Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan gone but files still encrypted


  • Please log in to reply
9 replies to this topic

#1 exguru

exguru

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 06 February 2013 - 06:40 AM

Good Morning to you and I hope you can help me with this problem.

I am running a Dell Dimension E521 PC (AMD Dual Core) with Windows XP Professional.

On 11th January I picked up a ransomware virus. Screen with "Metropolitan Police UK" "Ecrime Unit" "Home Office" etc - so many badges I knew straightaway that it wasn't genuine! I rebooted the computer several times and finally was able to access the desktop and run Malwarebytes which I already had installed. This found >>>>>


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.31.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alan Townsend :: D1GRDP2J [administrator]

11/01/2013 15:28:36
mbam-log-2013-01-11 (15-28-36).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353904
Time elapsed: 1 hour(s), 47 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 1 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\VLC Player\VLC_Setup.exe (Adware.IBryte) -> Quarantined and deleted successfully.

(end)

However I found that, as threatened by the ransom screen, all the files of all types in my user name "My Documents" (but not in other user names)although they appeared the same as before (no name change)could not be accessed at all whatever program I tried to open them. For example if I used Irfanview to open a photo it said
"Cant read file header!""Unknown file format" and there were similar results with other programs.

I thought of restoring my PC to an earlier date check-point but found that all earlier dates had been deleted.

I researched on Google and thought I had found the solution in Kaspersky Rannoh Decrypter which cleverly uses a comparison of one encrypted file with the same original file (if you are fortunate to have one, which I have - in fact I have lots because I backed-up previous years photos prior to 2012 on an external hard drive) to crack the code.

However on running this decrypter it wouldn't work because "Encrypted file size does not equal to original". I found that this was true - (example) --
Encrypted file 3013982 bytes (and "Modified 11.1.13)"
Original file 3012938 bytes.

Since discovering your site I have run Emsisoft Emergency Kit which found and removed these items -
Java.Trojan.Downloader.Open Connection.AI(B 4 files
Java.Trojan.Downloader.Open Connection.AO(B 1 file
Trojan Generic 250995(B) 1 file - this one was in C\System Volume Information\restore{46DE8921-1D39-44DZ-A9E9-64119261F211}\RP22\AA025420.exe

Can you help me to recover my documents - particularly last years photos which I had not got round to backing-up when the virus attacked?? Many thanks for considering this for me.

AL

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:30 PM

Posted 10 February 2013 - 04:57 PM

Did you run Emisoft from Safe Mode with Networking Yet? If not do that..

DO NOT run a Temp file cleaner.

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 exguru

exguru
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 13 February 2013 - 03:03 PM

Thanks for your help so far.
The PC will not enter Safe Mode - blue screen STOP Virus notice every time - STOP OXo 000007B (OXF789R524, OXC0000034 OXo00000000 OXo00000000)
 
I ran TDSSkiller - No threats found--log is below
 
 
 
17:33:40.0515 2060  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:33:42.0187 2060  ============================================================
17:33:42.0187 2060  Current date / time: 2013/02/13 17:33:42.0187
17:33:42.0187 2060  SystemInfo:
17:33:42.0187 2060  
17:33:42.0187 2060  OS Version: 5.1.2600 ServicePack: 3.0
17:33:42.0187 2060  Product type: Workstation
17:33:42.0187 2060  ComputerName: D1GRDP2J
17:33:42.0203 2060  UserName: Alan Townsend
17:33:42.0203 2060  Windows directory: C:\WINDOWS
17:33:42.0203 2060  System windows directory: C:\WINDOWS
17:33:42.0203 2060  Processor architecture: Intel x86
17:33:42.0203 2060  Number of processors: 2
17:33:42.0203 2060  Page size: 0x1000
17:33:42.0203 2060  Boot type: Normal boot
17:33:42.0203 2060  ============================================================
17:33:52.0468 2060  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:33:52.0875 2060  ============================================================
17:33:52.0875 2060  \Device\Harddisk0\DR0:
17:33:54.0562 2060  MBR partitions:
17:33:54.0562 2060  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x24E107F2
17:33:54.0562 2060  ============================================================
17:33:56.0250 2060  C: <-> \Device\Harddisk0\DR0\Partition1
17:33:56.0265 2060  ============================================================
17:33:56.0265 2060  Initialize success
17:33:56.0265 2060  ============================================================
17:34:20.0875 3000  ============================================================
17:34:20.0875 3000  Scan started
17:34:20.0875 3000  Mode: Manual; TDLFS; 
17:34:20.0875 3000  ============================================================
17:34:23.0578 3000  ================ Scan system memory ========================
17:34:23.0593 3000  System memory - ok
17:34:23.0593 3000  ================ Scan services =============================
17:34:24.0890 3000  Abiosdsk - ok
17:34:24.0921 3000  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:34:24.0953 3000  abp480n5 - ok
17:34:25.0046 3000  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:34:25.0109 3000  ACPI - ok
17:34:25.0187 3000  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:34:25.0265 3000  ACPIEC - ok
17:34:25.0296 3000  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:34:25.0406 3000  adpu160m - ok
17:34:25.0500 3000  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:34:25.0531 3000  aec - ok
17:34:25.0562 3000  [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:34:25.0562 3000  AegisP - ok
17:34:25.0640 3000  [ A7B8A3A79D35215D798A300DF49ED23F ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
17:34:25.0734 3000  Afc - ok
17:34:25.0781 3000  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:34:25.0781 3000  AFD - ok
17:34:25.0843 3000  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
17:34:25.0875 3000  agp440 - ok
17:34:25.0921 3000  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:34:25.0968 3000  agpCPQ - ok
17:34:26.0000 3000  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:34:26.0015 3000  Aha154x - ok
17:34:26.0078 3000  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:34:26.0781 3000  aic78u2 - ok
17:34:26.0812 3000  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:34:26.0843 3000  aic78xx - ok
17:34:26.0921 3000  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:34:26.0953 3000  Alerter - ok
17:34:27.0125 3000  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
17:34:28.0031 3000  ALG - ok
17:34:28.0046 3000  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
17:34:28.0093 3000  AliIde - ok
17:34:28.0156 3000  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:34:28.0218 3000  alim1541 - ok
17:34:28.0234 3000  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:34:28.0265 3000  amdagp - ok
17:34:28.0296 3000  [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:34:28.0359 3000  AmdK8 - ok
17:34:28.0375 3000  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
17:34:28.0453 3000  amsint - ok
17:34:28.0828 3000  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:34:29.0546 3000  AppMgmt - ok
17:34:29.0687 3000  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
17:34:29.0781 3000  asc - ok
17:34:29.0859 3000  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:34:30.0015 3000  asc3350p - ok
17:34:30.0031 3000  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:34:30.0093 3000  asc3550 - ok
17:34:30.0250 3000  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:34:30.0359 3000  aspnet_state - ok
17:34:30.0406 3000  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:34:30.0640 3000  AsyncMac - ok
17:34:30.0671 3000  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:34:30.0796 3000  atapi - ok
17:34:30.0796 3000  Atdisk - ok
17:34:30.0843 3000  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:34:30.0921 3000  Atmarpc - ok
17:34:31.0015 3000  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:34:31.0046 3000  AudioSrv - ok
17:34:31.0109 3000  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:34:32.0421 3000  audstub - ok
17:34:35.0250 3000  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
17:34:38.0750 3000  AVGIDSAgent - ok
17:34:41.0593 3000  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
17:34:41.0609 3000  AVGIDSDriver - ok
17:34:41.0671 3000  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
17:34:41.0687 3000  AVGIDSHX - ok
17:34:41.0687 3000  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
17:34:41.0703 3000  AVGIDSShim - ok
17:34:41.0953 3000  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:34:41.0984 3000  Avgldx86 - ok
17:34:42.0218 3000  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
17:34:42.0281 3000  Avglogx - ok
17:34:42.0437 3000  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:34:42.0453 3000  Avgmfx86 - ok
17:34:42.0546 3000  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:34:42.0562 3000  Avgrkx86 - ok
17:34:42.0718 3000  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:34:42.0750 3000  Avgtdix - ok
17:34:42.0953 3000  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
17:34:42.0984 3000  avgwd - ok
17:34:43.0000 3000  [ 78E7B52DA292FA90BAD2F887BBF22159 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:34:43.0015 3000  bcm4sbxp - ok
17:34:43.0078 3000  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:34:43.0093 3000  Beep - ok
17:34:43.0312 3000  [ 7EBC3FF58632EAB2059D59D8EFDC528A ] Belkin Wifi Service C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
17:34:43.0312 3000  Belkin Wifi Service - ok
17:34:43.0421 3000  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:34:43.0718 3000  BITS - ok
17:34:44.0015 3000  [ 534B95FBD867D0512DCB43E6CC1AA91E ] BlueletAudio    C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
17:34:44.0046 3000  BlueletAudio - ok
17:34:44.0078 3000  [ 01D1832F2B13DFAF7384884F7C3E0124 ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
17:34:44.0109 3000  BlueletSCOAudio - ok
17:34:44.0187 3000  [ 55F24E6EC983FCC7510293B05A27CEEC ] BlueSoleil Hid Service C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
17:34:44.0187 3000  BlueSoleil Hid Service - ok
17:34:44.0218 3000  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
17:34:44.0265 3000  Browser - ok
17:34:44.0281 3000  [ D1813668A0117AE05BC0B81C874F91D4 ] BT              C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
17:34:44.0312 3000  BT - ok
17:34:44.0328 3000  [ F7FF961F1B8BD229F94F648889A87B94 ] Btcsrusb        C:\WINDOWS\system32\Drivers\btcusb.sys
17:34:44.0359 3000  Btcsrusb - ok
17:34:44.0390 3000  [ E69D9E7854095A9C81ACEE40D766FE2D ] BTHidEnum       C:\WINDOWS\system32\DRIVERS\vbtenum.sys
17:34:44.0421 3000  BTHidEnum - ok
17:34:45.0015 3000  [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr        C:\WINDOWS\system32\Drivers\BTHidMgr.sys
17:34:45.0046 3000  BTHidMgr - ok
17:34:45.0078 3000  [ 6B05FDC0CFC3753B520D2D4176CC32D0 ] BTNetFilter     C:\WINDOWS\system32\drivers\BTNetFilter.sys
17:34:45.0109 3000  BTNetFilter - ok
17:34:45.0171 3000  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:34:45.0234 3000  cbidf - ok
17:34:45.0234 3000  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:34:45.0234 3000  cbidf2k - ok
17:34:45.0312 3000  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:34:45.0343 3000  CCDECODE - ok
17:34:45.0390 3000  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:34:45.0421 3000  cd20xrnt - ok
17:34:45.0484 3000  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:34:45.0515 3000  Cdaudio - ok
17:34:45.0593 3000  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:34:45.0609 3000  Cdfs - ok
17:34:45.0640 3000  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:34:45.0656 3000  Cdrom - ok
17:34:45.0671 3000  Changer - ok
17:34:45.0718 3000  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:34:45.0765 3000  CiSvc - ok
17:34:45.0781 3000  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:34:45.0843 3000  ClipSrv - ok
17:34:45.0953 3000  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:34:45.0968 3000  clr_optimization_v2.0.50727_32 - ok
17:34:46.0140 3000  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:34:46.0156 3000  CmdIde - ok
17:34:46.0156 3000  COMSysApp - ok
17:34:46.0203 3000  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:34:46.0484 3000  Cpqarray - ok
17:34:46.0531 3000  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:34:46.0562 3000  CryptSvc - ok
17:34:46.0906 3000  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:34:47.0031 3000  dac2w2k - ok
17:34:47.0109 3000  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:34:47.0140 3000  dac960nt - ok
17:34:47.0296 3000  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:34:47.0390 3000  DcomLaunch - ok
17:34:48.0531 3000  [ D2600494C45B98ADFDAE290205AD7CD3 ] DevoloNetworkService C:\Program Files\devolo\dlan\devolonetsvc.exe
17:34:49.0968 3000  DevoloNetworkService - ok
17:34:50.0015 3000  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:34:50.0062 3000  Dhcp - ok
17:34:50.0109 3000  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:34:50.0140 3000  Disk - ok
17:34:50.0359 3000  [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:34:50.0375 3000  DLABOIOM - ok
17:34:50.0437 3000  [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:34:50.0453 3000  DLACDBHM - ok
17:34:50.0484 3000  [ 83545593E297F50A8E2524B4C071A153 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
17:34:50.0500 3000  DLADResN - ok
17:34:50.0515 3000  DLAIFS_M - ok
17:34:50.0546 3000  [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:34:50.0562 3000  DLAOPIOM - ok
17:34:50.0593 3000  [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:34:50.0593 3000  DLAPoolM - ok
17:34:50.0656 3000  [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:34:50.0671 3000  DLARTL_N - ok
17:34:50.0703 3000  [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:34:50.0750 3000  DLAUDFAM - ok
17:34:50.0781 3000  [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:34:50.0828 3000  DLAUDF_M - ok
17:34:50.0843 3000  dmadmin - ok
17:34:51.0046 3000  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:34:52.0500 3000  dmboot - ok
17:34:53.0156 3000  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:34:53.0171 3000  dmio - ok
17:34:53.0281 3000  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:34:53.0296 3000  dmload - ok
17:34:53.0390 3000  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:34:53.0390 3000  dmserver - ok
17:34:53.0640 3000  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:34:53.0656 3000  DMusic - ok
17:34:53.0703 3000  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:34:53.0718 3000  Dnscache - ok
17:34:53.0796 3000  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:34:53.0937 3000  Dot3svc - ok
17:34:53.0953 3000  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:34:53.0984 3000  dpti2o - ok
17:34:54.0031 3000  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:34:54.0031 3000  drmkaud - ok
17:34:54.0078 3000  [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:34:54.0078 3000  DRVMCDB - ok
17:34:54.0093 3000  [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:34:54.0093 3000  DRVNDDM - ok
17:34:54.0156 3000  [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct         C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
17:34:54.0187 3000  DSproct - ok
17:34:54.0218 3000  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:34:54.0234 3000  E100B - ok
17:34:54.0281 3000  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:34:54.0296 3000  EapHost - ok
17:34:54.0328 3000  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:34:54.0328 3000  ERSvc - ok
17:34:54.0359 3000  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
17:34:54.0375 3000  Eventlog - ok
17:34:54.0406 3000  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
17:34:54.0406 3000  EventSystem - ok
17:34:54.0437 3000  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:34:54.0468 3000  Fastfat - ok
17:34:54.0500 3000  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:34:54.0500 3000  FastUserSwitchingCompatibility - ok
17:34:54.0546 3000  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
17:34:54.0546 3000  Fax - ok
17:34:54.0593 3000  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
17:34:54.0609 3000  Fdc - ok
17:34:54.0640 3000  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:34:54.0656 3000  Fips - ok
17:34:54.0687 3000  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:34:54.0703 3000  Flpydisk - ok
17:34:54.0765 3000  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:34:54.0765 3000  FltMgr - ok
17:34:54.0875 3000  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:34:54.0937 3000  FontCache3.0.0.0 - ok
17:34:54.0953 3000  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:34:54.0984 3000  Fs_Rec - ok
17:34:55.0000 3000  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:34:55.0015 3000  Ftdisk - ok
17:34:55.0140 3000  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:34:55.0140 3000  GoogleDesktopManager-051210-111108 - ok
17:34:55.0187 3000  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:34:55.0218 3000  Gpc - ok
17:34:55.0312 3000  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:34:55.0343 3000  gupdate - ok
17:34:55.0359 3000  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:34:55.0359 3000  gupdatem - ok
17:34:55.0406 3000  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:34:55.0406 3000  gusvc - ok
17:34:55.0453 3000  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:34:55.0468 3000  HDAudBus - ok
17:34:55.0546 3000  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:34:55.0562 3000  helpsvc - ok
17:34:55.0593 3000  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:34:55.0625 3000  HidServ - ok
17:34:55.0671 3000  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:34:55.0671 3000  HidUsb - ok
17:34:55.0718 3000  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:34:55.0734 3000  hkmsvc - ok
17:34:55.0750 3000  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
17:34:55.0765 3000  hpn - ok
17:34:55.0843 3000  [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:34:55.0890 3000  HPZid412 - ok
17:34:56.0359 3000  [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:34:56.0406 3000  HPZipr12 - ok
17:34:56.0609 3000  [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:34:56.0640 3000  HPZius12 - ok
17:34:57.0203 3000  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:34:57.0265 3000  HTTP - ok
17:34:57.0500 3000  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:34:57.0531 3000  HTTPFilter - ok
17:34:57.0546 3000  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
17:34:57.0562 3000  i2omgmt - ok
17:34:57.0609 3000  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:34:57.0718 3000  i2omp - ok
17:34:57.0750 3000  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:34:57.0812 3000  i8042prt - ok
17:34:58.0390 3000  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:34:59.0234 3000  idsvc - ok
17:34:59.0296 3000  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:34:59.0312 3000  Imapi - ok
17:34:59.0343 3000  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:34:59.0359 3000  ImapiService - ok
17:34:59.0390 3000  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:34:59.0406 3000  ini910u - ok
17:34:59.0421 3000  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
17:34:59.0437 3000  IntelIde - ok
17:34:59.0453 3000  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:34:59.0468 3000  intelppm - ok
17:34:59.0484 3000  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:34:59.0500 3000  Ip6Fw - ok
17:34:59.0531 3000  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:34:59.0546 3000  IpFilterDriver - ok
17:34:59.0562 3000  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:34:59.0593 3000  IpInIp - ok
17:34:59.0625 3000  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:34:59.0625 3000  IpNat - ok
17:34:59.0640 3000  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:34:59.0671 3000  IPSec - ok
17:34:59.0687 3000  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:34:59.0703 3000  IRENUM - ok
17:34:59.0734 3000  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:34:59.0734 3000  isapnp - ok
17:34:59.0828 3000  [ A0D14B7538FA3AE9CB771B9E99CECF43 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:34:59.0843 3000  JavaQuickStarterService - ok
17:34:59.0843 3000  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:34:59.0843 3000  Kbdclass - ok
17:34:59.0859 3000  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:34:59.0859 3000  kbdhid - ok
17:34:59.0875 3000  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:34:59.0890 3000  kmixer - ok
17:34:59.0921 3000  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:34:59.0921 3000  KSecDD - ok
17:34:59.0953 3000  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:34:59.0953 3000  lanmanserver - ok
17:35:00.0000 3000  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:35:00.0000 3000  lanmanworkstation - ok
17:35:00.0093 3000  [ 73F6EFD2A2315AF34F7872559686C471 ] lanusb          C:\WINDOWS\system32\DRIVERS\glausb.sys
17:35:00.0125 3000  lanusb - ok
17:35:00.0140 3000  lbrtfdc - ok
17:35:00.0187 3000  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:35:00.0187 3000  LmHosts - ok
17:35:00.0187 3000  MBAMSwissArmy - ok
17:35:00.0234 3000  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:35:00.0250 3000  Messenger - ok
17:35:00.0281 3000  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:35:00.0296 3000  mnmdd - ok
17:35:00.0343 3000  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:35:00.0359 3000  mnmsrvc - ok
17:35:00.0406 3000  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:35:00.0406 3000  Modem - ok
17:35:00.0421 3000  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:35:00.0421 3000  Mouclass - ok
17:35:00.0437 3000  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:35:00.0437 3000  mouhid - ok
17:35:00.0453 3000  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:35:00.0453 3000  MountMgr - ok
17:35:00.0468 3000  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:35:00.0484 3000  mraid35x - ok
17:35:00.0515 3000  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:35:00.0531 3000  MRxDAV - ok
17:35:00.0546 3000  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:35:00.0562 3000  MRxSmb - ok
17:35:00.0593 3000  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:35:00.0609 3000  MSDTC - ok
17:35:00.0640 3000  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:35:00.0640 3000  Msfs - ok
17:35:00.0640 3000  MSIServer - ok
17:35:00.0671 3000  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:35:00.0687 3000  MSKSSRV - ok
17:35:00.0703 3000  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:35:00.0718 3000  MSPCLOCK - ok
17:35:00.0718 3000  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:35:00.0734 3000  MSPQM - ok
17:35:00.0750 3000  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:35:00.0750 3000  mssmbios - ok
17:35:00.0765 3000  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
17:35:00.0781 3000  MSTEE - ok
17:35:00.0796 3000  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:35:00.0796 3000  Mup - ok
17:35:00.0812 3000  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:35:00.0843 3000  NABTSFEC - ok
17:35:00.0875 3000  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:35:00.0906 3000  napagent - ok
17:35:00.0937 3000  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:35:00.0937 3000  NDIS - ok
17:35:00.0953 3000  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:35:00.0968 3000  NdisIP - ok
17:35:01.0015 3000  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:35:01.0015 3000  NdisTapi - ok
17:35:01.0031 3000  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:35:01.0031 3000  Ndisuio - ok
17:35:01.0046 3000  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:35:01.0062 3000  NdisWan - ok
17:35:01.0093 3000  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:35:01.0093 3000  NDProxy - ok
17:35:01.0093 3000  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:35:01.0093 3000  NetBIOS - ok
17:35:01.0125 3000  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:35:01.0156 3000  NetBT - ok
17:35:01.0187 3000  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:35:01.0203 3000  NetDDE - ok
17:35:01.0203 3000  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:35:01.0203 3000  NetDDEdsdm - ok
17:35:01.0250 3000  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:35:01.0250 3000  Netlogon - ok
17:35:01.0265 3000  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
17:35:01.0265 3000  Netman - ok
17:35:01.0343 3000  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:35:01.0625 3000  NetTcpPortSharing - ok
17:35:01.0921 3000  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:35:01.0921 3000  Nla - ok
17:35:01.0953 3000  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:35:01.0953 3000  Npfs - ok
17:35:02.0000 3000  [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo      C:\WINDOWS\system32\drivers\npf_devolo.sys
17:35:02.0000 3000  NPF_devolo - ok
17:35:02.0015 3000  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:35:02.0031 3000  Ntfs - ok
17:35:02.0046 3000  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:35:02.0046 3000  NtLmSsp - ok
17:35:02.0093 3000  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:35:02.0109 3000  NtmsSvc - ok
17:35:02.0140 3000  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:35:02.0156 3000  Null - ok
17:35:02.0296 3000  [ 15A6306A0B958BF60F09688D0EE70479 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:35:02.0421 3000  nv - ok
17:35:02.0453 3000  [ 75562456AA672BB5FE56D3C64C6D1C7D ] nvatabus        C:\WINDOWS\system32\drivers\nvatabus.sys
17:35:02.0468 3000  nvatabus - ok
17:35:02.0500 3000  [ 1D4781A5957300DC81B91161B45704BB ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
17:35:02.0515 3000  nvraid - ok
17:35:02.0546 3000  [ 986D6666E076AFD2B60ACAFD5B01A00F ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
17:35:02.0562 3000  NVSvc - ok
17:35:02.0578 3000  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:35:02.0593 3000  NwlnkFlt - ok
17:35:02.0609 3000  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:35:02.0640 3000  NwlnkFwd - ok
17:35:02.0703 3000  [ CEC6FD00B96E05EC0F3A0A99F138182C ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
17:35:02.0718 3000  OpenVPNService - ok
17:35:02.0796 3000  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:35:02.0812 3000  ose - ok
17:35:02.0843 3000  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:35:02.0859 3000  Parport - ok
17:35:02.0906 3000  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:35:02.0906 3000  PartMgr - ok
17:35:02.0921 3000  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:35:02.0921 3000  ParVdm - ok
17:35:02.0937 3000  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:35:02.0937 3000  PCI - ok
17:35:02.0937 3000  PCIDump - ok
17:35:02.0953 3000  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:35:02.0953 3000  PCIIde - ok
17:35:02.0984 3000  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:35:03.0000 3000  Pcmcia - ok
17:35:03.0046 3000  [ 02AAAFB7BA137CE5DDABCDF8090954D9 ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
17:35:03.0062 3000  pcouffin - ok
17:35:03.0078 3000  PDCOMP - ok
17:35:03.0078 3000  PDFRAME - ok
17:35:03.0093 3000  PDRELI - ok
17:35:03.0093 3000  PDRFRAME - ok
17:35:03.0125 3000  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
17:35:03.0140 3000  perc2 - ok
17:35:03.0156 3000  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:35:03.0171 3000  perc2hib - ok
17:35:03.0218 3000  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
17:35:03.0218 3000  PlugPlay - ok
17:35:03.0250 3000  [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
17:35:03.0265 3000  Pml Driver HPZ12 - ok
17:35:03.0265 3000  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:35:03.0265 3000  PolicyAgent - ok
17:35:03.0281 3000  [ 8AE03E978BC99F31AE31B183CD373951 ] PPPoEWin        C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS
17:35:03.0312 3000  PPPoEWin - ok
17:35:03.0343 3000  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:35:03.0359 3000  PptpMiniport - ok
17:35:03.0375 3000  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
17:35:03.0406 3000  Processor - ok
17:35:03.0406 3000  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:35:03.0406 3000  ProtectedStorage - ok
17:35:03.0421 3000  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:35:03.0437 3000  PSched - ok
17:35:03.0453 3000  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:35:03.0468 3000  Ptilink - ok
17:35:03.0515 3000  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:35:03.0515 3000  PxHelp20 - ok
17:35:03.0546 3000  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:35:03.0562 3000  ql1080 - ok
17:35:03.0578 3000  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:35:03.0609 3000  Ql10wnt - ok
17:35:03.0625 3000  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:35:03.0640 3000  ql12160 - ok
17:35:03.0656 3000  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:35:03.0671 3000  ql1240 - ok
17:35:03.0687 3000  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:35:03.0703 3000  ql1280 - ok
17:35:03.0812 3000  [ 3AF684252780CF87DC2809F85B8F7591 ] RapportCerberus_43926 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys
17:35:03.0812 3000  RapportCerberus_43926 - ok
17:35:03.0906 3000  [ 093B6A040BCF3FD4A0FFF397BAF28330 ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
17:35:03.0906 3000  RapportEI - ok
17:35:03.0953 3000  [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso     c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
17:35:03.0953 3000  RapportIaso - ok
17:35:03.0984 3000  [ 660436FBE447EBC73873EF2B0B2094B4 ] RapportKELL     C:\WINDOWS\system32\Drivers\RapportKELL.sys
17:35:04.0000 3000  RapportKELL - ok
17:35:04.0046 3000  [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
17:35:04.0062 3000  RapportMgmtService - ok
17:35:04.0062 3000  [ 3DE33A522BB73E161F20D444687E978B ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
17:35:04.0062 3000  RapportPG - ok
17:35:04.0109 3000  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:35:04.0125 3000  RasAcd - ok
17:35:04.0156 3000  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:35:04.0187 3000  RasAuto - ok
17:35:04.0218 3000  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:35:04.0265 3000  Rasl2tp - ok
17:35:04.0359 3000  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:35:04.0390 3000  RasMan - ok
17:35:04.0437 3000  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:35:04.0484 3000  RasPppoe - ok
17:35:04.0515 3000  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:35:04.0718 3000  Raspti - ok
17:35:04.0781 3000  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:35:04.0828 3000  Rdbss - ok
17:35:04.0859 3000  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:35:04.0890 3000  RDPCDD - ok
17:35:04.0921 3000  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:35:04.0953 3000  rdpdr - ok
17:35:05.0015 3000  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:35:05.0015 3000  RDPWD - ok
17:35:05.0031 3000  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:35:05.0062 3000  RDSessMgr - ok
17:35:05.0093 3000  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:35:05.0109 3000  redbook - ok
17:35:05.0156 3000  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:35:05.0171 3000  RemoteAccess - ok
17:35:05.0234 3000  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:35:05.0234 3000  RemoteRegistry - ok
17:35:05.0250 3000  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
17:35:05.0265 3000  ROOTMODEM - ok
17:35:05.0296 3000  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:35:05.0312 3000  RpcLocator - ok
17:35:05.0343 3000  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:35:05.0359 3000  RpcSs - ok
17:35:05.0390 3000  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:35:05.0421 3000  RSVP - ok
17:35:05.0468 3000  [ 19E1CC285F736616B7379A7462FC438A ] RTL8192su       C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
17:35:05.0515 3000  RTL8192su - ok
17:35:05.0531 3000  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:35:05.0531 3000  SamSs - ok
17:35:05.0546 3000  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:35:05.0578 3000  SCardSvr - ok
17:35:05.0609 3000  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:35:05.0625 3000  Schedule - ok
17:35:05.0671 3000  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:35:05.0671 3000  Secdrv - ok
17:35:05.0703 3000  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:35:05.0703 3000  seclogon - ok
17:35:05.0734 3000  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
17:35:05.0750 3000  SENS - ok
17:35:05.0781 3000  [ 6CE397C482BEDE91A38E56A8C4A0DC6D ] Ser2pl          C:\WINDOWS\system32\DRIVERS\ser2pl.sys
17:35:05.0796 3000  Ser2pl - ok
17:35:05.0828 3000  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:35:05.0843 3000  serenum - ok
17:35:05.0890 3000  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:35:05.0906 3000  Serial - ok
17:35:05.0937 3000  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:35:05.0953 3000  Sfloppy - ok
17:35:06.0000 3000  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:35:06.0015 3000  SharedAccess - ok
17:35:06.0031 3000  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:35:06.0031 3000  ShellHWDetection - ok
17:35:06.0046 3000  Simbad - ok
17:35:06.0078 3000  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:35:06.0093 3000  sisagp - ok
17:35:06.0109 3000  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:35:06.0125 3000  SLIP - ok
17:35:06.0421 3000  [ 1A8F0B9E6AA8048AD8FAA5B55BC2487F ] SNP2STD         C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
17:35:06.0937 3000  SNP2STD - ok
17:35:07.0031 3000  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:35:07.0062 3000  Sparrow - ok
17:35:07.0078 3000  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:35:07.0078 3000  splitter - ok
17:35:07.0109 3000  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:35:07.0109 3000  Spooler - ok
17:35:07.0156 3000  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:35:07.0156 3000  sr - ok
17:35:07.0187 3000  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:35:07.0203 3000  srservice - ok
17:35:07.0218 3000  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:35:07.0234 3000  Srv - ok
17:35:07.0250 3000  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:35:07.0250 3000  SSDPSRV - ok
17:35:07.0312 3000  [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
17:35:07.0312 3000  STHDA - ok
17:35:07.0359 3000  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
17:35:07.0375 3000  StillCam - ok
17:35:07.0437 3000  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:35:07.0437 3000  stisvc - ok
17:35:07.0453 3000  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:35:07.0468 3000  streamip - ok
17:35:07.0484 3000  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:35:07.0500 3000  swenum - ok
17:35:07.0515 3000  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:35:07.0515 3000  swmidi - ok
17:35:07.0515 3000  SwPrv - ok
17:35:07.0546 3000  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
17:35:07.0562 3000  symc810 - ok
17:35:07.0578 3000  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:35:07.0593 3000  symc8xx - ok
17:35:07.0625 3000  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:35:07.0640 3000  sym_hi - ok
17:35:07.0656 3000  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:35:07.0671 3000  sym_u3 - ok
17:35:07.0671 3000  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:35:07.0671 3000  sysaudio - ok
17:35:07.0734 3000  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:35:07.0750 3000  SysmonLog - ok
17:35:07.0781 3000  [ 0C82061920A2DE35D33C2C2BB83B1E98 ] tap0801         C:\WINDOWS\system32\DRIVERS\tap0801.sys
17:35:07.0812 3000  tap0801 - ok
17:35:07.0843 3000  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:35:07.0843 3000  TapiSrv - ok
17:35:07.0890 3000  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:35:07.0890 3000  Tcpip - ok
17:35:07.0921 3000  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:35:07.0953 3000  TDPIPE - ok
17:35:07.0968 3000  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:35:07.0984 3000  TDTCP - ok
17:35:08.0000 3000  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:35:08.0015 3000  TermDD - ok
17:35:08.0062 3000  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
17:35:08.0078 3000  TermService - ok
17:35:08.0093 3000  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:35:08.0093 3000  Themes - ok
17:35:08.0125 3000  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:35:08.0140 3000  TlntSvr - ok
17:35:08.0156 3000  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
17:35:08.0171 3000  TosIde - ok
17:35:08.0203 3000  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:35:08.0203 3000  TrkWks - ok
17:35:08.0234 3000  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:35:08.0265 3000  Udfs - ok
17:35:08.0281 3000  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
17:35:08.0296 3000  ultra - ok
17:35:08.0343 3000  [ B2AF2BA8A3205A8458B61F638FB431DD ] UnlockerDriver5 C:\Program Files\UNLOCKER\UnlockerDriver5.sys
17:35:08.0359 3000  UnlockerDriver5 - ok
17:35:08.0421 3000  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:35:08.0468 3000  Update - ok
17:35:08.0484 3000  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:35:08.0515 3000  upnphost - ok
17:35:08.0546 3000  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
17:35:08.0562 3000  UPS - ok
17:35:08.0593 3000  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
17:35:08.0609 3000  usbaudio - ok
17:35:08.0640 3000  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:35:08.0656 3000  usbccgp - ok
17:35:08.0703 3000  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:35:08.0718 3000  usbehci - ok
17:35:08.0750 3000  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:35:08.0765 3000  usbhub - ok
17:35:08.0812 3000  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:35:08.0843 3000  usbohci - ok
17:35:08.0875 3000  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:35:08.0906 3000  usbprint - ok
17:35:08.0921 3000  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:35:08.0953 3000  usbscan - ok
17:35:08.0968 3000  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:35:09.0000 3000  USBSTOR - ok
17:35:09.0015 3000  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:35:09.0046 3000  usbuhci - ok
17:35:09.0062 3000  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
17:35:09.0093 3000  usbvideo - ok
17:35:09.0125 3000  [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm           C:\WINDOWS\system32\DRIVERS\VComm.sys
17:35:09.0140 3000  VComm - ok
17:35:09.0156 3000  [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr        C:\WINDOWS\system32\Drivers\VcommMgr.sys
17:35:09.0171 3000  VcommMgr - ok
17:35:09.0187 3000  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:35:09.0203 3000  VgaSave - ok
17:35:09.0218 3000  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:35:09.0250 3000  viaagp - ok
17:35:09.0250 3000  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
17:35:09.0265 3000  ViaIde - ok
17:35:09.0296 3000  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:35:09.0296 3000  VolSnap - ok
17:35:09.0312 3000  vsdatant - ok
17:35:09.0343 3000  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
17:35:09.0375 3000  VSS - ok
17:35:09.0406 3000  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
17:35:09.0406 3000  w32time - ok
17:35:09.0421 3000  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:35:09.0437 3000  Wanarp - ok
17:35:09.0468 3000  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
17:35:09.0484 3000  wanatw - ok
17:35:09.0500 3000  WDICA - ok
17:35:09.0515 3000  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:35:09.0515 3000  wdmaud - ok
17:35:09.0546 3000  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:35:09.0546 3000  WebClient - ok
17:35:09.0609 3000  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:35:09.0625 3000  winmgmt - ok
17:35:09.0656 3000  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
17:35:09.0671 3000  WmdmPmSN - ok
17:35:09.0734 3000  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:35:09.0750 3000  Wmi - ok
17:35:09.0765 3000  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:35:09.0796 3000  WmiApSrv - ok
17:35:09.0843 3000  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:35:09.0843 3000  wscsvc - ok
17:35:09.0890 3000  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:35:09.0906 3000  WSTCODEC - ok
17:35:09.0937 3000  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:35:09.0937 3000  wuauserv - ok
17:35:09.0984 3000  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:35:10.0000 3000  WZCSVC - ok
17:35:10.0031 3000  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:35:10.0078 3000  xmlprov - ok
17:35:10.0109 3000  ================ Scan global ===============================
17:35:10.0156 3000  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:35:10.0171 3000  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:35:10.0203 3000  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:35:10.0218 3000  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:35:10.0218 3000  [Global] - ok
17:35:10.0218 3000  ================ Scan MBR ==================================
17:35:10.0234 3000  [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
17:35:10.0421 3000  \Device\Harddisk0\DR0 - ok
17:35:10.0421 3000  ================ Scan VBR ==================================
17:35:10.0437 3000  [ 7E93ED7CF5BD09252A466BDC35393957 ] \Device\Harddisk0\DR0\Partition1
17:35:10.0437 3000  \Device\Harddisk0\DR0\Partition1 - ok
17:35:10.0437 3000  ============================================================
17:35:10.0437 3000  Scan finished
17:35:10.0437 3000  ============================================================
17:35:10.0453 2976  Detected object count: 0
17:35:10.0453 2976  Actual detected object count: 0
 
I re-ran Emsisoft (Not in Safe Mode)....................it found nothing>>>>>. 
 
Emsisoft Emergency Kit - Version 3.0
Last update: N/A
 
Scan settings:
 
Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start:    13/02/2013 18:15:40
 
 
Scanned    448758
Found    0
 
Scan end:    13/02/2013 20:00:49
Scan time:    1:45:09
 
AL


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:30 PM

Posted 14 February 2013 - 11:40 AM

Install SUPERAntiSypware (SAS) from below... then use the Repairs tool here...
 
SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Preferences button.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.
  •  
     
    Now boot into Safe Mode And scan with SAS.
     
    Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
  • )
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
  • -- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.

Edited by boopme, 14 February 2013 - 11:43 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 exguru

exguru
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 15 February 2013 - 07:42 AM

Thanks so much for your time and trouble - I really do appreciate it.

I carried out all your instructions - safe mode now available - SAS run and log is below. (Files are still encrypted). AL

 

SUPERAntiSpyware Scan Log
 
Generated 02/15/2013 at 11:36 AM
 
Application Version : 5.6.1014
 
Core Rules Database Version : 10012
Trace Rules Database Version: 7824
 
Scan type       : Complete Scan
Total Scan Time : 00:38:05
 
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
 
Memory items scanned      : 310
Memory threats detected   : 0
Registry items scanned    : 40542
Registry threats detected : 0
File items scanned        : 53697
File threats detected     : 236
 
Adware.Tracking Cookie
    C:\DOCUMENTS AND SETTINGS\ROSE TOWNSEND\Cookies\rose_townsend@americanexpress.122.2o7[1].txt [ Cookie:rose townsend@americanexpress.122.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\ROSE TOWNSEND\Cookies\rose_townsend@www.googleadservices[1].txt [ Cookie:rose townsend@www.googleadservices.com/pagead/conversion/1071107912/ ]
    C:\DOCUMENTS AND SETTINGS\ROSE TOWNSEND\Cookies\rose_townsend@edge.ru4[1].txt [ Cookie:rose townsend@edge.ru4.com/ ]
    C:\DOCUMENTS AND SETTINGS\ROSE TOWNSEND\Cookies\rose_townsend@www.googleadservices[3].txt [ Cookie:rose townsend@www.googleadservices.com/pagead/conversion/1068733537/ ]
    C:\DOCUMENTS AND SETTINGS\ROSE TOWNSEND\Cookies\JTQ6TNE3.txt [ Cookie:rose townsend@avgtechnologies.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@e-2dj6wjmywicpmgp.stats.esomniture[2].txt [ Cookie:spare@e-2dj6wjmywicpmgp.stats.esomniture.com/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@at.atwola[2].txt [ Cookie:spare@at.atwola.com/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@himedia.individuad[2].txt [ Cookie:spare@himedia.individuad.net/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@e-2dj6wjlociczoco.stats.esomniture[2].txt [ Cookie:spare@e-2dj6wjlociczoco.stats.esomniture.com/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@paypal.112.2o7[1].txt [ Cookie:spare@paypal.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@server.iad.liveperson[1].txt [ Cookie:spare@server.iad.liveperson.net/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@adtech[2].txt [ Cookie:spare@adtech.de/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@invitemedia[2].txt [ Cookie:spare@invitemedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@e-2dj6wfkyaod5aep.stats.esomniture[1].txt [ Cookie:spare@e-2dj6wfkyaod5aep.stats.esomniture.com/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@nextag.co[2].txt [ Cookie:spare@nextag.co.uk/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@amazonms.122.2o7[1].txt [ Cookie:spare@amazonms.122.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@e-2dj6wfmychd5abo.stats.esomniture[2].txt [ Cookie:spare@e-2dj6wfmychd5abo.stats.esomniture.com/ ]
    C:\DOCUMENTS AND SETTINGS\SPARE\Cookies\spare@www.googleadservices[2].txt [ Cookie:spare@www.googleadservices.com/pagead/conversion/1054767061/ ]
    track.adform.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    insight.torbit.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .newsquestspecialistmedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.fastbooking.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    stat.aldi.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    stat.aldi.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gostats.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .e-2dj6wjmiwndzwhq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gostats.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .2mdn.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kaspersky.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    my.stats2.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .theyarnakeddarkside.tumblr.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .theyarnakeddarkside.tumblr.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    theyarnakeddarkside.tumblr.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.info [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bravenet.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .abbysagenaked.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .e-2dj6wfliomcjogo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .e-2dj6wfkokpc5efo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .e-2dj6wdlowlczogq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weboramadata.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weboramadata.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .histats.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .histats.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .flagcounter.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    imagevenue.advertserve.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    imagevenue.advertserve.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adxpansion.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .exoclick.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .www.mediafire.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .yadro.ru [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .overture.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.skyscanner.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.skyscanner.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.skyscanner.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .skyscanner.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.skyscanner.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.skyscanner.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .skyscanner.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .skyscanner.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .skyscanner.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.skyscanner.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tui.db.advertising.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .firstchoice.db.advertising.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    clicktrk.laterooms.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    clicktrk.laterooms.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    clicktrk.laterooms.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    clicktrk.laterooms.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adviva.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adform.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .virginmedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    server.lon.liveperson.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .nissaneurope.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickfuse.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ww251.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bdsmdl.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bdsmdl.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bdsmdl.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bdsm-zone.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bdsm-zone.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .newsquestdigitalmedia.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www4.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www4.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ALAN TOWNSEND\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\DOCUMENTS AND SETTINGS\SPARE\COOKIES\SPARE@ADS.AOL.CO[2].TXT [ /ADS.AOL.CO ]
 
Trojan.Agent/Gen-FakeAlert
    C:\PROGRAM FILES\YOU TUBE ROBOT\DOWNLOAD_YOUTUBEROBOT_TRAIL.EXE
 
Trojan.Agent/Gen-Nullo[Short]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0001159.EXE
 

 

 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:30 PM

Posted 15 February 2013 - 12:05 PM

OK, Now lets do these and see how it is,, DO NOT run a temp file or Registry cleaner.

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
    Link 2
  •  

  • [list]
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.


    Rerun MBAM (MalwareBytes) like this:

    Open MBAM in normal mode and click Update tab, select Check for

    Updates
    ,when done
    click Scanner tab,select Quick scan and scan (normal mode).
    After scan click Remove Selected,

    Post new scan log and Reboot into normal mode.



    Please download the following program to your desktop:

    http://download.bleepingcomputer.com/grinler/unhide.exeUnhide.exe

    Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.

    Please ask any needed questions,post logs

Edited by boopme, 15 February 2013 - 12:08 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 exguru

exguru
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 16 February 2013 - 10:12 AM

Thank you again - runs made as instructed and here are the logs >>>

 

 

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/16/2013 02:16:24 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\WINDOWS\stsystra.exe (PID: 1336) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.1001-search.info
  127.0.0.1    1001-search.info
  127.0.0.1    www.100888290cs.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100sexlinks.com
  127.0.0.1    100sexlinks.com
  127.0.0.1    www.10sek.com
  127.0.0.1    10sek.com
  127.0.0.1    www.123topsearch.com
 
  20 out of 7901 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 02/16/2013 02:17:19 PM
Execution time: 0 hours(s), 0 minute(s), and 54 seconds(s)
 
 
 
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.02.16.03
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alan Townsend :: D1GRDP2J [administrator]
 
16/02/2013 14:20:47
mbam-log-2013-02-16 (14-20-47).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282007
Time elapsed: 11 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 

 

 

More Information about Unhide.exe can be found at this link:
 
Program started at: 02/16/2013 02:39:18 PM
Windows Version: Windows XP
 
Please be patient while your files are made visible again.
 
Processing the C:\ drive
Finished processing the C:\ drive. 115466 files processed.
 
Processing the F:\ drive
Finished processing the F:\ drive. 0 files processed.
 
Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.
 
Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.
 
Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.
 
The C:\DOCUME~1\ALANTO~1\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
 
Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
 
Program finished at: 02/16/2013 02:47:31 PM
Execution time: 0 hours(s), 8 minute(s), and 12 seconds(s)  
 
I have a feeling that we are getting there!!!  AL
 


#8 exguru

exguru
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 17 February 2013 - 05:45 AM

Dear Boopme ----Good Morning and I trust you are well. Further to my post above I should mention that following the runs above, when clicking on "My Computer", the computer now takes 20seconds of searching (with the flashlight scanning left and right) before locating the drives. Thought I should mention this in case it tells you something or in case we need to "rewind" before trying anything else, ALSO in relation to "unhide", can I say that my corrupted/encrypted files are visible its just that they won't open..... yes I'm sure you realised this!!    AL



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 70,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:30 PM

Posted 17 February 2013 - 09:25 PM

Al, can you run the DSS app here Preparation Guide ,step 6..

 

and then start a new topc here in Virus, Trojan, Spyware, and Malware Removal Logs

 

Title it...  my corrupted/encrypted files are visible its just that they won't open


Edited by boopme, 17 February 2013 - 09:25 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 exguru

exguru
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 18 February 2013 - 05:59 AM

Boopme - Will do - and thanks again for all your efforts.  AL






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users