Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

offerchecker continued


  • This topic is locked This topic is locked
38 replies to this topic

#1 cassiereroni

cassiereroni

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:08:09 PM

Posted 23 November 2011 - 04:29 PM

Am posting here as directed from other forum:

http://www.bleepingcomputer.com/forums/topic427560.html/page__gopid__2484683#entry2484683

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 13:35:04 on 2011-11-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.444 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\_unins~2.lnk - c:\documents and settings\owner\local settings\temp\_uninst_75076434.bat
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F53} - c:\program files\siber systems\ai roboform\RoboFormComResetFields.html
IE: {60AFE1CD-9BA1-47AC-929C-484FBA08DF62}
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {C7112EF1-D5B6-421D-8F58-8FA63AB144F8}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: mcafee.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290557960921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1320852100156
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6529/mcfscan.cab
TCP: DhcpNameServer = 24.56.133.69 24.54.164.30
TCP: Interfaces\{9A981656-FD46-4F7B-A894-B49C886A845F} : DhcpNameServer = 24.56.133.69 24.54.164.30
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-26 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-26 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-6-4 532224]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-26 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-26 44768]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
RUnknown 5633605drv;5633605drv; [x]
RUnknown 75076434;75076434; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-26 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-26 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-23 01:24:54 -------- d-----w- c:\documents and settings\owner\local settings\application data\magicJack
2011-11-23 01:23:01 -------- d-----w- c:\documents and settings\owner\application data\mjusbsp
2011-11-19 21:03:45 3584 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2011-11-19 21:03:45 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-11-19 20:44:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\eSupport.com
2011-11-19 20:21:58 -------- d-----w- c:\program files\MSECACHE
2011-11-18 01:09:10 -------- d-----w- c:\documents and settings\owner\local settings\application data\Help
2011-11-17 18:48:05 -------- d-----w- c:\documents and settings\owner\application data\Pegasus Mail
2011-11-17 18:45:47 -------- d-----w- C:\PMAIL
2011-11-15 16:54:41 -------- d-----w- c:\program files\MSXML 4.0
2011-11-15 03:00:41 82432 ----a-r- c:\windows\system32\MSXML4r.dll
2011-11-15 03:00:41 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2011-11-15 03:00:41 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2011-11-15 03:00:41 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2011-11-15 03:00:41 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2011-11-15 03:00:26 -------- d-----w- c:\program files\Overland
2011-11-15 00:07:33 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2011-11-15 00:07:33 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2011-11-15 00:07:33 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2011-11-15 00:07:33 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2011-11-15 00:07:33 266296 ----a-r- c:\windows\system32\HPZidr12.dll
2011-11-15 00:07:33 196608 ----a-r- c:\windows\system32\HPZipr12.dll
2011-11-15 00:07:33 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-11-14 23:50:11 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-11-14 23:50:11 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-11-14 23:49:34 77824 ----a-r- c:\windows\system32\hpovst08.dll
2011-11-14 23:49:34 262144 ----a-r- c:\windows\system32\HPZc3212.dll
2011-11-14 23:49:33 565248 ----a-r- c:\windows\system32\hpotscl.dll
2011-11-14 23:49:33 274432 ----a-r- c:\windows\system32\hpgwiamd.dll
2011-11-14 21:06:01 212240 ----a-w- c:\windows\system32\Richtx32.ocx
2011-11-14 21:06:01 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2011-11-14 21:06:01 -------- d-----w- c:\windows\McAfee.com
2011-11-13 15:44:32 -------- d-----w- c:\documents and settings\owner\local settings\application data\Opera
2011-11-12 17:32:48 -------- d-----w- c:\program files\ESET
2011-11-11 15:30:50 -------- d-----w- c:\documents and settings\owner\local settings\application data\IsolatedStorage
2011-11-11 14:54:51 -------- d-----w- c:\documents and settings\owner\application data\ieSpell
2011-11-10 21:29:32 -------- d-----w- c:\program files\ieSpell
2011-11-10 15:41:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\ApplicationHistory
2011-11-09 17:37:29 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-09 17:37:29 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-11-09 16:47:42 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2011-11-09 15:36:45 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-09 15:33:30 -------- d-----w- c:\windows\system32\URTTEMP
2011-11-08 14:59:56 -------- d-----w- c:\documents and settings\all users\application data\GoodSync
2011-11-08 14:59:55 -------- d-----w- c:\documents and settings\owner\application data\GoodSync
2011-11-08 14:28:02 -------- d-----w- c:\program files\Siber Systems
2011-10-30 01:38:05 -------- d-----w- c:\documents and settings\owner\local settings\application data\MagicfeaturesPlugin
2011-10-29 22:57:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 22:10:18 -------- d-----w- c:\documents and settings\owner\application data\Windows Search
2011-10-29 20:18:42 -------- d-----w- c:\documents and settings\owner\application data\Windows Desktop Search
2011-10-29 19:38:54 -------- d-----w- c:\windows\system32\winrm
2011-10-29 19:38:48 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-10-29 19:38:09 -------- d-----w- c:\program files\Windows Desktop Search
2011-10-29 19:34:55 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-10-29 19:34:55 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-10-29 19:34:55 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-10-27 18:53:12 -------- d-----w- c:\documents and settings\all users\application data\magicJack
2011-10-27 05:29:35 -------- d-----w- c:\windows\pss
2011-10-27 05:24:56 -------- d-----w- c:\program files\Defraggler
2011-10-27 05:24:26 -------- d-----w- c:\program files\CCleaner
2011-10-27 04:59:12 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-27 04:58:12 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-27 04:57:09 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-27 04:35:52 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2011-10-27 04:35:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-27 04:35:17 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-27 04:18:19 -------- d-----w- c:\documents and settings\owner\application data\GlarySoft
2011-10-27 04:11:46 -------- d-----w- c:\program files\Glary Utilities
2011-10-27 01:02:22 -------- d-----w- c:\program files\Speccy
2011-10-27 00:43:39 -------- d-----w- c:\program files\VS Revo Group
2011-10-27 00:27:05 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2011-10-27 00:27:00 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-27 00:26:35 41184 ----a-w- c:\windows\avastSS.scr
2011-10-27 00:26:21 -------- d-----w- c:\program files\AVAST Software
2011-10-27 00:26:21 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2011-10-19 20:50:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-10-18 02:05:30 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:36:49.40 ===============




Attach log is zipped and attached.

Attached Files


 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 28 November 2011 - 04:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429074 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:08:09 PM

Posted 29 November 2011 - 07:43 PM

I first posted asking about what offerchecker.exe might be. I found it while cleaning out some of the old files from ZoneAlarm but when I went to look up what it was I couldn't find any information from anyplace that I knew and trusted. I just kept coming up with information suggesting that it was something bad and I needed to delete it. I run a full virus scan with Avast and a full and complete scan with Eset. Also run a scan with SuperAntiSpyware but found nothing.

Have received the BSOD a couple of times since first posting a problem. The report generated for the BSOD is as

follows:

Kernal_Data_InPage_error

Stop: 0x0000007A (0xC03DDE94, 0xC000000E, 0xF77A550C, 0x2D009860)

***Atapi.sys - Address F77A550C base at F7798000, Date Stamp 4802539d
Beginning Dump of physical memory


Was directed previously to download and run dds and Gmer. Did that and previously posted those logs. Have done it again and the new one is below. GMER does not run on my computer.

Also, when I tried to delete GMER from the trash I got a message asking if I wanted to delete all 5 files but there is

only one file showing. Don't understand what is happening there.

Have not done anything other than the dds to get the logs and was directed to repost here.

Here are the dds logs again,

dds.text
________________________________________________________________________________

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 18:10:46 on 2011-11-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.540 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F53} - c:\program files\siber systems\ai roboform\RoboFormComResetFields.html
IE: {60AFE1CD-9BA1-47AC-929C-484FBA08DF62}
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {C7112EF1-D5B6-421D-8F58-8FA63AB144F8}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: mcafee.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290557960921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1320852100156
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6529/mcfscan.cab
TCP: DhcpNameServer = 24.56.133.69 24.54.164.30
TCP: Interfaces\{9A981656-FD46-4F7B-A894-B49C886A845F} : DhcpNameServer = 24.56.133.69 24.54.164.30
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-26 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-26 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-6-4 532224]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-26 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-26 44768]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-26 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-26 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-23 20:53:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\tjnet
2011-11-23 01:24:54 -------- d-----w- c:\documents and settings\owner\local settings\application data\magicJack
2011-11-23 01:23:01 -------- d-----w- c:\documents and settings\owner\application data\mjusbsp
2011-11-19 21:03:45 3584 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2011-11-19 21:03:45 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-11-19 20:44:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\eSupport.com
2011-11-19 20:21:58 -------- d-----w- c:\program files\MSECACHE
2011-11-18 01:09:10 -------- d-----w- c:\documents and settings\owner\local settings\application data\Help
2011-11-17 18:48:05 -------- d-----w- c:\documents and settings\owner\application data\Pegasus Mail
2011-11-17 18:45:47 -------- d-----w- C:\PMAIL
2011-11-15 16:54:41 -------- d-----w- c:\program files\MSXML 4.0
2011-11-15 03:00:41 82432 ----a-r- c:\windows\system32\MSXML4r.dll
2011-11-15 03:00:41 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2011-11-15 03:00:41 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2011-11-15 03:00:41 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2011-11-15 03:00:41 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2011-11-15 03:00:26 -------- d-----w- c:\program files\Overland
2011-11-15 00:07:33 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2011-11-15 00:07:33 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2011-11-15 00:07:33 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2011-11-15 00:07:33 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2011-11-15 00:07:33 266296 ----a-r- c:\windows\system32\HPZidr12.dll
2011-11-15 00:07:33 196608 ----a-r- c:\windows\system32\HPZipr12.dll
2011-11-15 00:07:33 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-11-14 23:50:11 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-11-14 23:50:11 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-11-14 23:49:34 77824 ----a-r- c:\windows\system32\hpovst08.dll
2011-11-14 23:49:34 262144 ----a-r- c:\windows\system32\HPZc3212.dll
2011-11-14 23:49:33 565248 ----a-r- c:\windows\system32\hpotscl.dll
2011-11-14 23:49:33 274432 ----a-r- c:\windows\system32\hpgwiamd.dll
2011-11-14 21:06:01 212240 ----a-w- c:\windows\system32\Richtx32.ocx
2011-11-14 21:06:01 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2011-11-14 21:06:01 -------- d-----w- c:\windows\McAfee.com
2011-11-13 15:44:32 -------- d-----w- c:\documents and settings\owner\local settings\application data\Opera
2011-11-12 17:32:48 -------- d-----w- c:\program files\ESET
2011-11-11 15:30:50 -------- d-----w- c:\documents and settings\owner\local settings\application data\IsolatedStorage
2011-11-11 14:54:51 -------- d-----w- c:\documents and settings\owner\application data\ieSpell
2011-11-10 21:29:32 -------- d-----w- c:\program files\ieSpell
2011-11-10 15:41:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\ApplicationHistory
2011-11-09 17:37:29 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-09 17:37:29 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-11-09 16:47:42 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2011-11-09 15:36:45 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-09 15:33:30 -------- d-----w- c:\windows\system32\URTTEMP
2011-11-08 14:59:56 -------- d-----w- c:\documents and settings\all users\application data\GoodSync
2011-11-08 14:59:55 -------- d-----w- c:\documents and settings\owner\application data\GoodSync
2011-11-08 14:28:02 -------- d-----w- c:\program files\Siber Systems
.
==================== Find3M ====================
.
2011-11-14 22:49:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-19 20:50:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-10-18 02:05:30 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:12:33.43 ===============


Have zipped and attached the Attach Log.

Attached File  attach.zip   3.55KB   0 downloads

Was told not to change or download any new programs so even though my AV and ZoneAlarm is nagging me to update the program, I have not done so yet.

Also attaching a Speccy's Operating System Snapshot

Attached File  Operating Snapshot.zip   11.37KB   2 downloads

I do not have original OS discs.

Hope I've included everything needed.

cassiereroni

Edited by cassiereroni, 29 November 2011 - 07:49 PM.

 


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:09 AM

Posted 29 November 2011 - 08:53 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run TDSSKiller first

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:08:09 PM

Posted 29 November 2011 - 09:45 PM

Thank you Mole. The requested information can be found below. It did not tell me to reboot so I didn't.

20:40:25.0890 0436 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:40:27.0656 0436 ============================================================
20:40:27.0656 0436 Current date / time: 2011/11/29 20:40:27.0656
20:40:27.0656 0436 SystemInfo:
20:40:27.0656 0436
20:40:27.0656 0436 OS Version: 5.1.2600 ServicePack: 3.0
20:40:27.0656 0436 Product type: Workstation
20:40:27.0656 0436 ComputerName: CHARLIE-6831ACB
20:40:27.0656 0436 UserName: Owner
20:40:27.0656 0436 Windows directory: C:\WINDOWS
20:40:27.0656 0436 System windows directory: C:\WINDOWS
20:40:27.0656 0436 Processor architecture: Intel x86
20:40:27.0656 0436 Number of processors: 1
20:40:27.0656 0436 Page size: 0x1000
20:40:27.0656 0436 Boot type: Normal boot
20:40:27.0656 0436 ============================================================
20:40:29.0421 0436 Initialize success
20:40:53.0734 3612 ============================================================
20:40:53.0734 3612 Scan started
20:40:53.0734 3612 Mode: Manual;
20:40:53.0734 3612 ============================================================
20:40:54.0796 3612 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:40:54.0796 3612 Aavmker4 - ok
20:40:54.0968 3612 Abiosdsk - ok
20:40:55.0125 3612 abp480n5 - ok
20:40:55.0359 3612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:40:55.0375 3612 ACPI - ok
20:40:55.0640 3612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:40:55.0687 3612 ACPIEC - ok
20:40:55.0921 3612 adpu160m - ok
20:40:56.0109 3612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:40:56.0109 3612 aec - ok
20:40:56.0343 3612 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:40:56.0343 3612 AFD - ok
20:40:56.0515 3612 Aha154x - ok
20:40:56.0640 3612 aic78u2 - ok
20:40:56.0781 3612 aic78xx - ok
20:40:57.0171 3612 ALCXWDM (2c6322e8ff56f624033e7642c49044f3) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:40:57.0328 3612 ALCXWDM - ok
20:40:57.0562 3612 AliIde - ok
20:40:57.0718 3612 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:40:57.0765 3612 AmdK7 - ok
20:40:57.0937 3612 amsint - ok
20:40:58.0093 3612 asc - ok
20:40:58.0265 3612 asc3350p - ok
20:40:58.0421 3612 asc3550 - ok
20:40:58.0640 3612 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:40:58.0656 3612 aswFsBlk - ok
20:40:58.0875 3612 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
20:40:58.0875 3612 aswMon2 - ok
20:40:59.0046 3612 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
20:40:59.0046 3612 aswRdr - ok
20:40:59.0296 3612 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
20:40:59.0328 3612 aswSnx - ok
20:40:59.0515 3612 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
20:40:59.0531 3612 aswSP - ok
20:40:59.0687 3612 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
20:40:59.0687 3612 aswTdi - ok
20:40:59.0875 3612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:40:59.0890 3612 AsyncMac - ok
20:41:00.0078 3612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:41:00.0078 3612 atapi - ok
20:41:00.0203 3612 Atdisk - ok
20:41:00.0375 3612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:41:00.0375 3612 Atmarpc - ok
20:41:00.0593 3612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:41:00.0593 3612 audstub - ok
20:41:00.0828 3612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:41:00.0859 3612 Beep - ok
20:41:01.0078 3612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:41:01.0078 3612 cbidf2k - ok
20:41:01.0234 3612 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:41:01.0234 3612 CCDECODE - ok
20:41:01.0406 3612 cd20xrnt - ok
20:41:01.0640 3612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:41:01.0718 3612 Cdaudio - ok
20:41:01.0953 3612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:41:01.0953 3612 Cdfs - ok
20:41:02.0171 3612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:41:02.0187 3612 Cdrom - ok
20:41:02.0312 3612 Changer - ok
20:41:02.0515 3612 CmdIde - ok
20:41:02.0734 3612 Cpqarray - ok
20:41:02.0890 3612 dac2w2k - ok
20:41:03.0031 3612 dac960nt - ok
20:41:03.0250 3612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:41:03.0265 3612 Disk - ok
20:41:03.0484 3612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:41:03.0515 3612 dmboot - ok
20:41:03.0687 3612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:41:03.0703 3612 dmio - ok
20:41:03.0859 3612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:41:03.0859 3612 dmload - ok
20:41:04.0046 3612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:41:04.0046 3612 DMusic - ok
20:41:04.0218 3612 dpti2o - ok
20:41:04.0453 3612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:41:04.0453 3612 drmkaud - ok
20:41:04.0734 3612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:41:04.0734 3612 Fastfat - ok
20:41:04.0921 3612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:41:04.0937 3612 Fdc - ok
20:41:05.0109 3612 FET5X86V (ef88fbdbb2c2ab084dcae4388921c898) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
20:41:05.0109 3612 FET5X86V - ok
20:41:05.0171 3612 FETND5BV (ef88fbdbb2c2ab084dcae4388921c898) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
20:41:05.0171 3612 FETND5BV - ok
20:41:05.0359 3612 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:41:05.0359 3612 FETNDIS - ok
20:41:05.0562 3612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:41:05.0562 3612 Fips - ok
20:41:05.0750 3612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:41:05.0750 3612 Flpydisk - ok
20:41:05.0921 3612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:41:05.0921 3612 FltMgr - ok
20:41:06.0125 3612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:41:06.0125 3612 Fs_Rec - ok
20:41:06.0312 3612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:41:06.0328 3612 Ftdisk - ok
20:41:06.0546 3612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:41:06.0546 3612 Gpc - ok
20:41:06.0843 3612 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:41:06.0890 3612 hidusb - ok
20:41:07.0015 3612 hpn - ok
20:41:07.0187 3612 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:41:07.0218 3612 HPZid412 - ok
20:41:07.0375 3612 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:41:07.0375 3612 HPZipr12 - ok
20:41:07.0531 3612 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:41:07.0562 3612 HPZius12 - ok
20:41:07.0734 3612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:41:07.0765 3612 HTTP - ok
20:41:07.0937 3612 i2omgmt - ok
20:41:08.0046 3612 i2omp - ok
20:41:08.0296 3612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:41:08.0296 3612 i8042prt - ok
20:41:08.0546 3612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:41:08.0546 3612 Imapi - ok
20:41:08.0765 3612 ini910u - ok
20:41:08.0921 3612 IntelIde - ok
20:41:09.0093 3612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:41:09.0109 3612 Ip6Fw - ok
20:41:09.0312 3612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:41:09.0359 3612 IpFilterDriver - ok
20:41:09.0515 3612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:41:09.0515 3612 IpInIp - ok
20:41:09.0687 3612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:41:09.0687 3612 IpNat - ok
20:41:09.0890 3612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:41:09.0890 3612 IPSec - ok
20:41:10.0109 3612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:41:10.0125 3612 IRENUM - ok
20:41:10.0359 3612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:41:10.0375 3612 isapnp - ok
20:41:10.0609 3612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:41:10.0609 3612 Kbdclass - ok
20:41:10.0843 3612 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:41:10.0859 3612 kbdhid - ok
20:41:11.0078 3612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:41:11.0093 3612 kmixer - ok
20:41:11.0265 3612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:41:11.0281 3612 KSecDD - ok
20:41:11.0484 3612 lbrtfdc - ok
20:41:11.0765 3612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:41:11.0812 3612 mnmdd - ok
20:41:12.0000 3612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:41:12.0015 3612 Modem - ok
20:41:12.0203 3612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:41:12.0203 3612 Mouclass - ok
20:41:12.0375 3612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:41:12.0390 3612 mouhid - ok
20:41:12.0546 3612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:41:12.0546 3612 MountMgr - ok
20:41:12.0687 3612 mraid35x - ok
20:41:12.0875 3612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:41:12.0890 3612 MRxDAV - ok
20:41:13.0125 3612 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:41:13.0156 3612 MRxSmb - ok
20:41:13.0406 3612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:41:13.0406 3612 Msfs - ok
20:41:13.0609 3612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:41:13.0609 3612 MSKSSRV - ok
20:41:13.0765 3612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:41:13.0781 3612 MSPCLOCK - ok
20:41:13.0968 3612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:41:13.0968 3612 MSPQM - ok
20:41:14.0156 3612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:41:14.0156 3612 mssmbios - ok
20:41:14.0359 3612 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:41:14.0390 3612 MSTEE - ok
20:41:14.0609 3612 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:41:14.0625 3612 Mup - ok
20:41:14.0843 3612 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:41:14.0875 3612 NABTSFEC - ok
20:41:15.0125 3612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:41:15.0125 3612 NDIS - ok
20:41:15.0281 3612 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:41:15.0281 3612 NdisIP - ok
20:41:15.0453 3612 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:41:15.0484 3612 NdisTapi - ok
20:41:15.0671 3612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:41:15.0671 3612 Ndisuio - ok
20:41:15.0859 3612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:41:15.0859 3612 NdisWan - ok
20:41:16.0046 3612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:41:16.0046 3612 NDProxy - ok
20:41:16.0218 3612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:41:16.0218 3612 NetBIOS - ok
20:41:16.0453 3612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:41:16.0468 3612 NetBT - ok
20:41:16.0750 3612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:41:16.0750 3612 Npfs - ok
20:41:17.0000 3612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:41:17.0031 3612 Ntfs - ok
20:41:17.0390 3612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:41:17.0390 3612 Null - ok
20:41:17.0640 3612 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:41:17.0718 3612 nv - ok
20:41:17.0953 3612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:41:17.0968 3612 NwlnkFlt - ok
20:41:18.0171 3612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:41:18.0171 3612 NwlnkFwd - ok
20:41:18.0312 3612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:41:18.0328 3612 Parport - ok
20:41:18.0500 3612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:41:18.0531 3612 PartMgr - ok
20:41:18.0750 3612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:41:18.0750 3612 ParVdm - ok
20:41:18.0937 3612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:41:18.0937 3612 PCI - ok
20:41:19.0125 3612 PCIDump - ok
20:41:19.0281 3612 PCIIde - ok
20:41:19.0484 3612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:41:19.0500 3612 Pcmcia - ok
20:41:19.0718 3612 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
20:41:19.0781 3612 pcouffin - ok
20:41:19.0906 3612 PDCOMP - ok
20:41:20.0078 3612 PDFRAME - ok
20:41:20.0234 3612 PDRELI - ok
20:41:20.0359 3612 PDRFRAME - ok
20:41:20.0500 3612 perc2 - ok
20:41:20.0625 3612 perc2hib - ok
20:41:20.0906 3612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:41:20.0921 3612 PptpMiniport - ok
20:41:21.0109 3612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:41:21.0156 3612 PSched - ok
20:41:21.0312 3612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:41:21.0359 3612 Ptilink - ok
20:41:21.0500 3612 ql1080 - ok
20:41:21.0625 3612 Ql10wnt - ok
20:41:21.0750 3612 ql12160 - ok
20:41:21.0843 3612 ql1240 - ok
20:41:21.0968 3612 ql1280 - ok
20:41:22.0125 3612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:41:22.0125 3612 RasAcd - ok
20:41:22.0312 3612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:41:22.0312 3612 Rasl2tp - ok
20:41:22.0546 3612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:41:22.0546 3612 RasPppoe - ok
20:41:22.0718 3612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:41:22.0718 3612 Raspti - ok
20:41:22.0906 3612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:41:22.0906 3612 Rdbss - ok
20:41:23.0125 3612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:41:23.0125 3612 RDPCDD - ok
20:41:23.0390 3612 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:41:23.0406 3612 RDPWD - ok
20:41:23.0593 3612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:41:23.0656 3612 redbook - ok
20:41:23.0859 3612 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:41:23.0875 3612 SASDIFSV - ok
20:41:24.0031 3612 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:41:24.0031 3612 SASKUTIL - ok
20:41:24.0250 3612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:41:24.0281 3612 Secdrv - ok
20:41:24.0484 3612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:41:24.0484 3612 serenum - ok
20:41:24.0703 3612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:41:24.0703 3612 Serial - ok
20:41:24.0968 3612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:41:24.0968 3612 Sfloppy - ok
20:41:25.0171 3612 Simbad - ok
20:41:25.0359 3612 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:41:25.0390 3612 SLIP - ok
20:41:25.0546 3612 Sparrow - ok
20:41:25.0703 3612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:41:25.0718 3612 splitter - ok
20:41:25.0953 3612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:41:25.0968 3612 sr - ok
20:41:26.0171 3612 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:41:26.0187 3612 Srv - ok
20:41:26.0406 3612 StarOpen - ok
20:41:26.0578 3612 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:41:26.0578 3612 streamip - ok
20:41:26.0750 3612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:41:26.0750 3612 swenum - ok
20:41:26.0984 3612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:41:27.0031 3612 swmidi - ok
20:41:27.0265 3612 symc810 - ok
20:41:27.0406 3612 symc8xx - ok
20:41:27.0500 3612 sym_hi - ok
20:41:27.0625 3612 sym_u3 - ok
20:41:27.0796 3612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:41:27.0796 3612 sysaudio - ok
20:41:28.0078 3612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:41:28.0109 3612 Tcpip - ok
20:41:28.0265 3612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:41:28.0296 3612 TDPIPE - ok
20:41:28.0468 3612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:41:28.0468 3612 TDTCP - ok
20:41:28.0703 3612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:41:28.0718 3612 TermDD - ok
20:41:28.0859 3612 TosIde - ok
20:41:29.0109 3612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:41:29.0109 3612 Udfs - ok
20:41:29.0265 3612 ultra - ok
20:41:29.0484 3612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:41:29.0562 3612 Update - ok
20:41:29.0781 3612 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:41:29.0781 3612 usbaudio - ok
20:41:29.0968 3612 usbbus - ok
20:41:30.0140 3612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:41:30.0140 3612 usbccgp - ok
20:41:30.0328 3612 UsbDiag - ok
20:41:30.0531 3612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:41:30.0593 3612 usbehci - ok
20:41:30.0812 3612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:41:30.0859 3612 usbhub - ok
20:41:31.0031 3612 USBModem - ok
20:41:31.0234 3612 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:41:31.0234 3612 usbprint - ok
20:41:31.0390 3612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:41:31.0406 3612 usbscan - ok
20:41:31.0625 3612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:41:31.0625 3612 USBSTOR - ok
20:41:31.0796 3612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:41:31.0796 3612 usbuhci - ok
20:41:32.0000 3612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:41:32.0015 3612 VgaSave - ok
20:41:32.0250 3612 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:41:32.0250 3612 viaagp - ok
20:41:32.0421 3612 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:41:32.0421 3612 ViaIde - ok
20:41:32.0578 3612 videX32 (c147afa614b9925479d47cd173329789) C:\WINDOWS\system32\DRIVERS\videX32.sys
20:41:32.0593 3612 videX32 - ok
20:41:32.0765 3612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:41:32.0765 3612 VolSnap - ok
20:41:32.0921 3612 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
20:41:32.0953 3612 vsdatant - ok
20:41:33.0140 3612 vulfnths (c0f55cc0903cfdc819f6d857402b697c) C:\WINDOWS\System32\Drivers\vulfnth.sys
20:41:33.0187 3612 vulfnths - ok
20:41:33.0375 3612 vulfntrs (545d98a7f61af1c7c4ad38b8f333e0b7) C:\WINDOWS\System32\Drivers\vulfntr.sys
20:41:33.0406 3612 vulfntrs - ok
20:41:33.0593 3612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:41:33.0609 3612 Wanarp - ok
20:41:33.0734 3612 WDICA - ok
20:41:33.0937 3612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:41:33.0937 3612 wdmaud - ok
20:41:34.0390 3612 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:41:34.0390 3612 WSTCODEC - ok
20:41:34.0593 3612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:41:34.0625 3612 WudfPf - ok
20:41:34.0859 3612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:41:34.0859 3612 WudfRd - ok
20:41:35.0015 3612 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:41:35.0187 3612 \Device\Harddisk0\DR0 - ok
20:41:35.0234 3612 Boot (0x1200) (432fdef015ce613b019ca1a21ab21a87) \Device\Harddisk0\DR0\Partition0
20:41:35.0234 3612 \Device\Harddisk0\DR0\Partition0 - ok
20:41:35.0234 3612 ============================================================
20:41:35.0234 3612 Scan finished
20:41:35.0234 3612 ============================================================
20:41:35.0296 1540 Detected object count: 0
20:41:35.0296 1540 Actual detected object count: 0
20:42:34.0640 0812 Deinitialize success


cassiereroni

 


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:09 AM

Posted 30 November 2011 - 05:14 PM

Okay, no TDSS. Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:08:09 PM

Posted 01 December 2011 - 02:40 PM

Combofix log:

ComboFix 11-12-01.03 - Owner 12/01/2011 13:10:53.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.609 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\usmt\migwiz_a.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-11-23 20:53 . 2011-11-23 20:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\tjnet
2011-11-23 01:24 . 2011-11-23 01:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\magicJack
2011-11-23 01:23 . 2011-11-30 02:48 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2011-11-19 21:03 . 2011-11-19 21:03 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-11-19 21:03 . 2011-11-19 21:03 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-11-19 20:44 . 2011-11-19 20:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\eSupport.com
2011-11-19 20:21 . 2011-11-19 21:01 -------- d-----w- c:\program files\MSECACHE
2011-11-18 01:09 . 2011-11-18 01:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Help
2011-11-17 18:48 . 2011-11-17 18:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Pegasus Mail
2011-11-17 18:45 . 2011-11-18 01:09 -------- d-----w- C:\PMAIL
2011-11-15 16:54 . 2011-11-15 16:54 -------- d-----w- c:\program files\MSXML 4.0
2011-11-15 03:00 . 2004-05-11 16:53 82432 ----a-r- c:\windows\system32\MSXML4r.dll
2011-11-15 03:00 . 2004-05-11 16:53 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2011-11-15 03:00 . 2004-05-11 16:53 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2011-11-15 03:00 . 2004-05-11 16:53 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2011-11-15 03:00 . 2004-05-11 16:53 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2011-11-15 03:00 . 2011-11-15 03:00 -------- d-----w- c:\program files\Overland
2011-11-15 00:07 . 2003-08-11 08:07 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2011-11-15 00:07 . 2003-08-11 08:07 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2011-11-15 00:07 . 2003-08-11 08:07 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2011-11-15 00:07 . 2003-08-11 08:07 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2011-11-15 00:07 . 2003-08-11 08:07 266296 ----a-r- c:\windows\system32\HPZidr12.dll
2011-11-15 00:07 . 2003-08-11 08:07 196608 ----a-r- c:\windows\system32\HPZipr12.dll
2011-11-15 00:07 . 2003-08-11 08:07 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-11-14 23:50 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-11-14 23:50 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-11-14 23:49 . 2003-08-11 08:07 77824 ----a-r- c:\windows\system32\hpovst08.dll
2011-11-14 23:49 . 2003-08-11 08:07 262144 ----a-r- c:\windows\system32\HPZc3212.dll
2011-11-14 23:49 . 2003-08-11 08:07 565248 ----a-r- c:\windows\system32\hpotscl.dll
2011-11-14 23:49 . 2003-08-11 08:07 274432 ----a-r- c:\windows\system32\hpgwiamd.dll
2011-11-14 21:06 . 2011-11-14 21:06 -------- d-----w- c:\windows\McAfee.com
2011-11-14 21:06 . 2008-06-02 16:38 212240 ----a-w- c:\windows\system32\Richtx32.ocx
2011-11-14 21:06 . 2008-06-02 16:38 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2011-11-13 15:44 . 2011-11-14 19:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Opera
2011-11-12 17:32 . 2011-11-12 17:32 -------- d-----w- c:\program files\ESET
2011-11-11 15:30 . 2011-11-11 15:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\IsolatedStorage
2011-11-11 14:54 . 2011-11-11 14:54 -------- d-----w- c:\documents and settings\Owner\Application Data\ieSpell
2011-11-10 21:29 . 2011-11-10 21:29 -------- d-----w- c:\program files\ieSpell
2011-11-10 15:41 . 2011-11-11 15:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2011-11-09 17:37 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-09 16:47 . 2011-11-09 17:05 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2011-11-09 15:37 . 2011-11-09 15:37 -------- d-----w- c:\program files\Microsoft Silverlight
2011-11-09 15:36 . 2011-11-09 15:47 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-09 15:33 . 2011-11-09 15:33 -------- d-----w- c:\windows\system32\URTTEMP
2011-11-08 14:59 . 2011-11-08 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\GoodSync
2011-11-08 14:59 . 2011-12-01 16:29 -------- d-----w- c:\documents and settings\Owner\Application Data\GoodSync
2011-11-08 14:29 . 2011-11-08 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2011-11-08 14:28 . 2011-11-08 14:59 -------- d-----w- c:\program files\Siber Systems
2011-11-07 16:55 . 2011-11-07 16:55 -------- d-----w- c:\documents and settings\Owner\Application Data\ImgBurn
2011-11-07 16:50 . 2011-11-07 16:50 -------- d-----w- c:\program files\ImgBurn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 22:49 . 2011-10-29 22:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-19 20:50 . 2011-10-19 20:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-10-18 02:05 . 2011-06-13 08:42 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-10-10 14:22 . 2010-11-24 11:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 20:45 . 2011-10-27 00:26 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-10-27 00:26 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-10-27 00:27 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-10-27 00:27 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-10-27 00:27 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-10-27 00:27 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-10-27 00:26 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-10-27 00:26 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-10-27 00:27 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-10-27 00:26 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-08 160328]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-08-11 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-10-17 17:18 4615552 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"SoundMan"=SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"21541:TCP"= 21541:TCP:BitComet 21541 TCP
"21541:UDP"= 21541:UDP:BitComet 21541 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/26/2011 6:27 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/26/2011 6:27 PM 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/26/2011 6:27 PM 20568]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/29/2010 1:40 AM 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2011 6:27 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2011 6:27 PM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 80492229
*NewlyCreated* - CPUZ135
*Deregistered* - 80492229
*Deregistered* - cpuz135
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-10-27 17:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: {{60AFE1CD-9BA1-47AC-929C-484FBA08DF62}
IE: {{C7112EF1-D5B6-421D-8F58-8FA63AB144F8}
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 24.56.133.69 24.54.164.30
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-01 13:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-879983540-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-12-01 13:29:21
ComboFix-quarantined-files.txt 2011-12-01 19:29
.
Pre-Run: 92,407,468,032 bytes free
Post-Run: 92,679,155,712 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 2CDCD2E56F9D1DD6F8C4161C33F57895

 


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:09 AM

Posted 01 December 2011 - 07:45 PM

So far, so good.

Please run the ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#9 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:08:09 PM

Posted 01 December 2011 - 11:23 PM

Ok, I already ran this scan on advise from previous forum that sent me to this forum for further help. But will run it again in a little bit. I know from past experience that it will take about a couple of hours to run. Should I also shut my antivirus and firewall off while running this scan?

If I don't hear back before I start the scan I will go ahead and shut them down so eset isn't affected by them.

Thanks,

cassiereroni

 


#10 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:08:09 PM

Posted 02 December 2011 - 09:23 AM

Alllllrighty then. :)

Here is the log from ESet:

C:\System Volume Information\_restore{E00CD986-C1EA-4BD0-85D2-D4733EC7F2FE}\RP203\A0032026.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E00CD986-C1EA-4BD0-85D2-D4733EC7F2FE}\RP203\A0032027.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E00CD986-C1EA-4BD0-85D2-D4733EC7F2FE}\RP203\A0032028.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E00CD986-C1EA-4BD0-85D2-D4733EC7F2FE}\RP203\A0032029.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E00CD986-C1EA-4BD0-85D2-D4733EC7F2FE}\RP205\A0032076.exe a variant of Win32/Adware.RegGenie application cleaned by deleting - quarantined


I was surfing the web last night when I went to a real estate site that all of a sudden told me I was infected and started "scanning for viruses" before I could get the window shut down. I think these are a result of that experience. But possibly not. :)

Anyway, I'm leaving ESet open until I hear whether or not to delete quarantined files or do something else before closing.

Will leave this page open as well so hopefully, I'll hear when there is an answer.

Thanks,

cassiereroni



 


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:09 AM

Posted 02 December 2011 - 06:09 PM

No need to delete the quarantine folder, just close it. :)

There's certainly no suggestion of anything too nasty. Please run Superantispyware

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#12 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:08:09 PM

Posted 03 December 2011 - 06:06 PM

Here is the SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/03/2011 at 03:22 PM

Application Version : 5.0.1136

Core Rules Database Version : 8012
Trace Rules Database Version: 5824

Scan type : Complete Scan
Total Scan Time : 00:59:29

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 462
Memory threats detected : 0
Registry items scanned : 35396
Registry threats detected : 0
File items scanned : 30075
File threats detected : 270

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\PC8JYFJ8.txt [ /pro-market.net ]
C:\Documents and Settings\Owner\Cookies\DT090KKA.txt [ /ar.atwola.com ]
C:\Documents and Settings\Owner\Cookies\ACWGLNLP.txt [ /millercountymissouri.org ]
C:\Documents and Settings\Owner\Cookies\2T0XQR64.txt [ /r1-ads.ace.advertising.com ]
C:\Documents and Settings\Owner\Cookies\PHRUD15B.txt [ /advertising.com ]
C:\Documents and Settings\Owner\Cookies\J53QCNJR.txt [ /imrworldwide.com ]
C:\Documents and Settings\Owner\Cookies\RX8OW6XX.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\JATF8EOJ.txt [ /in.getclicky.com ]
C:\Documents and Settings\Owner\Cookies\GHO7E0JG.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Owner\Cookies\9CWH6Z9V.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\Owner\Cookies\NSHZ258J.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Owner\Cookies\F3TFO31T.txt [ /ad.wsod.com ]
C:\Documents and Settings\Owner\Cookies\DS61I1XZ.txt [ /kontera.com ]
C:\Documents and Settings\Owner\Cookies\TLOIEI2Y.txt [ /ads.undertone.com ]
C:\Documents and Settings\Owner\Cookies\82QRSPEY.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\BCQJVZZM.txt [ /questionmarket.com ]
C:\Documents and Settings\Owner\Cookies\5HOYLQAG.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\Z81GW6AC.txt [ /adxpose.com ]
C:\Documents and Settings\Owner\Cookies\JQ6LG1IN.txt [ /beta-ads.ace.advertising.com ]
C:\Documents and Settings\Owner\Cookies\G0M0CP44.txt [ /media6degrees.com ]
C:\Documents and Settings\Owner\Cookies\CR0CSLGS.txt [ /www.shomemoreclicks.com ]
C:\Documents and Settings\Owner\Cookies\4JIGWPAR.txt [ /media2.legacy.com ]
C:\Documents and Settings\Owner\Cookies\5CQE7TO3.txt [ /realmedia.com ]
C:\Documents and Settings\Owner\Cookies\T8IBZN4D.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\D05TK9S2.txt [ /tribalfusion.com ]
C:\Documents and Settings\Owner\Cookies\0UDJXK3S.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\TRLEXORA.txt [ /2o7.net ]
C:\Documents and Settings\Owner\Cookies\Z0291CWA.txt [ /clickbooth.com ]
C:\Documents and Settings\Owner\Cookies\O1Y9CJUA.txt [ /zedo.com ]
C:\Documents and Settings\Owner\Cookies\91XTP4PC.txt [ /lucidmedia.com ]
C:\Documents and Settings\Owner\Cookies\Q0F0F4SE.txt [ /akamai.interclickproxy.com ]
C:\Documents and Settings\Owner\Cookies\Y49W826B.txt [ /apmebf.com ]
C:\Documents and Settings\Owner\Cookies\MWDUXQUW.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\YHHH75FF.txt [ /fastclick.net ]
C:\Documents and Settings\Owner\Cookies\E1M65ZBT.txt [ /interclick.com ]
C:\Documents and Settings\Owner\Cookies\GXX1YPOX.txt [ /a1.interclick.com ]
C:\Documents and Settings\Owner\Cookies\SUXGWH0O.txt [ /richmedia.yahoo.com ]
C:\Documents and Settings\Owner\Cookies\805RJXMK.txt [ /eset.122.2o7.net ]
C:\Documents and Settings\Owner\Cookies\B4C101RR.txt [ /at.atwola.com ]
C:\Documents and Settings\Owner\Cookies\3GEEEDAZ.txt [ /revsci.net ]
C:\Documents and Settings\Owner\Cookies\VC7WXLKQ.txt [ /yieldmanager.net ]
C:\Documents and Settings\Owner\Cookies\50H0ETX5.txt [ /atdmt.com ]
C:\Documents and Settings\Owner\Cookies\K0VY790P.txt [ /collective-media.net ]
C:\Documents and Settings\Owner\Cookies\91G50OVN.txt [ /pointroll.com ]
C:\Documents and Settings\Owner\Cookies\CY75ERT0.txt [ /rotator.adjuggler.com ]
C:\Documents and Settings\Owner\Cookies\CYCMYH0I.txt [ /insightexpressai.com ]
C:\Documents and Settings\Owner\Cookies\5DS3D1AW.txt [ /adbrite.com ]
C:\Documents and Settings\Owner\Cookies\ZKM5XX6W.txt [ /media.adfrontiers.com ]
C:\Documents and Settings\Owner\Cookies\YIK3CNXM.txt [ /adinterax.com ]
C:\Documents and Settings\Owner\Cookies\OSBBMNVO.txt [ /usnews.122.2o7.net ]
C:\Documents and Settings\Owner\Cookies\ADGNBNIH.txt [ /burstnet.com ]
C:\Documents and Settings\Owner\Cookies\ZJTLRW92.txt [ /trafficmp.com ]
C:\Documents and Settings\Owner\Cookies\XV6Q0HPU.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Owner\Cookies\0D8KQMPX.txt [ /casalemedia.com ]
C:\Documents and Settings\Owner\Cookies\0QTAC25M.txt [ /mediaplex.com ]
C:\Documents and Settings\Owner\Cookies\0ON0FQQH.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\VMDXBWIY.txt [ /www.burstnet.com ]
C:\Documents and Settings\Owner\Cookies\53KQGKET.txt [ /ru4.com ]
C:\Documents and Settings\Owner\Cookies\15U4Y0O7.txt [ /atwola.com ]
C:\Documents and Settings\Owner\Cookies\SLHNY13C.txt [ /counter.hitslink.com ]
C:\Documents and Settings\Owner\Cookies\G1XSP86X.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Owner\Cookies\E18GQ8TF.txt [ /homestore.122.2o7.net ]
C:\Documents and Settings\Owner\Cookies\IM3HNWR8.txt [ /doubleclick.net ]
C:\Documents and Settings\Owner\Cookies\X5Q5RWZC.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Owner\Cookies\NL6YKZEV.txt [ /serving-sys.com ]
C:\Documents and Settings\Owner\Cookies\5YXE4X2O.txt [ /invitemedia.com ]
C:\Documents and Settings\Owner\Cookies\BZ2V56Y8.txt [ /paypal.112.2o7.net ]
C:\Documents and Settings\Owner\Cookies\SK313QO8.txt [ /ads.bleepingcomputer.com ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\QA7OYRLA.txt [ Cookie:owner@adsonar.com/adserving ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bouyguestelecom.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bouyguestelecom.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bouyguestelecom.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bouyguestelecom.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bouyguestelecom.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
gotacha.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
gotacha.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaforge.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tns-counter.ru [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
advertures.directtrack.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.toplist.cz [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adult.dyndns.info [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adult.dyndns.info [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adultadincome.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.indieclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
d.mediaforge.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
optimize.indieclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.media970.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.media970.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


cassiereroni



 


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:09 AM

Posted 03 December 2011 - 06:08 PM

It's tempting to say your machine is clean. Are you experiencing any problems at the moment?
Posted Image
m0le is a proud member of UNITE

#14 cassiereroni

cassiereroni
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri by way of New York
  • Local time:08:09 PM

Posted 03 December 2011 - 09:23 PM

Wow, well, whatever I did over this time doing scan runs and posting logs seems to have fixed the issue I was having with the trash. At least now when I empty the trash it's not telling me that there are 5 files there when I only see one. And it's not telling me I can't delete some of the files (ones that I couldn't even see that were supposedly in there).

The only problem I seem to be having now is with IE loading pages. It takes forever, IE seems to stall for a very long time then starts back up and I can't get the mouse to move either. And sometimes it refuses to load the entire page. I'll get like the beginning of the page, such as the heading but the rest of the page is completely blank. An example is when I was reading some headlines on Yahoo and clicked on a link for a story about Penny Hoarders. I got the headline ok but the story itself will not load, the page is plenty long enough. Got plenty of ads and at the bottom there were links for other stories but the area where the words for the story I wanted to read was completely empty.

Also when I click on the upgrade to buy the Pro version of SuperAntiSpyware it will not load that page at all.

Other than that I don't think I've noticed a problem in the past couple of days.

cassiereroni

 


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:09 AM

Posted 04 December 2011 - 05:52 PM

Let's make sure that IE8 is not causing the issues first.

Close Internet Explorer. Go to start > Control Panel > internet options.
  • Under General tab press Delete... then make sure all the sections are checked and click Delete.
  • Under Advanced tab click Restore advanced settings
  • Make sure under Security tab the Default is selected.
  • Also under Privacy tab the Default is selected.
  • Under privacy click on sites then on Remove All and confirm.

There are some useful troubleshooting tips here

If that doesn't help and the other steps aren't providing the answer then you can reset IE8.

The factory reset guide here
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users