:18:59.0792 6792 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
11:18:59.0794 6792 ErrDev - ok
11:18:59.0905 6792 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
11:18:59.0911 6792 exfat - ok
11:18:59.0939 6792 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
11:18:59.0945 6792 fastfat - ok
11:19:00.0043 6792 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
11:19:00.0043 6792 fdc - ok
11:19:00.0105 6792 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
11:19:00.0121 6792 FileInfo - ok
11:19:00.0168 6792 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
11:19:00.0168 6792 Filetrace - ok
11:19:00.0230 6792 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
11:19:00.0230 6792 flpydisk - ok
11:19:00.0261 6792 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
11:19:00.0261 6792 FltMgr - ok
11:19:00.0339 6792 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
11:19:00.0339 6792 FsDepends - ok
11:19:00.0386 6792 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
11:19:00.0386 6792 Fs_Rec - ok
11:19:00.0448 6792 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
11:19:00.0448 6792 fvevol - ok
11:19:00.0511 6792 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
11:19:00.0511 6792 gagp30kx - ok
11:19:00.0609 6792 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
11:19:00.0612 6792 hcw85cir - ok
11:19:00.0723 6792 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
11:19:00.0732 6792 HdAudAddService - ok
11:19:00.0791 6792 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
11:19:00.0794 6792 HDAudBus - ok
11:19:00.0856 6792 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
11:19:00.0858 6792 HidBatt - ok
11:19:00.0906 6792 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
11:19:00.0910 6792 HidBth - ok
11:19:00.0975 6792 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
11:19:00.0979 6792 HidIr - ok
11:19:01.0029 6792 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
11:19:01.0032 6792 HidUsb - ok
11:19:01.0112 6792 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
11:19:01.0114 6792 HpSAMD - ok
11:19:01.0192 6792 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
11:19:01.0204 6792 HTTP - ok
11:19:01.0274 6792 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
11:19:01.0275 6792 hwpolicy - ok
11:19:01.0336 6792 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
11:19:01.0340 6792 i8042prt - ok
11:19:01.0386 6792 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
11:19:01.0392 6792 iaStor - ok
11:19:01.0469 6792 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
11:19:01.0479 6792 iaStorV - ok
11:19:01.0815 6792 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
11:19:02.0064 6792 igfx - ok
11:19:02.0142 6792 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
11:19:02.0142 6792 iirsp - ok
11:19:02.0288 6792 IntcAzAudAddService (ac9aafd18e4d52084c4aa8a38795b7e4) C:\windows\system32\drivers\RTKVHD64.sys
11:19:02.0307 6792 IntcAzAudAddService - ok
11:19:02.0425 6792 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
11:19:02.0432 6792 IntcDAud - ok
11:19:02.0466 6792 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
11:19:02.0469 6792 intelide - ok
11:19:02.0537 6792 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
11:19:02.0539 6792 intelppm - ok
11:19:02.0587 6792 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:19:02.0591 6792 IpFilterDriver - ok
11:19:02.0694 6792 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
11:19:02.0698 6792 IPMIDRV - ok
11:19:02.0716 6792 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
11:19:02.0720 6792 IPNAT - ok
11:19:02.0814 6792 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
11:19:02.0817 6792 IRENUM - ok
11:19:02.0854 6792 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
11:19:02.0857 6792 isapnp - ok
11:19:02.0938 6792 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
11:19:02.0946 6792 iScsiPrt - ok
11:19:03.0003 6792 JMCR (0b44199365a69696109ab9a5855e0841) C:\windows\system32\DRIVERS\jmcr.sys
11:19:03.0006 6792 JMCR - ok
11:19:03.0093 6792 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
11:19:03.0097 6792 kbdclass - ok
11:19:03.0166 6792 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
11:19:03.0166 6792 kbdhid - ok
11:19:03.0275 6792 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
11:19:03.0275 6792 KSecDD - ok
11:19:03.0368 6792 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
11:19:03.0384 6792 KSecPkg - ok
11:19:03.0400 6792 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
11:19:03.0400 6792 ksthunk - ok
11:19:03.0524 6792 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
11:19:03.0524 6792 lltdio - ok
11:19:03.0665 6792 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
11:19:03.0665 6792 LPCFilter - ok
11:19:03.0732 6792 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
11:19:03.0736 6792 LSI_FC - ok
11:19:03.0805 6792 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
11:19:03.0809 6792 LSI_SAS - ok
11:19:03.0857 6792 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
11:19:03.0861 6792 LSI_SAS2 - ok
11:19:03.0945 6792 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
11:19:03.0949 6792 LSI_SCSI - ok
11:19:03.0991 6792 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
11:19:03.0995 6792 luafv - ok
11:19:04.0110 6792 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\windows\system32\drivers\mbam.sys
11:19:04.0113 6792 MBAMProtector - ok
11:19:04.0156 6792 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
11:19:04.0160 6792 megasas - ok
11:19:04.0272 6792 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
11:19:04.0280 6792 MegaSR - ok
11:19:04.0378 6792 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
11:19:04.0380 6792 MEIx64 - ok
11:19:04.0445 6792 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
11:19:04.0448 6792 Modem - ok
11:19:04.0502 6792 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
11:19:04.0504 6792 monitor - ok
11:19:04.0554 6792 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
11:19:04.0556 6792 mouclass - ok
11:19:04.0608 6792 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
11:19:04.0622 6792 mouhid - ok
11:19:04.0704 6792 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
11:19:04.0719 6792 mountmgr - ok
11:19:04.0735 6792 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
11:19:04.0751 6792 mpio - ok
11:19:04.0829 6792 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
11:19:04.0829 6792 mpsdrv - ok
11:19:04.0860 6792 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
11:19:04.0875 6792 MRxDAV - ok
11:19:04.0953 6792 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
11:19:04.0953 6792 mrxsmb - ok
11:19:04.0985 6792 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:19:04.0985 6792 mrxsmb10 - ok
11:19:05.0000 6792 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:19:05.0000 6792 mrxsmb20 - ok
11:19:05.0078 6792 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
11:19:05.0078 6792 msahci - ok
11:19:05.0109 6792 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
11:19:05.0125 6792 msdsm - ok
11:19:05.0234 6792 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
11:19:05.0234 6792 Msfs - ok
11:19:05.0288 6792 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
11:19:05.0291 6792 mshidkmdf - ok
11:19:05.0302 6792 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
11:19:05.0304 6792 msisadrv - ok
11:19:05.0366 6792 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
11:19:05.0369 6792 MSKSSRV - ok
11:19:05.0433 6792 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
11:19:05.0435 6792 MSPCLOCK - ok
11:19:05.0475 6792 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
11:19:05.0477 6792 MSPQM - ok
11:19:05.0512 6792 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
11:19:05.0519 6792 MsRPC - ok
11:19:05.0564 6792 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
11:19:05.0566 6792 mssmbios - ok
11:19:05.0625 6792 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
11:19:05.0627 6792 MSTEE - ok
11:19:05.0650 6792 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
11:19:05.0652 6792 MTConfig - ok
11:19:05.0710 6792 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
11:19:05.0712 6792 Mup - ok
11:19:05.0823 6792 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
11:19:05.0832 6792 NativeWifiP - ok
11:19:05.0888 6792 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
11:19:05.0905 6792 NDIS - ok
11:19:06.0013 6792 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
11:19:06.0016 6792 NdisCap - ok
11:19:06.0056 6792 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
11:19:06.0059 6792 NdisTapi - ok
11:19:06.0120 6792 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
11:19:06.0123 6792 Ndisuio - ok
11:19:06.0137 6792 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
11:19:06.0144 6792 NdisWan - ok
11:19:06.0161 6792 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
11:19:06.0163 6792 NDProxy - ok
11:19:06.0182 6792 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
11:19:06.0183 6792 NetBIOS - ok
11:19:06.0211 6792 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
11:19:06.0215 6792 NetBT - ok
11:19:06.0538 6792 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\windows\system32\DRIVERS\NETwNs64.sys
11:19:06.0725 6792 NETwNs64 - ok
11:19:06.0803 6792 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
11:19:06.0803 6792 nfrd960 - ok
11:19:06.0848 6792 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
11:19:06.0850 6792 Npfs - ok
11:19:06.0911 6792 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
11:19:06.0914 6792 nsiproxy - ok
11:19:06.0998 6792 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
11:19:07.0024 6792 Ntfs - ok
11:19:07.0102 6792 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
11:19:07.0105 6792 Null - ok
11:19:07.0146 6792 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
11:19:07.0149 6792 nusb3hub - ok
11:19:07.0218 6792 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
11:19:07.0224 6792 nusb3xhc - ok
11:19:07.0264 6792 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
11:19:07.0267 6792 nvraid - ok
11:19:07.0319 6792 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
11:19:07.0323 6792 nvstor - ok
11:19:07.0419 6792 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
11:19:07.0424 6792 nv_agp - ok
11:19:07.0460 6792 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
11:19:07.0463 6792 ohci1394 - ok
11:19:07.0570 6792 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
11:19:07.0574 6792 Parport - ok
11:19:07.0601 6792 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
11:19:07.0604 6792 partmgr - ok
11:19:07.0690 6792 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
11:19:07.0695 6792 pci - ok
11:19:07.0710 6792 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
11:19:07.0711 6792 pciide - ok
11:19:07.0738 6792 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
11:19:07.0742 6792 pcmcia - ok
11:19:07.0795 6792 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
11:19:07.0798 6792 pcw - ok
11:19:07.0842 6792 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
11:19:07.0858 6792 PEAUTH - ok
11:19:07.0951 6792 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
11:19:07.0951 6792 PGEffect - ok
11:19:08.0045 6792 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
11:19:08.0045 6792 PptpMiniport - ok
11:19:08.0123 6792 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
11:19:08.0139 6792 Processor - ok
11:19:08.0232 6792 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
11:19:08.0232 6792 Psched - ok
11:19:08.0295 6792 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
11:19:08.0310 6792 ql2300 - ok
11:19:08.0407 6792 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
11:19:08.0412 6792 ql40xx - ok
11:19:08.0442 6792 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
11:19:08.0444 6792 QWAVEdrv - ok
11:19:08.0482 6792 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
11:19:08.0484 6792 RasAcd - ok
11:19:08.0558 6792 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
11:19:08.0560 6792 RasAgileVpn - ok
11:19:08.0610 6792 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
11:19:08.0613 6792 Rasl2tp - ok
11:19:08.0663 6792 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
11:19:08.0665 6792 RasPppoe - ok
11:19:08.0725 6792 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
11:19:08.0727 6792 RasSstp - ok
11:19:08.0780 6792 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
11:19:08.0788 6792 rdbss - ok
11:19:08.0815 6792 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
11:19:08.0817 6792 rdpbus - ok
11:19:08.0867 6792 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
11:19:08.0870 6792 RDPCDD - ok
11:19:08.0943 6792 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
11:19:08.0945 6792 RDPENCDD - ok
11:19:08.0988 6792 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
11:19:08.0990 6792 RDPREFMP - ok
11:19:09.0057 6792 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
11:19:09.0063 6792 RDPWD - ok
11:19:09.0124 6792 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
11:19:09.0144 6792 rdyboost - ok
11:19:09.0245 6792 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
11:19:09.0247 6792 regi - ok
11:19:09.0396 6792 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
11:19:09.0396 6792 rspndr - ok
11:19:09.0443 6792 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
11:19:09.0443 6792 RTL8167 - ok
11:19:09.0536 6792 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
11:19:09.0536 6792 sbp2port - ok
11:19:09.0614 6792 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\windows\system32\drivers\SCDEmu.sys
11:19:09.0614 6792 SCDEmu - ok
11:19:09.0677 6792 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
11:19:09.0692 6792 scfilter - ok
11:19:09.0739 6792 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
11:19:09.0755 6792 sdbus - ok
11:19:09.0833 6792 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
11:19:09.0833 6792 secdrv - ok
11:19:09.0958 6792 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
11:19:09.0961 6792 Serenum - ok
11:19:10.0138 6792 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
11:19:10.0142 6792 Serial - ok
11:19:10.0284 6792 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
11:19:10.0287 6792 sermouse - ok
11:19:10.0490 6792 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
11:19:10.0503 6792 sffdisk - ok
11:19:10.0723 6792 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
11:19:10.0738 6792 sffp_mmc - ok
11:19:10.0900 6792 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
11:19:10.0916 6792 sffp_sd - ok
11:19:11.0152 6792 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
11:19:11.0168 6792 sfloppy - ok
11:19:11.0324 6792 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
11:19:11.0340 6792 SiSRaid2 - ok
11:19:11.0591 6792 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
11:19:11.0596 6792 SiSRaid4 - ok
11:19:11.0756 6792 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
11:19:11.0779 6792 Smb - ok
11:19:11.0985 6792 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
11:19:11.0987 6792 spldr - ok
11:19:12.0073 6792 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
11:19:12.0087 6792 srv - ok
11:19:12.0147 6792 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
11:19:12.0153 6792 srv2 - ok
11:19:12.0248 6792 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
11:19:12.0251 6792 srvnet - ok
11:19:12.0343 6792 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
11:19:12.0347 6792 stexstor - ok
11:19:12.0458 6792 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
11:19:12.0460 6792 swenum - ok
11:19:12.0599 6792 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
11:19:12.0614 6792 SynTP - ok
11:19:12.0770 6792 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\drivers\tcpip.sys
11:19:12.0786 6792 Tcpip - ok
11:19:12.0926 6792 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\DRIVERS\tcpip.sys
11:19:12.0942 6792 TCPIP6 - ok
11:19:13.0041 6792 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
11:19:13.0044 6792 tcpipreg - ok
11:19:13.0096 6792 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
11:19:13.0099 6792 tdcmdpst - ok
11:19:13.0209 6792 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
11:19:13.0212 6792 TDPIPE - ok
11:19:13.0268 6792 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
11:19:13.0271 6792 TDTCP - ok
11:19:13.0343 6792 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
11:19:13.0348 6792 tdx - ok
11:19:13.0368 6792 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
11:19:13.0370 6792 TermDD - ok
11:19:13.0490 6792 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
11:19:13.0492 6792 Thpdrv - ok
11:19:13.0548 6792 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
11:19:13.0549 6792 Thpevm - ok
11:19:13.0646 6792 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
11:19:13.0674 6792 tos_sps64 - ok
11:19:13.0778 6792 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
11:19:13.0782 6792 tssecsrv - ok
11:19:13.0815 6792 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
11:19:13.0818 6792 TsUsbFlt - ok
11:19:13.0835 6792 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
11:19:13.0837 6792 TsUsbGD - ok
11:19:13.0924 6792 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
11:19:13.0928 6792 tunnel - ok
11:19:13.0978 6792 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
11:19:13.0979 6792 TVALZ - ok
11:19:14.0045 6792 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
11:19:14.0045 6792 TVALZFL - ok
11:19:14.0076 6792 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
11:19:14.0076 6792 uagp35 - ok
11:19:14.0108 6792 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
11:19:14.0123 6792 udfs - ok
11:19:14.0217 6792 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
11:19:14.0217 6792 uliagpkx - ok
11:19:14.0264 6792 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
11:19:14.0264 6792 umbus - ok
11:19:14.0373 6792 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
11:19:14.0373 6792 UmPass - ok
11:19:14.0451 6792 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
11:19:14.0451 6792 usbccgp - ok
11:19:14.0529 6792 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
11:19:14.0529 6792 usbcir - ok
11:19:14.0576 6792 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
11:19:14.0576 6792 usbehci - ok
11:19:14.0662 6792 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
11:19:14.0671 6792 usbhub - ok
11:19:14.0719 6792 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
11:19:14.0722 6792 usbohci - ok
11:19:14.0794 6792 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
11:19:14.0798 6792 usbprint - ok
11:19:14.0872 6792 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:19:14.0875 6792 USBSTOR - ok
11:19:14.0931 6792 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
11:19:14.0934 6792 usbuhci - ok
11:19:15.0016 6792 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
11:19:15.0022 6792 usbvideo - ok
11:19:15.0146 6792 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
11:19:15.0149 6792 vdrvroot - ok
11:19:15.0258 6792 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
11:19:15.0261 6792 vga - ok
11:19:15.0313 6792 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
11:19:15.0316 6792 VgaSave - ok
11:19:15.0407 6792 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
11:19:15.0413 6792 vhdmp - ok
11:19:15.0471 6792 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
11:19:15.0475 6792 viaide - ok
11:19:15.0505 6792 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
11:19:15.0508 6792 volmgr - ok
11:19:15.0708 6792 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
11:19:15.0724 6792 volmgrx - ok
11:19:15.0833 6792 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
11:19:15.0849 6792 volsnap - ok
11:19:15.0864 6792 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
11:19:15.0864 6792 vsmraid - ok
11:19:15.0895 6792 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
11:19:15.0895 6792 vwifibus - ok
11:19:16.0067 6792 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
11:19:16.0083 6792 vwififlt - ok
11:19:16.0216 6792 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
11:19:16.0218 6792 vwifimp - ok
11:19:16.0404 6792 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
11:19:16.0422 6792 WacomPen - ok
11:19:16.0573 6792 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:19:16.0588 6792 WANARP - ok
11:19:16.0631 6792 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:19:16.0634 6792 Wanarpv6 - ok
11:19:16.0770 6792 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
11:19:16.0787 6792 Wd - ok
11:19:16.0880 6792 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
11:19:16.0912 6792 Wdf01000 - ok
11:19:17.0121 6792 wdkmd (5e1640435dd54d00451156ca5340b109) C:\windows\system32\DRIVERS\WDKMD.sys
11:19:17.0137 6792 wdkmd - ok
11:19:17.0309 6792 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
11:19:17.0324 6792 WfpLwf - ok
11:19:17.0605 6792 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
11:19:17.0636 6792 WIMMount - ok
11:19:17.0873 6792 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
11:19:17.0895 6792 WinUsb - ok
11:19:18.0114 6792 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
11:19:18.0133 6792 WmiAcpi - ok
11:19:18.0273 6792 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
11:19:18.0289 6792 ws2ifsl - ok
11:19:18.0509 6792 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
11:19:18.0524 6792 WudfPf - ok
11:19:18.0642 6792 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
11:19:18.0656 6792 WUDFRd - ok
11:19:18.0723 6792 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
11:19:18.0738 6792 \Device\Harddisk0\DR0 - ok
11:19:18.0754 6792 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
11:19:18.0754 6792 \Device\Harddisk1\DR2 - ok
11:19:18.0785 6792 Boot (0x1200) (e920aea737fd2a6994e32745ed31703c) \Device\Harddisk0\DR0\Partition0
11:19:18.0785 6792 \Device\Harddisk0\DR0\Partition0 - ok
11:19:18.0785 6792 Boot (0x1200) (59e1dbadcbefb39788f8032fc70325f1) \Device\Harddisk1\DR2\Partition0
11:19:18.0785 6792 \Device\Harddisk1\DR2\Partition0 - ok
11:19:18.0785 6792 ============================================================
11:19:18.0785 6792 Scan finished
11:19:18.0785 6792 ============================================================
11:19:18.0801 6756 Detected object count: 0
11:19:18.0801 6756 Actual detected object count: 0
11:25:57.0087 0480 Deinitialize success

#9 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:47 PM

Posted 01 October 2011 - 05:05 PM

Hello eraye1,

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

In your next reply, please copy/paste the contents of the following:
  • Goordfix Log

How is your machine now?




regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#10 eraye1

eraye1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 01 October 2011 - 05:25 PM

It gives me an error when I download and try to run this. Maybe it's not for 64-bit machines?

#11 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:47 PM

Posted 06 October 2011 - 03:09 PM

Hello eraye1,

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

Edited by ratman, 06 October 2011 - 03:56 PM.

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users