Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen of Death


  • Please log in to reply
17 replies to this topic

#1 ysuleman

ysuleman

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 27 September 2011 - 03:53 PM

hi. I am running windows XP. I ran Malawarebytes because my computer was heaavily infected. However after i removed all the selected files i amd receiving the blue screen.
Any Ideas?
Thanks

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:34 AM

Posted 27 September 2011 - 05:06 PM

Hi ysuleman,

:step1: We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).


:step2: Can you successfully start your computer in Safe Mode?

This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu with several options. Press the down arrow key on your keyboard until Safe Mode with Networking is selected. Press Enter. Please see here for additional details.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 ysuleman

ysuleman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 27 September 2011 - 06:00 PM

Yes, I can go into safemode perfectly.

On Normal mode it turns on to the desktop then the blue screen comes. I have taken an image.

http://postimage.org/image/2o48e3pvo/

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:34 AM

Posted 27 September 2011 - 06:10 PM

Hi ysuleman,

:step1: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

:step2: Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    atapi.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 ysuleman

ysuleman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 27 September 2011 - 08:03 PM

Here is the Gmer log requested-

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-27 19:18:49
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST380815AS rev.3.ADA
Running: 2zujnjj8.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwpdakob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 012E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[264] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 012F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[264] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F1000C
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00CD77E0 c:\progra~1\window~4\datamngr\iebho.dll (IEHelper/Bandoo Media, inc)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0204000A
.text C:\Program Files\Internet Explorer\iexplore.exe[400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0205000A
.text C:\Program Files\Internet Explorer\iexplore.exe[400] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0203000C
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 3E25467C C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[400] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C5000A
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C3000C
.text C:\WINDOWS\Explorer.EXE[1592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A
.text C:\WINDOWS\Explorer.EXE[1592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C8000A
.text C:\WINDOWS\Explorer.EXE[1592] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003B000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 862EF31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 862EF31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 862EF31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 862EF31B

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----




Here is the other log systemlook

SystemLook 30.07.11 by jpshortstuff
Log created at 20:01 on 27/09/2011 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a---- 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c- 95360 bytes [12:00 04/08/2004] [04:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\drivers\atapi.sys --a---- 95360 bytes [12:00 04/08/2004] [04:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys --a---- 95360 bytes [19:12 04/02/2011] [12:00 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys --a---- 95360 bytes [19:12 04/02/2011] [04:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-= EOF =-

#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:34 AM

Posted 27 September 2011 - 08:09 PM

Hi ysuleman,

:step1: Please carefully follow the steps in the following guide:

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller If you have previously downloaded TDSSkiller, please download a new version, as it is updated often. After letting it scan, please post the log, located at C:\
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 ysuleman

ysuleman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 27 September 2011 - 09:32 PM

Hi. Here is the TDSS Log


20:22:05.0812 3764 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
20:22:06.0421 3764 ============================================================
20:22:06.0421 3764 Current date / time: 2011/09/27 20:22:06.0421
20:22:06.0421 3764 SystemInfo:
20:22:06.0421 3764
20:22:06.0421 3764 OS Version: 5.1.2600 ServicePack: 2.0
20:22:06.0421 3764 Product type: Workstation
20:22:06.0437 3764 ComputerName: USER-18A7AD29AB
20:22:06.0437 3764 UserName: Administrator
20:22:06.0437 3764 Windows directory: C:\WINDOWS
20:22:06.0437 3764 System windows directory: C:\WINDOWS
20:22:06.0437 3764 Processor architecture: Intel x86
20:22:06.0437 3764 Number of processors: 2
20:22:06.0437 3764 Page size: 0x1000
20:22:06.0437 3764 Boot type: Safe boot with network
20:22:06.0437 3764 ============================================================
20:22:07.0937 3764 Initialize success
20:22:52.0203 3360 ============================================================
20:22:52.0203 3360 Scan started
20:22:52.0203 3360 Mode: Manual;
20:22:52.0203 3360 ============================================================
20:22:54.0953 3360 Abiosdsk - ok
20:22:55.0109 3360 abp480n5 - ok
20:22:55.0453 3360 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:22:55.0484 3360 ACPI - ok
20:22:55.0718 3360 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:22:55.0734 3360 ACPIEC - ok
20:22:55.0843 3360 adpu160m - ok
20:22:56.0015 3360 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
20:22:56.0031 3360 aec - ok
20:22:56.0109 3360 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
20:22:56.0109 3360 AFD - ok
20:22:56.0250 3360 Aha154x - ok
20:22:56.0546 3360 aic78u2 - ok
20:22:56.0765 3360 aic78xx - ok
20:22:57.0187 3360 AliIde - ok
20:22:57.0437 3360 amsint - ok
20:22:57.0625 3360 asc - ok
20:22:57.0890 3360 asc3350p - ok
20:22:58.0046 3360 asc3550 - ok
20:22:58.0484 3360 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:22:58.0484 3360 AsyncMac - ok
20:22:58.0656 3360 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:22:58.0656 3360 atapi - ok
20:22:58.0890 3360 Atdisk - ok
20:22:59.0281 3360 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:22:59.0281 3360 Atmarpc - ok
20:22:59.0812 3360 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:22:59.0812 3360 audstub - ok
20:22:59.0968 3360 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:22:59.0984 3360 b57w2k - ok
20:23:00.0171 3360 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:23:00.0187 3360 Beep - ok
20:23:00.0421 3360 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:23:00.0437 3360 cbidf2k - ok
20:23:00.0609 3360 cd20xrnt - ok
20:23:00.0750 3360 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:23:00.0765 3360 Cdaudio - ok
20:23:00.0875 3360 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:23:00.0890 3360 Cdfs - ok
20:23:01.0187 3360 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:23:01.0203 3360 Cdrom - ok
20:23:01.0312 3360 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:23:01.0312 3360 cercsr6 - ok
20:23:01.0468 3360 Changer - ok
20:23:01.0703 3360 CmdIde - ok
20:23:02.0171 3360 Cpqarray - ok
20:23:02.0343 3360 dac2w2k - ok
20:23:02.0406 3360 dac960nt - ok
20:23:02.0500 3360 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:23:02.0515 3360 Disk - ok
20:23:02.0734 3360 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
20:23:02.0781 3360 dmboot - ok
20:23:02.0859 3360 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
20:23:02.0890 3360 dmio - ok
20:23:03.0203 3360 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:23:03.0234 3360 dmload - ok
20:23:03.0468 3360 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:23:03.0484 3360 DMusic - ok
20:23:03.0656 3360 dpti2o - ok
20:23:03.0859 3360 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
20:23:03.0875 3360 drmkaud - ok
20:23:04.0140 3360 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:23:04.0171 3360 drvmcdb - ok
20:23:04.0234 3360 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
20:23:04.0250 3360 drvnddm - ok
20:23:04.0843 3360 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:23:04.0859 3360 Fastfat - ok
20:23:04.0984 3360 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
20:23:05.0000 3360 Fdc - ok
20:23:05.0140 3360 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
20:23:05.0140 3360 Fips - ok
20:23:05.0203 3360 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:23:05.0203 3360 Flpydisk - ok
20:23:05.0250 3360 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:23:05.0250 3360 FltMgr - ok
20:23:05.0296 3360 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:23:05.0296 3360 Fs_Rec - ok
20:23:05.0968 3360 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:23:05.0968 3360 Ftdisk - ok
20:23:06.0093 3360 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:23:06.0093 3360 Gpc - ok
20:23:06.0500 3360 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:23:06.0531 3360 hidusb - ok
20:23:06.0546 3360 hpn - ok
20:23:06.0750 3360 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
20:23:06.0750 3360 HTTP - ok
20:23:07.0015 3360 i2omgmt - ok
20:23:07.0203 3360 i2omp - ok
20:23:07.0312 3360 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys
20:23:07.0312 3360 i8042prt - ok
20:23:07.0484 3360 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:23:07.0531 3360 ialm - ok
20:23:08.0046 3360 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:23:08.0046 3360 Imapi - ok
20:23:08.0250 3360 ini910u - ok
20:23:08.0343 3360 IntelIde - ok
20:23:08.0531 3360 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:23:08.0562 3360 intelppm - ok
20:23:08.0734 3360 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:23:08.0734 3360 Ip6Fw - ok
20:23:09.0000 3360 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:23:09.0015 3360 IpFilterDriver - ok
20:23:09.0187 3360 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:23:09.0187 3360 IpInIp - ok
20:23:09.0453 3360 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:23:09.0453 3360 IpNat - ok
20:23:09.0656 3360 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:23:09.0687 3360 IPSec - ok
20:23:09.0781 3360 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:23:09.0796 3360 IRENUM - ok
20:23:10.0078 3360 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:23:10.0093 3360 isapnp - ok
20:23:10.0265 3360 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:23:10.0265 3360 Kbdclass - ok
20:23:10.0390 3360 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:23:10.0390 3360 kbdhid - ok
20:23:10.0453 3360 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
20:23:10.0453 3360 kmixer - ok
20:23:10.0593 3360 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
20:23:10.0609 3360 KSecDD - ok
20:23:10.0671 3360 lbrtfdc - ok
20:23:11.0015 3360 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
20:23:11.0031 3360 MBAMProtector - ok
20:23:11.0203 3360 MBAMSwissArmy - ok
20:23:11.0468 3360 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:23:11.0484 3360 mnmdd - ok
20:23:11.0843 3360 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
20:23:11.0875 3360 Modem - ok
20:23:12.0078 3360 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:23:12.0078 3360 Mouclass - ok
20:23:12.0421 3360 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:23:12.0421 3360 mouhid - ok
20:23:12.0515 3360 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:23:12.0531 3360 MountMgr - ok
20:23:12.0828 3360 mraid35x - ok
20:23:13.0015 3360 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:23:13.0031 3360 MRxDAV - ok
20:23:13.0156 3360 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:23:13.0187 3360 MRxSmb - ok
20:23:13.0468 3360 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:23:13.0500 3360 Msfs - ok
20:23:13.0921 3360 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:23:13.0921 3360 MSKSSRV - ok
20:23:14.0062 3360 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:23:14.0078 3360 MSPCLOCK - ok
20:23:14.0328 3360 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
20:23:14.0328 3360 MSPQM - ok
20:23:14.0531 3360 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:23:14.0546 3360 mssmbios - ok
20:23:14.0796 3360 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
20:23:14.0796 3360 Mup - ok
20:23:14.0984 3360 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:23:14.0984 3360 NDIS - ok
20:23:15.0250 3360 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:23:15.0265 3360 NdisTapi - ok
20:23:15.0437 3360 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:23:15.0437 3360 Ndisuio - ok
20:23:15.0625 3360 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:23:15.0640 3360 NdisWan - ok
20:23:15.0921 3360 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:23:15.0921 3360 NDProxy - ok
20:23:16.0078 3360 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:23:16.0078 3360 NetBIOS - ok
20:23:16.0421 3360 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:23:16.0421 3360 NetBT - ok
20:23:16.0906 3360 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:23:16.0906 3360 Npfs - ok
20:23:17.0140 3360 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
20:23:17.0203 3360 Ntfs - ok
20:23:17.0781 3360 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:23:17.0781 3360 Null - ok
20:23:18.0000 3360 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:23:18.0015 3360 NwlnkFlt - ok
20:23:18.0062 3360 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:23:18.0062 3360 NwlnkFwd - ok
20:23:18.0453 3360 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
20:23:18.0453 3360 Parport - ok
20:23:18.0515 3360 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:23:18.0515 3360 PartMgr - ok
20:23:18.0546 3360 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:23:18.0562 3360 ParVdm - ok
20:23:18.0593 3360 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
20:23:18.0593 3360 PCI - ok
20:23:18.0640 3360 PCIDump - ok
20:23:18.0687 3360 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:23:18.0687 3360 PCIIde - ok
20:23:18.0734 3360 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:23:18.0734 3360 Pcmcia - ok
20:23:18.0750 3360 PDCOMP - ok
20:23:18.0765 3360 PDFRAME - ok
20:23:18.0796 3360 PDRELI - ok
20:23:18.0890 3360 PDRFRAME - ok
20:23:18.0921 3360 perc2 - ok
20:23:18.0937 3360 perc2hib - ok
20:23:19.0109 3360 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:23:19.0109 3360 PptpMiniport - ok
20:23:19.0140 3360 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:23:19.0140 3360 PSched - ok
20:23:19.0156 3360 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:23:19.0156 3360 Ptilink - ok
20:23:19.0234 3360 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:23:19.0250 3360 PxHelp20 - ok
20:23:19.0390 3360 ql1080 - ok
20:23:19.0578 3360 Ql10wnt - ok
20:23:19.0687 3360 ql12160 - ok
20:23:19.0843 3360 ql1240 - ok
20:23:20.0156 3360 ql1280 - ok
20:23:20.0406 3360 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:23:20.0406 3360 RasAcd - ok
20:23:20.0875 3360 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:23:20.0890 3360 Rasl2tp - ok
20:23:21.0171 3360 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:23:21.0171 3360 RasPppoe - ok
20:23:21.0312 3360 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:23:21.0312 3360 Raspti - ok
20:23:21.0437 3360 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:23:21.0437 3360 Rdbss - ok
20:23:21.0625 3360 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:23:21.0625 3360 RDPCDD - ok
20:23:22.0031 3360 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:23:22.0046 3360 rdpdr - ok
20:23:22.0375 3360 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
20:23:22.0390 3360 RDPWD - ok
20:23:22.0531 3360 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:23:22.0546 3360 redbook - ok
20:23:23.0484 3360 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:23:23.0500 3360 Secdrv - ok
20:23:24.0031 3360 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
20:23:24.0062 3360 senfilt - ok
20:23:24.0250 3360 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:23:24.0265 3360 serenum - ok
20:23:24.0609 3360 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
20:23:24.0609 3360 Serial - ok
20:23:25.0093 3360 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:23:25.0093 3360 Sfloppy - ok
20:23:25.0609 3360 Simbad - ok
20:23:25.0859 3360 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
20:23:25.0875 3360 smwdm - ok
20:23:25.0968 3360 Sparrow - ok
20:23:26.0109 3360 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
20:23:26.0125 3360 splitter - ok
20:23:26.0343 3360 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
20:23:26.0359 3360 sr - ok
20:23:26.0515 3360 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
20:23:26.0515 3360 Srv - ok
20:23:26.0750 3360 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:23:26.0781 3360 sscdbhk5 - ok
20:23:27.0187 3360 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
20:23:27.0187 3360 ssrtln - ok
20:23:27.0328 3360 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:23:27.0328 3360 swenum - ok
20:23:27.0421 3360 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
20:23:27.0437 3360 swmidi - ok
20:23:27.0656 3360 symc810 - ok
20:23:27.0750 3360 symc8xx - ok
20:23:27.0812 3360 sym_hi - ok
20:23:27.0968 3360 sym_u3 - ok
20:23:28.0156 3360 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:23:28.0171 3360 sysaudio - ok
20:23:28.0328 3360 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:23:28.0328 3360 Tcpip - ok
20:23:28.0484 3360 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:23:28.0500 3360 TDPIPE - ok
20:23:28.0609 3360 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
20:23:28.0625 3360 TDTCP - ok
20:23:28.0875 3360 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:23:28.0875 3360 TermDD - ok
20:23:28.0953 3360 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
20:23:29.0000 3360 tfsnboio - ok
20:23:29.0031 3360 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
20:23:29.0046 3360 tfsncofs - ok
20:23:29.0171 3360 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
20:23:29.0187 3360 tfsndrct - ok
20:23:29.0250 3360 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
20:23:29.0250 3360 tfsndres - ok
20:23:29.0265 3360 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
20:23:29.0265 3360 tfsnifs - ok
20:23:29.0406 3360 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
20:23:29.0406 3360 tfsnopio - ok
20:23:29.0671 3360 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
20:23:29.0671 3360 tfsnpool - ok
20:23:29.0781 3360 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
20:23:29.0781 3360 tfsnudf - ok
20:23:30.0000 3360 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:23:30.0000 3360 tfsnudfa - ok
20:23:30.0406 3360 TosIde - ok
20:23:30.0703 3360 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
20:23:30.0718 3360 Udfs - ok
20:23:31.0000 3360 ultra - ok
20:23:31.0156 3360 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
20:23:31.0171 3360 Update - ok
20:23:31.0406 3360 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:23:31.0421 3360 usbccgp - ok
20:23:31.0500 3360 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:23:31.0515 3360 usbehci - ok
20:23:31.0625 3360 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:23:31.0625 3360 usbhub - ok
20:23:31.0718 3360 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:23:31.0718 3360 usbprint - ok
20:23:31.0843 3360 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:23:31.0843 3360 usbscan - ok
20:23:31.0984 3360 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:23:31.0984 3360 USBSTOR - ok
20:23:32.0140 3360 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:23:32.0156 3360 usbuhci - ok
20:23:32.0312 3360 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:23:32.0312 3360 VgaSave - ok
20:23:32.0531 3360 ViaIde - ok
20:23:32.0703 3360 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
20:23:32.0703 3360 VolSnap - ok
20:23:33.0125 3360 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:23:33.0125 3360 Wanarp - ok
20:23:33.0265 3360 WDICA - ok
20:23:33.0437 3360 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
20:23:33.0437 3360 wdmaud - ok
20:23:34.0687 3360 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
20:23:34.0687 3360 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
20:23:34.0687 3360 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
20:23:34.0781 3360 Boot (0x1200) (12e05b8fed7815079034d58f85e68347) \Device\Harddisk0\DR0\Partition0
20:23:34.0781 3360 \Device\Harddisk0\DR0\Partition0 - ok
20:23:34.0859 3360 ============================================================
20:23:34.0859 3360 Scan finished
20:23:34.0859 3360 ============================================================
20:23:35.0250 3732 Detected object count: 1
20:23:35.0250 3732 Actual detected object count: 1
20:26:05.0328 3732 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
20:26:05.0328 3732 \Device\Harddisk0\DR0 - ok
20:26:05.0328 3732 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
20:26:10.0093 3608 Deinitialize success


I was not sure if you needed the new Malware bytes log after the scan of TDSS

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7811

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

9/27/2011 9:29:02 PM
mbam-log-2011-09-27 (21-28-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 255788
Time elapsed: 37 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\play pickle\playpicklelib32.dll (PUP.Magoo) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> No action taken.
HKEY_CLASSES_ROOT\PlayPickleText.Linker.1 (PUP.Magoo) -> No action taken.
HKEY_CLASSES_ROOT\PlayPickleText.Linker (PUP.Magoo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{eafe8ae2-593d-4535-8919-0f4e7a4eebe3} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{12f6635b-e727-4193-992c-544bf5506841} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5442736B-E379-4668-AC30-7F39B3581875} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\RadioRage_4jInstaller.Start.1 (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\RadioRage_4jInstaller.Start (PUP.FunWebProducts) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2ff49ed5-a3ef-410b-918e-97deceb5996d} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{4084d718-3644-4504-b828-bb054729e39c} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{34A117AD-7F43-4859-BF97-ADC46488953F} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\TelevisionFanaticInstaller.Start.1 (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\TelevisionFanaticInstaller.Start (PUP.FunWebProducts) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D} (PUP.FunWebProducts) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D} (PUP.FunWebProducts) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\play pickle\pptl.dll (PUP.Magoo) -> No action taken.
c:\program files\play pickle\playpicklelib32.dll (PUP.Magoo) -> No action taken.
c:\program files\radiorage_4jei\Installr\4.bin\4jEZSETP.dll (PUP.FunWebProducts) -> No action taken.
c:\program files\televisionfanaticei\Installr\5.bin\64EZSETP.dll (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP100\A0008884.dll (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP103\A0008954.dll (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP122\A0017685.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP122\A0017686.SCR (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP122\A0017687.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP122\A0017688.EXE (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP70\A0007471.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP70\A0007472.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP70\A0007473.DLL (PUP.FunWebProducts) -> No action taken.
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.


I did not fix or do anything with the malwarebytes scan.

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:34 AM

Posted 27 September 2011 - 09:47 PM

Hi ysuleman,

Looking good. :thumbup2:

If you haven't restarted your computer after running TDSSkiller, please do so.

Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware


Please let me know whether you can now log onto your computer in Normal Mode.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 ysuleman

ysuleman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 27 September 2011 - 10:56 PM

Yes. I am back in Normal Mode.

Here is the Log file for Malwarebytes


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7811

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

9/27/2011 10:50:14 PM
mbam-log-2011-09-27 (22-50-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 255728
Time elapsed: 29 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\play pickle\playpicklelib32.dll (PUP.Magoo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PlayPickleText.Linker.1 (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PlayPickleText.Linker (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eafe8ae2-593d-4535-8919-0f4e7a4eebe3} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{12f6635b-e727-4193-992c-544bf5506841} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5442736B-E379-4668-AC30-7F39B3581875} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\RadioRage_4jInstaller.Start.1 (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\RadioRage_4jInstaller.Start (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ff49ed5-a3ef-410b-918e-97deceb5996d} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4084d718-3644-4504-b828-bb054729e39c} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34A117AD-7F43-4859-BF97-ADC46488953F} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanaticInstaller.Start.1 (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanaticInstaller.Start (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D} (PUP.FunWebProducts) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\play pickle\pptl.dll (PUP.Magoo) -> Quarantined and deleted successfully.
c:\program files\play pickle\playpicklelib32.dll (PUP.Magoo) -> Delete on reboot.
c:\program files\radiorage_4jei\Installr\4.bin\4jEZSETP.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\televisionfanaticei\Installr\5.bin\64EZSETP.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP100\A0008884.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP103\A0008954.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP122\A0017685.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP122\A0017686.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP122\A0017687.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP122\A0017688.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP70\A0007471.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP70\A0007472.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1edec7c-3621-49f6-ab38-f9b15a2868ba}\RP70\A0007473.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:34 AM

Posted 27 September 2011 - 10:58 PM

Hi ysuleman,

:step1: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

:step2: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 ysuleman

ysuleman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 28 September 2011 - 07:41 AM

Mini Tool Box Log

[xcode] MiniToolBox by Farbar
Ran by User (administrator) on 28-09-2011 at 06:53:07
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : user-18a7ad29ab

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-18-8B-13-B9-32

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Wednesday, September 28, 2011 6:25:22 AM

Lease Expires . . . . . . . . . . : Thursday, September 29, 2011 6:25:22 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.104, 72.14.204.147, 72.14.204.103, 72.14.204.99
72.14.204.105



Pinging google.com [72.14.204.105] with 32 bytes of data:



Reply from 72.14.204.105: bytes=32 time=55ms TTL=51

Reply from 72.14.204.105: bytes=32 time=49ms TTL=51



Ping statistics for 72.14.204.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 49ms, Maximum = 55ms, Average = 52ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 67.195.160.76, 72.30.2.43
98.137.149.56



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=63ms TTL=50

Reply from 98.137.149.56: bytes=32 time=60ms TTL=50



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 60ms, Maximum = 63ms, Average = 61ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 8b 13 b9 32 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.64 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/27/2011 08:22:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/27/2011 08:21:59 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally

Error: (09/27/2011 04:03:31 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt> with error: This network connection does not exist.

Error: (09/27/2011 04:03:30 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt> with error: The connection with the server was terminated abnormally

Error: (09/18/2011 08:54:24 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The HTTP redirect request failed


System errors:
=============
Error: (09/27/2011 08:27:44 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 f755959d, parameter3 a164a580, parameter4 00000000.

Error: (09/27/2011 08:27:29 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 f755959d, parameter3 a15c9580, parameter4 00000000.

Error: (09/27/2011 08:26:23 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/27/2011 07:18:42 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/27/2011 07:03:49 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (09/27/2011 07:02:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Error: (09/27/2011 07:00:53 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/27/2011 05:40:19 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/27/2011 04:56:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/27/2011 04:56:26 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (09/27/2011 08:22:00 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (09/27/2011 08:21:59 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe connection with the server was terminated abnormally

Error: (09/27/2011 04:03:31 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crtThis network connection does not exist.

Error: (09/27/2011 04:03:30 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crtThe connection with the server was terminated abnormally

Error: (09/18/2011 08:54:24 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe HTTP redirect request failed


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.181.23)
Ask Toolbar (Version: 1.12.5.0)
Bandoo (Version: 7.0.0.112207)
Barra de herramientas ALOT
Berlitz Before You Know It Flash Cards (Version: 3.6)
Berlitz Learning System ES (Version: 10.0)
Broadcom Gigabit Integrated Controller (Version: 9.02.06)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
DealRunner 1.25 (Version: 1.25)
fbDownloader 1.0.2.0 (Version: 1.0.2.0)
iLivid (Version: 1.92.0.112243)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Itibiti RTC (Version: 0.0.1)
Knctr
Learning Essentials for Microsoft Office (Version: 2.0)
LEC Translate (Version: 1.00.0003)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Mavis Beacon Teaches Typing Deluxe 16
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft English TTS Engine (Version: 2.0.1000.0)
Microsoft Math (Version: 2007)
Microsoft Office Access database engine 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Streets & Trips 2010 (Version: 17.0.19.2900)
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009 (Version: 2009)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable Package (Version: 1.0.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NetAssistant (Version: 3.8.3)
Play Pickle
PowerDVD (Version: 7.0)
QuickTime (Version: 7.1)
RadioHoops Toolbar (Version: 6.5.2.8)
RadioPI
SAPI Wrapper (Version: 1.0.0.0)
Shop To Win (Version: 1.0.25)
Sonic DLA (Version: 4.95)
Sonic RecordNow! Plus (Version: 7.3)
Sonic Update Manager (Version: 2.9)
SoundMAX (Version: 5.12.01.5246)
TTS Wrapper (Version: 1.0.0.0)
Web Essentials
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows iLivid Toolbar (Version: 3.0.0.112200)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Wizard101 (Version: 1.0.0)
World of Warcraft (Version: 4.0.0.12911)
Yahoo! Software Update
Yahoo! Toolbar
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 1014.07 MB
Available physical RAM: 513.82 MB
Total Pagefile: 2444.6 MB
Available Pagefile: 2040.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.08 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.5 GB) (Free:43.65 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-18A7AD29AB

Administrator Guest HelpAssistant
SUPPORT_388945a0 User


**** End of log **** [/xcode]

ESET LOG

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Program Files\RadioPI_4e\bar\1.bin\4edatact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\Program Files\RadioPI_4e\bar\1.bin\4ehtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
C:\Program Files\RadioPI_4e\bar\1.bin\4ehtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Program Files\RadioPI_4e\bar\1.bin\4eieovr.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files\RadioPI_4e\bar\1.bin\4ePlugin.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\RadioPI_4e\bar\1.bin\4eskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files\RadioRage_4jEI\Installr\4.bin\4jEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\TelevisionFanaticEI\Installr\5.bin\64EIPlug.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined

#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:34 AM

Posted 28 September 2011 - 07:47 AM

Hi ysuleman,

How's your computer running now?

Your logs show you don't have an antivirus program installed.
  • Please download and install an antivirus program, and make sure that you keep it updated.
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

    There are several recommended, free antivirus software available. Only download and install one antivirus program (see note below).

    Microsoft Security Essentials

    Avast Free

    Avira Free

    AVG Free

    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 ysuleman

ysuleman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 28 September 2011 - 08:13 AM

It is working fine. However when i turn the computer on I get this error at startup.

playpickle.exe - Unable to locate Component
This application has failed to start because playpicklelib32.dll was not found. Re-installing the application may fix this problem.

PS. Thanks for all this help

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:34 AM

Posted 28 September 2011 - 08:21 AM

Hi ysuleman,

You're welcome for the help, however we're not quite done yet.

:step1: Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE (copy and paste that website address) and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others checked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen, under "Select Scan Type" click Complete Scan.
  • On the left, make sure you check C:\.
  • Click Start Complete Scan > Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a USB drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 ysuleman

ysuleman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 28 September 2011 - 11:03 AM

Here is the log for super antispyware


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/28/2011 at 09:27 AM

Application Version : 5.0.1128

Core Rules Database Version : 7733
Trace Rules Database Version: 5545

Scan type : Complete Scan
Total Scan Time : 00:43:57

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 475
Memory threats detected : 0
Registry items scanned : 36051
Registry threats detected : 126
File items scanned : 55226
File threats detected : 375

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-1004336348-1844237615-1801674531-1003\SOFTWARE\FunWebProducts
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

Adware.Gamevance
C:\Program Files\PLAY PICKLE\ars.cfg
C:\Program Files\PLAY PICKLE\playpickle32.exe
C:\Program Files\PLAY PICKLE\ppun.exe
C:\Program Files\PLAY PICKLE
[Play Pickle] C:\PROGRAM FILES\PLAY PICKLE\PLAYPICKLE32.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP80\A0008050.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP80\A0008051.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP80\A0008059.DLL

Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\user@accounts.google[2].txt [ /accounts.google ]
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[3].txt [ /ad.yieldmanager ]
C:\Documents and Settings\User\Cookies\user@at.atwola[1].txt [ /at.atwola ]
C:\Documents and Settings\User\Cookies\user@bizzclick[1].txt [ /bizzclick ]
C:\Documents and Settings\User\Cookies\user@invitemedia[1].txt [ /invitemedia ]
C:\Documents and Settings\User\Cookies\user@media6degrees[2].txt [ /media6degrees ]
C:\Documents and Settings\User\Cookies\user@solvemedia[2].txt [ /solvemedia ]
C:\Documents and Settings\User\Cookies\user@www.windowsmedia[2].txt [ /www.windowsmedia ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@atdmt[2].txt [ Cookie:administrator@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@2o7[1].txt [ Cookie:administrator@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@kaspersky.122.2o7[1].txt [ Cookie:administrator@kaspersky.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@interclick[1].txt [ Cookie:administrator@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@doubleclick[2].txt [ Cookie:administrator@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@serving-sys[1].txt [ Cookie:administrator@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@fastclick[2].txt [ Cookie:administrator@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@collective-media[1].txt [ Cookie:administrator@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@imrworldwide[2].txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@ru4[2].txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@ads.gamersmedia[2].txt [ Cookie:system@ads.gamersmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@www.burstnet[2].txt [ Cookie:system@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@fastclick[1].txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@dc.tremormedia[2].txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@indieclick[2].txt [ Cookie:system@indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@tacoda.at.atwola[2].txt [ Cookie:system@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@myroitracking[1].txt [ Cookie:system@myroitracking.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@pointroll[1].txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@media6degrees[2].txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@clicks.blinksearchtool[1].txt [ Cookie:system@clicks.blinksearchtool.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@ar.atwola[2].txt [ Cookie:system@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@revsci[2].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@a1.interclick[2].txt [ Cookie:system@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@goclicker[2].txt [ Cookie:system@goclicker.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@marchex.bafind[2].txt [ Cookie:system@marchex.bafind.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@optimize.indieclick[1].txt [ Cookie:system@optimize.indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@atdmt[1].txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@liveperson[3].txt [ Cookie:system@liveperson.net/hc/55170107 ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@doubleclick[1].txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@eyewonder[2].txt [ Cookie:system@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@lucidmedia[2].txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@chimeraadvertising[1].txt [ Cookie:system@chimeraadvertising.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@clicks.thespecialsearch[1].txt [ Cookie:system@clicks.thespecialsearch.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@getclicky[1].txt [ Cookie:system@getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@search.clicksare[1].txt [ Cookie:system@search.clicksare.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@search.321findit[1].txt [ Cookie:system@search.321findit.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@trafficmp[2].txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@kitaramedia.122.2o7[1].txt [ Cookie:system@kitaramedia.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@collective-media[1].txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@blogs.babble[2].txt [ Cookie:system@blogs.babble.com/being-pregnant/wp-content/plugins/pixelstats/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@find.keywordblocks[1].txt [ Cookie:system@find.keywordblocks.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@ads.pointroll[2].txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@p142t1s471340.kronos.bravenetmedia[1].txt [ Cookie:system@p142t1s471340.kronos.bravenetmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@realmedia[1].txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@mediatraffic[2].txt [ Cookie:system@mediatraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@burstnet[2].txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@hitbox[1].txt [ Cookie:system@hitbox.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@adbrite[2].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@www.findstuffforme[1].txt [ Cookie:system@www.findstuffforme.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@yieldmanager[1].txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@apmebf[2].txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@adxpose[1].txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@advertise[2].txt [ Cookie:system@advertise.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@crackle[1].txt [ Cookie:system@crackle.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@bs.serving-sys[1].txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@ehg-wss.hitbox[2].txt [ Cookie:system@ehg-wss.hitbox.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@pro-market[2].txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@entrepreneur[1].txt [ Cookie:system@entrepreneur.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@search.come-find[1].txt [ Cookie:system@search.come-find.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@casalemedia[1].txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@bizzclick[2].txt [ Cookie:system@bizzclick.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@questionmarket[2].txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@adserver.adtechus[1].txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@network.realmedia[1].txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@r1-ads.ace.advertising[1].txt [ Cookie:system@r1-ads.ace.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@click.xmlmonetize[2].txt [ Cookie:system@click.xmlmonetize.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@server.cpmstar[2].txt [ Cookie:system@server.cpmstar.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@tribalfusion[2].txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@statcounter[2].txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@content.yieldmanager[3].txt [ Cookie:system@content.yieldmanager.com/ak/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@smartadserver[2].txt [ Cookie:system@smartadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@clicksor[2].txt [ Cookie:system@clicksor.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@cdn.jemamedia[1].txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@mm.chitika[2].txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@advertising[2].txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@content.yieldmanager[2].txt [ Cookie:system@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@adserving.ezanga[2].txt [ Cookie:system@adserving.ezanga.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@totalbeauty.112.2o7[1].txt [ Cookie:system@totalbeauty.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@citygridmedia[2].txt [ Cookie:system@citygridmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@findology[2].txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@2o7[1].txt [ Cookie:system@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@flatwatermedia[2].txt [ Cookie:system@flatwatermedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@microsoftsto.112.2o7[1].txt [ Cookie:system@microsoftsto.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@rotator.adjuggler[2].txt [ Cookie:system@rotator.adjuggler.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@adsonar[3].txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@p141t1s451529.kronos.bravenetmedia[1].txt [ Cookie:system@p141t1s451529.kronos.bravenetmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@eaeacom.112.2o7[1].txt [ Cookie:system@eaeacom.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@search.clicksthe[1].txt [ Cookie:system@search.clicksthe.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@clickkick[2].txt [ Cookie:system@clickkick.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@dealfind[2].txt [ Cookie:system@dealfind.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@static.getclicky[1].txt [ Cookie:system@static.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@mediabrandsww[1].txt [ Cookie:system@mediabrandsww.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@www.mediaquantics[1].txt [ Cookie:system@www.mediaquantics.net/stats/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@pubmatic[2].txt [ Cookie:system@pubmatic.com/AdServer/AdClickTrackerServlet/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@liveperson[1].txt [ Cookie:system@liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@goldmansachs.122.2o7[1].txt [ Cookie:system@goldmansachs.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@247realmedia[1].txt [ Cookie:system@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@twctsg.122.2o7[1].txt [ Cookie:system@twctsg.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@ru4[7].txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@imrworldwide[5].txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@roia.hutchmedia[2].txt [ Cookie:system@roia.hutchmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@fastclick[1].txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@www.burstnet[1].txt [ Cookie:system@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@dc.tremormedia[3].txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@stats.justhost[2].txt [ Cookie:system@stats.justhost.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@pointroll[3].txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@myroitracking[6].txt [ Cookie:system@myroitracking.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@media6degrees[5].txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@revsci[6].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@a1.interclick[2].txt [ Cookie:system@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@marchex.bafind[3].txt [ Cookie:system@marchex.bafind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@eas.apm.emediate[2].txt [ Cookie:system@eas.apm.emediate.eu/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@atdmt[7].txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@rotator.adjuggler[2].txt [ Cookie:system@rotator.adjuggler.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@doubleclick[6].txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@eyewonder[6].txt [ Cookie:system@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@chimeraadvertising[1].txt [ Cookie:system@chimeraadvertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@lucidmedia[5].txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@clicks.thespecialsearch[4].txt [ Cookie:system@clicks.thespecialsearch.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@d.mediaforge[2].txt [ Cookie:system@d.mediaforge.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@p441t1s4690231.kronos.bravenetmedia[2].txt [ Cookie:system@p441t1s4690231.kronos.bravenetmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@trafficmp[4].txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@search.clicksthe[2].txt [ Cookie:system@search.clicksthe.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@collective-media[4].txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@find.keywordblocks[1].txt [ Cookie:system@find.keywordblocks.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@ads.pointroll[5].txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@pmamedia.sitescout[2].txt [ Cookie:system@pmamedia.sitescout.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@realmedia[1].txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@gsimedia[2].txt [ Cookie:system@gsimedia.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@nextag[2].txt [ Cookie:system@nextag.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@burstnet[2].txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adbrite[1].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@search.toseeking[1].txt [ Cookie:system@search.toseeking.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@mediaforge[1].txt [ Cookie:system@mediaforge.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@yieldmanager[3].txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@apmebf[6].txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adxpose[4].txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@advertise[7].txt [ Cookie:system@advertise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@p304t1s6372966.kronos.bravenetmedia[1].txt [ Cookie:system@p304t1s6372966.kronos.bravenetmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@bs.serving-sys[4].txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@pro-market[2].txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@entrepreneur[1].txt [ Cookie:system@entrepreneur.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@bizzclick[6].txt [ Cookie:system@bizzclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@casalemedia[1].txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@questionmarket[4].txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adserver.adtechus[1].txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@liveperson[1].txt [ Cookie:system@liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@network.realmedia[2].txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@r1-ads.ace.advertising[2].txt [ Cookie:system@r1-ads.ace.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@www.freetrafficsystem[2].txt [ Cookie:system@www.freetrafficsystem.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@statcounter[3].txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@247realmedia[2].txt [ Cookie:system@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@content.yieldmanager[10].txt [ Cookie:system@content.yieldmanager.com/ak/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@smartadserver[2].txt [ Cookie:system@smartadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@stats.supergreenhosting[2].txt [ Cookie:system@stats.supergreenhosting.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@clicksor[2].txt [ Cookie:system@clicksor.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@cdn.jemamedia[6].txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@histats[1].txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@mm.chitika[3].txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@indianfriendfinder[2].txt [ Cookie:system@indianfriendfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@content.yieldmanager[9].txt [ Cookie:system@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adultfriendfinder[2].txt [ Cookie:system@adultfriendfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@server.iad.liveperson[2].txt [ Cookie:system@server.iad.liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@findology[4].txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@2o7[3].txt [ Cookie:system@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@histats[2].txt [ Cookie:system@histats.com/stats/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@mediabrandsww[3].txt [ Cookie:system@mediabrandsww.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@goldmansachs.122.2o7[1].txt [ Cookie:system@goldmansachs.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@germanfriendfinder[1].txt [ Cookie:system@germanfriendfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@advertising[4].txt [ Cookie:system@advertising.com/ ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXXLWDR3 ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXXLWDR3 ]
crackle.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXXLWDR3 ]
media.kyte.tv [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXXLWDR3 ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXXLWDR3 ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXXLWDR3 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXXLWDR3 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NXXLWDR3 ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\COOKIES\SYSTEM@ADS.BIGHEALTHTREE[2].TXT [ /ADS.BIGHEALTHTREE ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VDGN6RM2 ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VDGN6RM2 ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VDGN6RM2 ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VDGN6RM2 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VDGN6RM2 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VDGN6RM2 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\COOKIES\SYSTEM@BRIDGE2.ADMARKETPLACE[1].TXT [ /BRIDGE2.ADMARKETPLACE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pe.2.cqcounter.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.addfreestats.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.dealtime.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtrackrs.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtrackrs.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.game-advertising-online.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.toplist.cz [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
traffic.prod.cobaltgroup.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.anrtx.tacoda.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.tracklead.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.adotube.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.omgtracking.info [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.omgtracking.info [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trace.Known Threat Sources
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Local Settings\Temporary Internet Files\Content.IE5\FVWVEA2L\59b8caa9266b8_2176475[1].mp4 [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Local Settings\Temporary Internet Files\Content.IE5\FVWVEA2L\crossdomain[4].xml [ cache:wista ]

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP122\A0017641.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP122\A0017642.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP122\A0017664.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP122\A0017667.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP122\A0017668.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP122\A0017670.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP122\A0017671.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP122\A0017691.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1EDEC7C-3621-49F6-AB38-F9B15A2868BA}\RP122\A0017675.EXE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users