espeak911 colexity777 37.220.36.44

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

espeak911 colexity777 37.220.36.44 20th August 2012, 1:25 am

Malware attempts to connect to one of the following three sites about once or twice every minute: espeak911.com/x/ , colexity777.com/x/ , 37.220.36.44/x/ . So far Trend Micro Titanium has been able to block these attempts.

The malware does not allow me to go to google.com or do any searches on sites that use Google.

Toshiba Satellite laptop running Win XP. IE8. SpyHunter4 downloaded only to scan for problems.

Problems began about two days ago.

OTL

OTL logfile created on: 8/19/2012 6:12:28 PM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\OTL
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.73% Memory free
2.58 Gb Paging File | 1.97 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 6.03 Gb Free Space | 8.09% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: BCB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 18:02:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\OTL\OTL.com
PRC - [2012/07/22 09:43:39 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/07/11 14:58:22 | 005,076,416 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2012/07/11 14:58:12 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012/02/27 07:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/08/02 17:52:46 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/03 03:07:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/07/03 02:57:04 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/07/02 23:50:32 | 000,700,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 13:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2006/04/25 18:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/03/16 14:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/03/02 16:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 13:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2006/01/20 16:14:20 | 001,122,412 | ---- | M] ( ) -- C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
PRC - [2005/12/16 03:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/05 23:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/08/16 12:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/21 19:38:24 | 000,901,120 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 22:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 14:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/04/26 13:26:14 | 000,266,240 | ---- | M] (FLIR Systems) -- C:\Program Files\FLIR Systems\QuickView\T3Mon.exe
PRC - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
MOD - [2006/07/02 23:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 23:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/23 15:07:08 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/01/17 19:52:10 | 000,659,456 | ---- | M] () -- C:\Program Files\NETGEAR\WG511SCU\Utility\UIResource.dll
MOD - [2006/01/04 19:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005/11/23 15:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2004/07/20 18:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2004/04/26 13:25:16 | 000,003,584 | ---- | M] () -- c:\Program Files\FLIR Systems\QuickView\Resources\T3Mon.En

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/08/14 13:45:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 14:58:12 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SYSPREP\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2012/06/03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011/08/02 14:58:24 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/07/12 05:14:08 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/07/12 05:13:54 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/07/12 05:13:42 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_000.sys -- (NWUSBPort_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/06/17 12:22:52 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/04/14 21:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/11/16 18:34:26 | 005,955,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/03/30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2006/08/25 17:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/22 11:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/07/13 11:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/07/03 01:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/28 17:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/28 12:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 17:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/03/18 08:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 19:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/12/19 15:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2005/12/19 15:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/10/20 15:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 15:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/07/25 18:48:36 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg511nd5.sys -- (NETGEAR_WG511_SERVICE)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 14:08:20 | 000,020,992 | ---- | M] (FLIR Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FLIRUSB.sys -- (FLIRUSBNET)
DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/11 19:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/27 07:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/03/05 14:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/27 07:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/22 09:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 09:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/22 09:45:10 | 000,000,000 | ---D | M]

[2009/10/14 00:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/30 10:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/05 03:15:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/25 16:39:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/12/30 10:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/07/22 09:44:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/05 03:15:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1464\6.6.1081\FIREFOXEXTENSION
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/22 09:43:48 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gears.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010/09/10 01:06:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe ( )
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ScanSoft PDF Professional 4-reminder] C:\Program Files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [T3Mon] C:\Program Files\FLIR Systems\QuickView\T3Mon.exe (FLIR Systems)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283916496671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD89D79-D72C-4FB1-95C4-33FDAF4732F2}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 20:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 17:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus
[2012/08/18 19:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Start Menu\Programs\SpyHunter
[2012/08/18 19:59:32 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/08/18 19:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/18 19:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/08/18 19:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\DriverCure
[2012/08/18 19:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\SpeedyPC Software
[2012/08/18 19:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Start Menu\Programs\SpeedyPC Software
[2012/08/18 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/08/18 19:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/08/18 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/08/18 09:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/18 09:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/08/16 22:32:09 | 000,000,000 | ---D | C] -- C:\2012 Election
[2012/08/05 19:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\My Documents\Backup IE and Outlook Express
[2012/07/29 00:35:55 | 000,000,000 | ---D | C] -- C:\Barber Shop
[2012/07/22 09:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/07/22 09:44:11 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/07/22 09:43:43 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/07/22 09:43:43 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/07/22 09:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/19 18:12:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 18:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/08/19 17:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/19 14:37:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/08/19 11:56:45 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2012/08/19 11:56:28 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/19 11:56:28 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/19 11:56:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/19 11:56:17 | 2137,034,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/19 01:50:36 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/08/19 01:25:19 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/08/18 19:59:36 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\SpyHunter.lnk
[2012/08/18 19:40:55 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\SpeedyPC Pro.lnk
[2012/08/18 19:29:15 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2012/08/18 16:52:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/16 12:37:59 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 02:34:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 22:16:07 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/14 13:45:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/14 13:45:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/05 18:46:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/28 23:40:07 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/07/26 11:21:08 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/22 09:45:05 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/07/22 09:44:12 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/07/22 09:43:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/07/22 09:43:43 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/07/22 09:43:42 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/18 19:59:36 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\SpyHunter.lnk
[2012/08/18 19:41:29 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/08/18 19:40:55 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\SpeedyPC Pro.lnk
[2012/08/18 19:40:54 | 000,000,488 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/18 19:40:54 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/08/18 19:40:52 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/07/22 09:45:05 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/07/21 08:14:49 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/17 21:18:32 | 000,034,776 | ---- | C] () -- C:\WINDOWS\System32\ClientPropertyPageLIB.dll
[2012/05/17 21:16:58 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2012/05/17 21:16:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2012/05/17 21:16:55 | 012,033,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2012/05/17 21:16:54 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2012/05/17 21:16:54 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2012/03/05 13:59:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat
[2011/05/29 22:51:09 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/09/10 03:02:42 | 000,003,033 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/22 23:54:30 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\housecall.guid.cache
[2010/08/15 01:02:02 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml
[2008/02/13 01:50:36 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2006/12/14 03:02:10 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 03:02:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\fusioncache.dat

>>>>> CONTINUED NEXT POST <<<<<

Re: espeak911 colexity777 37.220.36.44 20th August 2012, 1:25 am

>>>>> CONTINUED <<<<<

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2006/04/10 08:22:50 | 000,050,776 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/10/14 00:48:34 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2006/04/10 08:22:49 | 000,016,984 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2006/04/10 08:22:50 | 000,050,776 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/10/14 00:48:43 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/10/14 00:48:34 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/04 08:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2012/06/03 10:44:46 | 000,005,504 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys

< %systemroot%\System32\config\*.sav >
[2006/07/18 13:27:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/07/18 13:27:17 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/07/18 13:27:17 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/05/29 22:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\321Studios
[2012/03/03 11:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/07/19 20:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2009/05/03 03:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Architectural Energy Corporation
[2012/07/30 17:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2009/07/31 23:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Chief Architect
[2012/08/18 19:58:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/07/18 20:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/01/19 17:04:50 | 000,000,000 | ---D | M] -- C:\Program Files\DATA BECKER
[2006/08/11 15:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\DataLode
[2008/06/12 18:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\DesktopDialer
[2012/05/17 21:18:43 | 000,000,000 | ---D | M] -- C:\Program Files\DinoCapture 2.0
[2006/07/19 17:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-RAM
[2010/03/14 00:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Energy Conservatory
[2006/07/19 17:49:57 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2012/08/18 19:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2010/09/14 02:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2008/02/03 21:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
[2006/12/14 03:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\FLIR Systems
[2006/07/19 18:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2011/05/09 10:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/12/19 23:31:08 | 000,000,000 | ---D | M] -- C:\Program Files\Hasbro
[2006/07/19 20:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2012/05/17 21:16:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/12/14 02:59:48 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/08/16 02:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/12/14 02:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/09/02 15:12:49 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2011/12/30 10:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/07/19 17:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2008/11/17 21:23:29 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2006/07/19 19:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/03/12 21:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/07/19 20:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/07/18 20:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/03/26 19:44:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/07/19 20:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/07/19 20:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/09/10 03:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/08/18 20:06:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/24 01:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/03/26 19:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2006/07/18 20:32:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/07/18 20:32:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/06/11 00:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/03/05 22:16:03 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2009/03/12 09:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/09/07 19:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2006/07/18 20:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 02:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/09/24 20:41:55 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2010/08/13 00:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\PSD
[2006/07/19 20:39:38 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2008/09/01 12:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2012/07/22 09:44:34 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2010/06/17 17:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/04/24 01:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/02/13 01:49:19 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/01/31 19:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\Selectsoft
[2008/08/15 21:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\SNC
[2012/08/18 19:40:43 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedyPC Software
[2011/03/05 15:42:48 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/07/19 16:57:47 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/12/14 03:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\ThermaCAM
[2006/08/17 11:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2006/07/19 17:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Games
[2012/03/05 13:58:09 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/07/18 20:42:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/08/31 18:53:43 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2006/07/19 20:39:47 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2006/07/19 17:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/06/14 21:27:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/12 09:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/07/18 20:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2006/07/18 20:35:37 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/08/19 14:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\WMV9_VCM
[2008/08/19 14:40:54 | 000,000,000 | ---D | M] -- C:\Program Files\Xara
[2006/07/18 20:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/08/11 15:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2006/07/18 13:28:16 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\BCB\Application Data\desktop.ini
[2010/09/08 23:34:36 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml

< MD5 for: AFD.SYS >
[2011/08/17 07:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 07:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 13:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 13:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 07:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 09:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 04:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 03:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004/08/10 06:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 03:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 08:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 04:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 04:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 07:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 04:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 05:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 04:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 05:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 05:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 07:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004/08/10 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/13 18:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008/04/13 18:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/13 18:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/13 18:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/13 18:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2009/04/20 11:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 11:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2008/02/20 12:49:36 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=6333C7E182E5B6247500188D28214DEF -- C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
[2004/08/10 06:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
[2008/02/19 23:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=AAC8FFBFD61E784FA3BAC851D4A0BD5F -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
[2009/04/20 11:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/13 18:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/04/13 18:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2012/08/13 22:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
[2005/03/09 11:18:20 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=87D45DE924F9DEAE3886A270DE0097AA -- C:\WINDOWS\$NtUninstallKB902400$\es.dll
[2005/07/25 22:20:28 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=95F5FEA4C6DE2C3F28784D0DCC8F0DD3 -- C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[2012/08/08 14:30:14 | 000,008,728 | ---- | M] () MD5=99CDEC2E14B16630C1FC85682625BF45 -- C:\Program Files\Google\Chrome\Application\21.0.1180.77\Locales\es.dll
[2008/07/07 14:06:43 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=A4AB3DCA4A383F0DF4988ABDEB84F9A4 -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2004/08/10 06:00:00 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\WINDOWS\$NtUninstallKB895200$\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\ERDNT\cache\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 14:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 14:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2004/08/10 06:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/13 18:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/13 18:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/10 06:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: NETBT.SYS >
[2004/08/10 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 13:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 13:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/13 18:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ERDNT\cache\netman.dll
[2008/04/13 18:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/13 18:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2005/08/22 12:24:55 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[2005/08/22 12:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[2004/08/10 06:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\$NtUninstallKB905414$\netman.dll

< MD5 for: QMGR.DLL >
[2004/08/10 06:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2008/04/13 18:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/13 18:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2004/08/10 06:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB895200$\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 04:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/07/25 22:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2005/04/28 13:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005/03/09 11:18:21 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=E5F3AF7B092F23BA51E1F31096F12DC6 -- C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SR.SYS >
[2008/04/13 12:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/13 12:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2004/08/10 06:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/13 18:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 18:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 18:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/10 06:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006/04/20 05:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 04:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007/10/30 10:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 04:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 11:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 13:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 13:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/10 06:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008/06/20 05:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 05:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 06:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 12:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 12:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/10 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/13 18:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
[2008/04/13 18:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
[2004/08/10 06:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2004/08/10 06:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2008/04/13 18:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008/04/13 18:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2004/08/10 06:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2008/04/13 18:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008/04/13 18:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Re: espeak911 colexity777 37.220.36.44 20th August 2012, 1:26 am

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-19 18:30:35
-----------------------------
18:30:35.328 OS Version: Windows 5.1.2600 Service Pack 3
18:30:35.328 Number of processors: 2 586 0xE08
18:30:35.328 ComputerName: TOSHIBA-USER UserName: BCB
18:30:36.421 Initialize success
18:31:03.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:31:03.640 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
18:31:03.640 Device \Driver\atapi -> DriverStartIo 8a7202e2
18:31:03.640 Disk 0 MBR read successfully
18:31:03.640 Disk 0 MBR scan
18:31:03.640 Disk 0 Windows XP default MBR code
18:31:03.640 Disk 0 MBR hidden
18:31:03.671 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
18:31:03.671 Disk 0 scanning sectors +156296385
18:31:03.750 Disk 0 scanning C:\WINDOWS\system32\drivers
18:31:14.265 Service scanning
18:31:33.546 Modules scanning
18:31:43.265 Disk 0 trace - called modules:
18:31:43.281 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a7204b1]<<
18:31:43.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a708ab8]
18:31:43.281 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008b[0x8a7aa510]
18:31:43.281 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a70c940]
18:31:43.296 \Driver\atapi[0x8a693a68] -> IRP_MJ_CREATE -> 0x8a7204b1
18:31:43.296 Scan finished successfully
18:32:53.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\aswMBR\MBR.dat"
18:32:53.031 The log file has been saved successfully to "C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\aswMBR\aswMBR.txt"

Re: espeak911 colexity777 37.220.36.44 20th August 2012, 1:27 am

Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
AOL Spyware Protection
SpyHunter
HijackThis 2.0.2
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 9.0.115.0 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (3.0.10) Firefox out of Date!
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
````````Process Check: objlist.exe by Laurent````````
BCB Desktop Aug 2012 espeak911 virus SecurityCheck\SecurityCheck.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

Re: espeak911 colexity777 37.220.36.44 21st August 2012, 1:02 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
The Security Check log shows that your AV is disabled. Please enable it now.
The log also show that you only have 8.09% free space on your hard drive. Windows require 15% or more to operate efficiently. You will need to free up more space(11 Gb). You can do this by transferring music, videos, pictures and other important data to an external harddrive or DVD's. You can use RW's because they are re-usable. You can also uninstall any programs no longer used or needed.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
espeak911 colexity777 37.220.36.44 Mbamicontw5

espeak911 colexity777 37.220.36.44 Mbamicontw5

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Re: espeak911 colexity777 37.220.36.44 21st August 2012, 11:03 pm

I am using a computer at the library to read your instructions and download any needed software. I will report back once I have completed your above instructions. Thank you.

Re: espeak911 colexity777 37.220.36.44 22nd August 2012, 3:45 pm

Installed SuperAntiSpyware. Did not appear to update from update file downloaded onto thumb drive from another computer.

NOTE - SuperAntiSpyware update file later found by Malwarebytes to be infected!!

Scan log below:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/21/2012 at 11:46 PM

Application Version : 5.5.1012

Core Rules Database Version : 9098
Trace Rules Database Version: 6910

Scan type : Complete Scan
Total Scan Time : 03:22:17

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 35471
Registry threats detected : 0
File items scanned : 131882
File threats detected : 388

Adware.Tracking Cookie
C:\Documents and Settings\BCB\Cookies\bcb@a.total-media[1].txt [ /a.total-media ]
C:\Documents and Settings\BCB\Cookies\bcb@ad-beta.thehill[1].txt [ /ad-beta.thehill ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.blockshopper[1].txt [ /ad.blockshopper ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.ench.kyodonews[1].txt [ /ad.ench.kyodonews ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.epochtimes[2].txt [ /ad.epochtimes ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.telegraf[1].txt [ /ad.telegraf ]
C:\Documents and Settings\BCB\Cookies\bcb@ad1.adtitan[1].txt [ /ad1.adtitan ]
C:\Documents and Settings\BCB\Cookies\bcb@ad4.adfarm1.adition[2].txt [ /ad4.adfarm1.adition ]
C:\Documents and Settings\BCB\Cookies\bcb@adcentriconline[2].txt [ /adcentriconline ]
C:\Documents and Settings\BCB\Cookies\bcb@adecn[1].txt [ /adecn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.abovetopsecret[1].txt [ /ads.abovetopsecret ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.apn.co[2].txt [ /ads.apn.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.artsopolis[1].txt [ /ads.artsopolis ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.associatedcontent[2].txt [ /ads.associatedcontent ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.bleepingcomputer[1].txt [ /ads.bleepingcomputer ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.cnn[2].txt [ /ads.cnn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.coastalcourier[2].txt [ /ads.coastalcourier ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.comcorpusa[1].txt [ /ads.comcorpusa ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.dixcom[1].txt [ /ads.dixcom ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.foodbuzz[1].txt [ /ads.foodbuzz ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.heraldnet[1].txt [ /ads.heraldnet ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.imgur[2].txt [ /ads.imgur ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.madeinwork[2].txt [ /ads.madeinwork ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.mail[1].txt [ /ads.mail ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.n-ws[1].txt [ /ads.n-ws ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.news-gazette[2].txt [ /ads.news-gazette ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.oregonnewsjournal[2].txt [ /ads.oregonnewsjournal ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pgatour[2].txt [ /ads.pgatour ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pixiq[2].txt [ /ads.pixiq ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.react2media[2].txt [ /ads.react2media ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcmdb[1].txt [ /ads.tcmdb ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcm[1].txt [ /ads.tcm ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.telegraph.co[1].txt [ /ads.telegraph.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thefrisky[1].txt [ /ads.thefrisky ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thesmokinggun[1].txt [ /ads.thesmokinggun ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tmnetads[1].txt [ /ads.tmnetads ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.trutv[1].txt [ /ads.trutv ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.wabi[2].txt [ /ads.wabi ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.xtra[1].txt [ /ads.xtra ]
C:\Documents and Settings\BCB\Cookies\bcb@adserv.brandaffinity[1].txt [ /adserv.brandaffinity ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.clicklish[2].txt [ /adserver.clicklish ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.neworleans[2].txt [ /adserver.neworleans ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.nsadev[1].txt [ /adserver.nsadev ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.whiznews[1].txt [ /adserver.whiznews ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver2.news-journalonline[1].txt [ /adserver2.news-journalonline ]
C:\Documents and Settings\BCB\Cookies\bcb@advertising.goldseek[2].txt [ /advertising.goldseek ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.brighthouse[1].txt [ /adverts.brighthouse ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.timesofmalta[1].txt [ /adverts.timesofmalta ]
C:\Documents and Settings\BCB\Cookies\bcb@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\BCB\Cookies\bcb@allbritton.122.2o7[1].txt [ /allbritton.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@am-newyokmint-live.122.2o7[1].txt [ /am-newyokmint-live.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@amex-insights[1].txt [ /amex-insights ]
C:\Documents and Settings\BCB\Cookies\bcb@analytics.rogersmedia[1].txt [ /analytics.rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@apnonline.112.2o7[1].txt [ /apnonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@arkansasonline.112.2o7[1].txt [ /arkansasonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@asianmedia[2].txt [ /asianmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@atlanticmedia.122.2o7[1].txt [ /atlanticmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bannerads.forsythnews[2].txt [ /bannerads.forsythnews ]
C:\Documents and Settings\BCB\Cookies\bcb@banners.andomedia[2].txt [ /banners.andomedia ]
C:\Documents and Settings\BCB\Cookies\bcb@banners1.sninews[1].txt [ /banners1.sninews ]
C:\Documents and Settings\BCB\Cookies\bcb@bassproshops.122.2o7[1].txt [ /bassproshops.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@beacon.dmsinsights[1].txt [ /beacon.dmsinsights ]
C:\Documents and Settings\BCB\Cookies\bcb@beacons.hottraffic[1].txt [ /beacons.hottraffic ]
C:\Documents and Settings\BCB\Cookies\bcb@bellglobemediapublishing.122.2o7[1].txt [ /bellglobemediapublishing.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@biglots.112.2o7[1].txt [ /biglots.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@blethenmaine.112.2o7[1].txt [ /blethenmaine.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bluemango.solution.weborama[2].txt [ /bluemango.solution.weborama ]
C:\Documents and Settings\BCB\Cookies\bcb@bonniercorp.122.2o7[1].txt [ /bonniercorp.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@brighthouse.122.2o7[1].txt [ /brighthouse.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@buycom.122.2o7[1].txt [ /buycom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@c.gigcount[1].txt [ /c.gigcount ]
C:\Documents and Settings\BCB\Cookies\bcb@canoe.112.2o7[1].txt [ /canoe.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@care2.112.2o7[1].txt [ /care2.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbcnewmedia.112.2o7[1].txt [ /cbcnewmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbsdigitalmedia.112.2o7[1].txt [ /cbsdigitalmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn1.trafficmp[1].txt [ /cdn1.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn4.specificclick[2].txt [ /cdn4.specificclick ]
C:\Documents and Settings\BCB\Cookies\bcb@centralmediaserver[2].txt [ /centralmediaserver ]
C:\Documents and Settings\BCB\Cookies\bcb@chicagosuntimes.122.2o7[1].txt [ /chicagosuntimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@click2houston[2].txt [ /click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@clickbooth[1].txt [ /clickbooth ]
C:\Documents and Settings\BCB\Cookies\bcb@clickondetroit[1].txt [ /clickondetroit ]
C:\Documents and Settings\BCB\Cookies\bcb@cmn.adbureau[2].txt [ /cmn.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@cms.trafficmp[1].txt [ /cms.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@csm.rotator.hadj7.adjuggler[2].txt [ /csm.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@dailyheraldpaddockpublication.112.2o7[1].txt [ /dailyheraldpaddockpublication.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@dmtracker[2].txt [ /dmtracker ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aek4sgczcao.stats.esomniture[2].txt [ /e-2dj6aek4sgczcao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekiqidjmgp.stats.esomniture[2].txt [ /e-2dj6aekiqidjmgp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekoslcjagp.stats.esomniture[2].txt [ /e-2dj6aekoslcjagp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekygkajidq.stats.esomniture[2].txt [ /e-2dj6aekygkajidq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykmazalp.stats.esomniture[2].txt [ /e-2dj6aekykmazalp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykoajwgq.stats.esomniture[1].txt [ /e-2dj6aekykoajwgq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekyukdpwep.stats.esomniture[2].txt [ /e-2dj6aekyukdpwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aelielczmlo.stats.esomniture[1].txt [ /e-2dj6aelielczmlo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aeliklcjwkp.stats.esomniture[2].txt [ /e-2dj6aeliklcjwkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wakokhdpidp.stats.esomniture[2].txt [ /e-2dj6wakokhdpidp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6walogjdzmfo.stats.esomniture[2].txt [ /e-2dj6walogjdzmfo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wamysod5gap.stats.esomniture[2].txt [ /e-2dj6wamysod5gap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wbliojdjedp.stats.esomniture[2].txt [ /e-2dj6wbliojdjedp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wckycgdzecq.stats.esomniture[2].txt [ /e-2dj6wckycgdzecq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wcl4woc5mdp.stats.esomniture[2].txt [ /e-2dj6wcl4woc5mdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdkiagcjako.stats.esomniture[2].txt [ /e-2dj6wdkiagcjako.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdlionazmkp.stats.esomniture[2].txt [ /e-2dj6wdlionazmkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdmigiazadp.stats.esomniture[2].txt [ /e-2dj6wdmigiazadp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4ehcpcgo.stats.esomniture[2].txt [ /e-2dj6wfk4ehcpcgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4qpc5mbp.stats.esomniture[2].txt [ /e-2dj6wfk4qpc5mbp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkicjazsho.stats.esomniture[1].txt [ /e-2dj6wfkicjazsho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkygjczogp.stats.esomniture[2].txt [ /e-2dj6wfkygjczogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkyuiczkbq.stats.esomniture[2].txt [ /e-2dj6wfkyuiczkbq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfliuldpieq.stats.esomniture[2].txt [ /e-2dj6wfliuldpieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoaicjokq.stats.esomniture[2].txt [ /e-2dj6wgkoaicjokq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoomdpgfq.stats.esomniture[2].txt [ /e-2dj6wgkoomdpgfq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4khazwbo.stats.esomniture[2].txt [ /e-2dj6wjk4khazwbo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4kidjklp.stats.esomniture[2].txt [ /e-2dj6wjk4kidjklp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4ojazkao.stats.esomniture[2].txt [ /e-2dj6wjk4ojazkao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4uldpikq.stats.esomniture[1].txt [ /e-2dj6wjk4uldpikq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkokic5wdp.stats.esomniture[2].txt [ /e-2dj6wjkokic5wdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkoqid5clp.stats.esomniture[1].txt [ /e-2dj6wjkoqid5clp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajcdo.stats.esomniture[2].txt [ /e-2dj6wjkyanajcdo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajwep.stats.esomniture[2].txt [ /e-2dj6wjkyanajwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkycic5gho.stats.esomniture[2].txt [ /e-2dj6wjkycic5gho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyckdpklo.stats.esomniture[2].txt [ /e-2dj6wjkyckdpklo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkygpd5efq.stats.esomniture[2].txt [ /e-2dj6wjkygpd5efq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkykjc5efp.stats.esomniture[2].txt [ /e-2dj6wjkykjc5efp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyknczwgo.stats.esomniture[2].txt [ /e-2dj6wjkyknczwgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqndzwlp.stats.esomniture[2].txt [ /e-2dj6wjkyqndzwlp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqpc5ieq.stats.esomniture[2].txt [ /e-2dj6wjkyqpc5ieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyundpadq.stats.esomniture[2].txt [ /e-2dj6wjkyundpadq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkywkczaeq.stats.esomniture[1].txt [ /e-2dj6wjkywkczaeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4cncpiap.stats.esomniture[2].txt [ /e-2dj6wjl4cncpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4eic5ogp.stats.esomniture[2].txt [ /e-2dj6wjl4eic5ogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4qjdzibp.stats.esomniture[2].txt [ /e-2dj6wjl4qjdzibp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliegcpmhp.stats.esomniture[2].txt [ /e-2dj6wjliegcpmhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlikgajgho.stats.esomniture[2].txt [ /e-2dj6wjlikgajgho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliohd5mhq.stats.esomniture[1].txt [ /e-2dj6wjliohd5mhq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlychczggp.stats.esomniture[2].txt [ /e-2dj6wjlychczggp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlyemdzwao.stats.esomniture[2].txt [ /e-2dj6wjlyemdzwao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiohdzkhp.stats.esomniture[2].txt [ /e-2dj6wjmiohdzkhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiumczcco.stats.esomniture[2].txt [ /e-2dj6wjmiumczcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmychajcdp.stats.esomniture[1].txt [ /e-2dj6wjmychajcdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1gczab.stats.esomniture[1].txt [ /e-2dj6wjny-1gczab.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1pcjml.stats.esomniture[1].txt [ /e-2dj6wjny-1pcjml.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyagc5gao.stats.esomniture[1].txt [ /e-2dj6wjnyagc5gao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyamczmcq.stats.esomniture[2].txt [ /e-2dj6wjnyamczmcq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycldjahq.stats.esomniture[2].txt [ /e-2dj6wjnycldjahq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycndzcco.stats.esomniture[2].txt [ /e-2dj6wjnycndzcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycoajacp.stats.esomniture[1].txt [ /e-2dj6wjnycoajacp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycocpodp.stats.esomniture[2].txt [ /e-2dj6wjnycocpodp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyegd5ekp.stats.esomniture[2].txt [ /e-2dj6wjnyegd5ekp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyejdjkcp.stats.esomniture[2].txt [ /e-2dj6wjnyejdjkcp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygldpoap.stats.esomniture[1].txt [ /e-2dj6wjnygldpoap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygmajmgo.stats.esomniture[2].txt [ /e-2dj6wjnygmajmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyonc5sko.stats.esomniture[2].txt [ /e-2dj6wjnyonc5sko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyooc5oeo.stats.esomniture[2].txt [ /e-2dj6wjnyooc5oeo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopaziko.stats.esomniture[2].txt [ /e-2dj6wjnyopaziko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopc5gco.stats.esomniture[2].txt [ /e-2dj6wjnyopc5gco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqgcpmgo.stats.esomniture[2].txt [ /e-2dj6wjnyqgcpmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqpc5ieo.stats.esomniture[2].txt [ /e-2dj6wjnyqpc5ieo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnywgcjgdq.stats.esomniture[2].txt [ /e-2dj6wjnywgcjgdq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoejcpofo.stats.esomniture[2].txt [ /e-2dj6wmkoejcpofo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoeoazweo.stats.esomniture[2].txt [ /e-2dj6wmkoeoazweo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4qjc5ocq.stats.esomniture[2].txt [ /e-2dj6wml4qjc5ocq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4ugcpiap.stats.esomniture[2].txt [ /e-2dj6wml4ugcpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wnmywpdpkeq.stats.esomniture[2].txt [ /e-2dj6wnmywpdpkeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@earthlink.122.2o7[2].txt [ /earthlink.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@edgeadx[2].txt [ /edgeadx ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-emmiscommunications.hitbox[2].txt [ /ehg-emmiscommunications.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-mgnlimited.hitbox[1].txt [ /ehg-mgnlimited.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@enterprisemediagroup.112.2o7[1].txt [ /enterprisemediagroup.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@entrepreneur[2].txt [ /entrepreneur ]
C:\Documents and Settings\BCB\Cookies\bcb@eveningpostdigital.112.2o7[1].txt [ /eveningpostdigital.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@ewstv.112.2o7[1].txt [ /ewstv.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@examinercom.122.2o7[1].txt [ /examinercom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@f.blogads[1].txt [ /f.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@f2network.112.2o7[1].txt [ /f2network.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@fim.122.2o7[1].txt [ /fim.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@find.myrecipes[1].txt [ /find.myrecipes ]
C:\Documents and Settings\BCB\Cookies\bcb@findarticles[2].txt [ /findarticles ]
C:\Documents and Settings\BCB\Cookies\bcb@findlinks.addresses[2].txt [ /findlinks.addresses ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.adn[2].txt [ /findnsave.adn ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.mercedsunstar[1].txt [ /findnsave.mercedsunstar ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.thenewstribune[1].txt [ /findnsave.thenewstribune ]
C:\Documents and Settings\BCB\Cookies\bcb@firsttracksonline[1].txt [ /firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@forum.rotator.hadj7.adjuggler[2].txt [ /forum.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@foxinteractivemedia.122.2o7[1].txt [ /foxinteractivemedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@friendquestions[1].txt [ /friendquestions ]
C:\Documents and Settings\BCB\Cookies\bcb@g.blogads[2].txt [ /g.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[1].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[2].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@generalelectric.112.2o7[1].txt [ /generalelectric.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@gsicace.112.2o7[1].txt [ /gsicace.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hammacher.112.2o7[1].txt [ /hammacher.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@harpo.122.2o7[1].txt [ /harpo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@haymarketbusinesspublications.122.2o7[1].txt [ /haymarketbusinesspublications.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@healthgrades.112.2o7[1].txt [ /healthgrades.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearst.112.2o7[1].txt [ /hearst.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearstmagazines.112.2o7[1].txt [ /hearstmagazines.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@highbeam.122.2o7[1].txt [ /highbeam.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@htmlgear.tripod[1].txt [ /htmlgear.tripod ]
C:\Documents and Settings\BCB\Cookies\bcb@hurricanetrack[1].txt [ /hurricanetrack ]
C:\Documents and Settings\BCB\Cookies\bcb@idfact.adservinginternational[2].txt [ /idfact.adservinginternational ]
C:\Documents and Settings\BCB\Cookies\bcb@idgenterprise.112.2o7[1].txt [ /idgenterprise.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@imagevenue.advertserve[2].txt [ /imagevenue.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@imrworldwide[1].txt [ /imrworldwide ]
C:\Documents and Settings\BCB\Cookies\bcb@in.getclicky[1].txt [ /in.getclicky ]
C:\Documents and Settings\BCB\Cookies\bcb@inl.adbureau[2].txt [ /inl.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@interchangecorporation.122.2o7[1].txt [ /interchangecorporation.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@invitemedia[2].txt [ /invitemedia ]
C:\Documents and Settings\BCB\Cookies\bcb@ipcmedia.122.2o7[1].txt [ /ipcmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@journalregistercompany.122.2o7[1].txt [ /journalregistercompany.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@jra.advertserve[1].txt [ /jra.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@kontera[1].txt [ /kontera ]
C:\Documents and Settings\BCB\Cookies\bcb@leeenterprises.112.2o7[1].txt [ /leeenterprises.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[10].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[11].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[4].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[8].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[9].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@lockedonmedia[2].txt [ /lockedonmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[3].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[4].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@magellan.highcountrync[1].txt [ /magellan.highcountrync ]
C:\Documents and Settings\BCB\Cookies\bcb@media.angelfire.lycos[1].txt [ /media.angelfire.lycos ]
C:\Documents and Settings\BCB\Cookies\bcb@media.mtvnservices[2].txt [ /media.mtvnservices ]
C:\Documents and Settings\BCB\Cookies\bcb@media.theage.com[1].txt [ /media.theage.com ]
C:\Documents and Settings\BCB\Cookies\bcb@media.www.deltacollegian[2].txt [ /media.www.deltacollegian ]
C:\Documents and Settings\BCB\Cookies\bcb@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\BCB\Cookies\bcb@mediadecoder.blogs.nytimes[2].txt [ /mediadecoder.blogs.nytimes ]
C:\Documents and Settings\BCB\Cookies\bcb@mediaonenetwork[1].txt [ /mediaonenetwork ]
C:\Documents and Settings\BCB\Cookies\bcb@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@mlbam.112.2o7[1].txt [ /mlbam.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@molawyersmedia[1].txt [ /molawyersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@montgomeryadvertiser[1].txt [ /montgomeryadvertiser ]
C:\Documents and Settings\BCB\Cookies\bcb@msnbc.112.2o7[2].txt [ /msnbc.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nandomedia.112.2o7[1].txt [ /nandomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@netcentral.advertserve[1].txt [ /netcentral.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@network.alluremedia.com[2].txt [ /network.alluremedia.com ]
C:\Documents and Settings\BCB\Cookies\bcb@newsday.122.2o7[1].txt [ /newsday.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@newsquestdigitalmedia.122.2o7[1].txt [ /newsquestdigitalmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nexstar.122.2o7[1].txt [ /nexstar.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@northjersey.112.2o7[1].txt [ /northjersey.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pajamasmedia[1].txt [ /pajamasmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pennwellcorp.112.2o7[1].txt [ /pennwellcorp.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pentonmedia.122.2o7[1].txt [ /pentonmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@piercecountyherald[3].txt [ /piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@pmamedia.sitescout[1].txt [ /pmamedia.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@premiumtv.122.2o7[2].txt [ /premiumtv.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@r.unicornmedia[1].txt [ /r.unicornmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@rainbowmedia.122.2o7[1].txt [ /rainbowmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@rogersmedia[1].txt [ /rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@samsclub.112.2o7[1].txt [ /samsclub.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoadmc.122.2o7[1].txt [ /saxoadmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoeverett.122.2o7[1].txt [ /saxoeverett.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxofosters.122.2o7[1].txt [ /saxofosters.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxotoledo.122.2o7[1].txt [ /saxotoledo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@skinsecretsexposed[2].txt [ /skinsecretsexposed ]
C:\Documents and Settings\BCB\Cookies\bcb@smokinggun.122.2o7[1].txt [ /smokinggun.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@sonyelectronicssupportus.112.2o7[1].txt [ /sonyelectronicssupportus.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@specificmedia[2].txt [ /specificmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@sportingnews.122.2o7[1].txt [ /sportingnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stat.onestat[2].txt [ /stat.onestat ]
C:\Documents and Settings\BCB\Cookies\bcb@stateofgeorgia.122.2o7[1].txt [ /stateofgeorgia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stats-newyork1.bloxcms[3].txt [ /stats-newyork1.bloxcms ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.dallasnews[1].txt [ /stats.dallasnews ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.hostclear[1].txt [ /stats.hostclear ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.justhost[1].txt [ /stats.justhost ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.synapa[1].txt [ /stats.synapa ]
C:\Documents and Settings\BCB\Cookies\bcb@statsadv.dadapro[1].txt [ /statsadv.dadapro ]
C:\Documents and Settings\BCB\Cookies\bcb@stocks.advertserve[1].txt [ /stocks.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@stpetersburgtimes.122.2o7[1].txt [ /stpetersburgtimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@surveymonkey.122.2o7[1].txt [ /surveymonkey.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tangomedia.112.2o7[1].txt [ /tangomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@thecountdownclock[2].txt [ /thecountdownclock ]
C:\Documents and Settings\BCB\Cookies\bcb@timeinc.122.2o7[1].txt [ /timeinc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@timesofindia.indiatimes[2].txt [ /timesofindia.indiatimes ]
C:\Documents and Settings\BCB\Cookies\bcb@torstardigital.122.2o7[1].txt [ /torstardigital.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.foxnews[2].txt [ /tracking.foxnews ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.hostgator[2].txt [ /tracking.hostgator ]
C:\Documents and Settings\BCB\Cookies\bcb@trackit.sitescout[2].txt [ /trackit.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@traffic.prod.cobaltgroup[1].txt [ /traffic.prod.cobaltgroup ]
C:\Documents and Settings\BCB\Cookies\bcb@tribuneinteractive.122.2o7[1].txt [ /tribuneinteractive.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trinitymirror.112.2o7[1].txt [ /trinitymirror.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trvlnet.adbureau[1].txt [ /trvlnet.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@twc.rotator.hadj7.adjuggler[2].txt [ /twc.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@twctsg.122.2o7[1].txt [ /twctsg.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usatoday1.112.2o7[1].txt [ /usatoday1.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usnews.122.2o7[1].txt [ /usnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@videoegg.adbureau[1].txt [ /videoegg.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@vpmc.122.2o7[1].txt [ /vpmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@walmart.112.2o7[1].txt [ /walmart.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@webmasterplan[2].txt [ /webmasterplan ]
C:\Documents and Settings\BCB\Cookies\bcb@wpni.112.2o7[1].txt [ /wpni.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@www.3dstats[1].txt [ /www.3dstats ]
C:\Documents and Settings\BCB\Cookies\bcb@www.click2houston[1].txt [ /www.click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@www.firsttracksonline[2].txt [ /www.firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@www.piercecountyherald[1].txt [ /www.piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@www.seeclickfix[1].txt [ /www.seeclickfix ]
C:\Documents and Settings\BCB\Cookies\bcb@www.visitor-track[1].txt [ /www.visitor-track ]
C:\Documents and Settings\BCB\Cookies\bcb@www3.addfreestats[2].txt [ /www3.addfreestats ]
C:\Documents and Settings\BCB\Cookies\bcb@xiti[1].txt [ /xiti ]
C:\Documents and Settings\BCB\Cookies\bcb@yieldmanager[2].txt [ /yieldmanager ]
C:\Documents and Settings\BCB\Cookies\bcb@zbox.zanox[1].txt [ /zbox.zanox ]
C:\Documents and Settings\BCB\Cookies\CLKDNZQR.txt [ /at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\AMRKM6AW.txt [ /imrworldwide.com ]
C:\Documents and Settings\BCB\Cookies\0JNUFLBS.txt [ /ads.pointroll.com ]
C:\Documents and Settings\BCB\Cookies\YQT14NC0.txt [ /a1.interclick.com ]
C:\Documents and Settings\BCB\Cookies\OEXR9DTC.txt [ /lucidmedia.com ]
C:\Documents and Settings\BCB\Cookies\DKU7UT6J.txt [ /c.atdmt.com ]
C:\Documents and Settings\BCB\Cookies\KV8K2OAZ.txt [ /findnsave.sacbee.com ]
C:\Documents and Settings\BCB\Cookies\BSJL0C3B.txt [ /adxpose.com ]
C:\Documents and Settings\BCB\Cookies\H3S983XE.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\BCB\Cookies\7J75M1ZH.txt [ /ads.adultwebads.net ]
C:\Documents and Settings\BCB\Cookies\MLZP9U29.txt [ /advertising.com ]
C:\Documents and Settings\BCB\Cookies\EHV58CFM.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\MIWVLFBY.txt [ /zedo.com ]
C:\Documents and Settings\BCB\Cookies\VH97S1L4.txt [ /pointroll.com ]
C:\Documents and Settings\BCB\Cookies\ZWA7KB2S.txt [ /tribalfusion.com ]
C:\Documents and Settings\BCB\Cookies\4XSW59P2.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\BCB\Cookies\HK7EOQQU.txt [ /insightexpressai.com ]
C:\Documents and Settings\BCB\Cookies\C5NHM6C1.txt [ /yieldmanager.net ]
C:\Documents and Settings\BCB\Cookies\DQKDC9PU.txt [ /invitemedia.com ]
C:\Documents and Settings\BCB\Cookies\40E3QHFO.txt [ /apmebf.com ]
C:\Documents and Settings\BCB\Cookies\KO0CUATR.txt [ /saymedia.com ]
C:\Documents and Settings\BCB\Cookies\MYZ20EY3.txt [ /histats.com ]
C:\Documents and Settings\BCB\Cookies\89YSJM8L.txt [ /burstnet.com ]
C:\Documents and Settings\BCB\Cookies\22SSNTTG.txt [ /network.realmedia.com ]
C:\Documents and Settings\BCB\Cookies\XUA1KXLT.txt [ /www.burstnet.com ]
C:\Documents and Settings\BCB\Cookies\SDODJWYR.txt [ /adinterax.com ]
C:\Documents and Settings\BCB\Cookies\TTBHUCXW.txt [ /statcounter.com ]
C:\Documents and Settings\BCB\Cookies\HEN3T7WS.txt [ /collective-media.net ]
C:\Documents and Settings\BCB\Cookies\XG7OU6N9.txt [ /ads.cnn.com ]
C:\Documents and Settings\BCB\Cookies\G8IGRR48.txt [ /overture.com ]
C:\Documents and Settings\BCB\Cookies\XA32JZ42.txt [ /doubleclick.net ]
C:\Documents and Settings\BCB\Cookies\I2CCLK7F.txt [ /media6degrees.com ]
C:\Documents and Settings\BCB\Cookies\VVWC2W7K.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\BCB\Cookies\EIASTTSX.txt [ /ads.undertone.com ]
C:\Documents and Settings\BCB\Cookies\JRGKBDG8.txt [ /fastclick.net ]
C:\Documents and Settings\BCB\Cookies\J2QW3FU5.txt [ /2o7.net ]
C:\Documents and Settings\BCB\Cookies\5F62HV28.txt [ /realmedia.com ]
C:\Documents and Settings\BCB\Cookies\GRNJZLJ5.txt [ /legolas-media.com ]
C:\Documents and Settings\BCB\Cookies\A83UDHJ9.txt [ /revsci.net ]
C:\Documents and Settings\BCB\Cookies\S9NFIXUS.txt [ /questionmarket.com ]
C:\Documents and Settings\BCB\Cookies\YXVNBLWB.txt [ /kanoodle.com ]
C:\Documents and Settings\BCB\Cookies\PSC7NFMQ.txt [ /adbrite.com ]
C:\Documents and Settings\BCB\Cookies\39JRSRFM.txt [ /accounts.google.com ]
C:\Documents and Settings\BCB\Cookies\4A0GVPUL.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\BCB\Cookies\FX5XJRJZ.txt [ /serving-sys.com ]
C:\Documents and Settings\BCB\Cookies\GHXVZY78.txt [ /casalemedia.com ]
C:\Documents and Settings\BCB\Cookies\GBJH2GZI.txt [ /mediaplex.com ]
C:\Documents and Settings\BCB\Cookies\S2TXIUC6.txt [ /interclick.com ]
C:\Documents and Settings\BCB\Cookies\EUWZQYCW.txt [ /pro-market.net ]
C:\Documents and Settings\BCB\Cookies\N08DDUXN.txt [ /ru4.com ]
C:\Documents and Settings\BCB\Cookies\JUHCZS7U.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\GK59DQDE.txt [ /atdmt.com ]
C:\Documents and Settings\BCB\Cookies\N2M7N696.txt [ /specificclick.net ]
C:\Documents and Settings\BCB\Cookies\GCQ7O1PQ.txt [ /ads.wheresgeorge.com ]
C:\Documents and Settings\BCB\Cookies\JNB0BVUN.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\BCB\Cookies\NE4SAKNV.txt [ /earthlink.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\I1BF3VQO.txt [ /rtst.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\H599CV5W.txt [ /ads.gainesvilletimes.com ]
C:\Documents and Settings\BCB\Cookies\AA3LVW9N.txt [ /countrymusic.about.com ]
C:\Documents and Settings\BCB\Cookies\58WSV02I.txt [ /mycountdown.org ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\2BU671Q0.txt [ Cookie:bcb@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\35IB4D6E.txt [ Cookie:bcb@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\DH01I0U4.txt [ Cookie:bcb@www.google.com/accounts ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkyaocjefo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wcmiumcpefp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjk4elc5kfo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.earthlink.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VBLRHRP5 ]

Trojan.Agent/Gen-Frauder
C:\DOCUMENTS AND SETTINGS\BCB\LOCAL SETTINGS\TEMP\79B.TMP

Re: espeak911 colexity777 37.220.36.44 22nd August 2012, 3:52 pm

After scan completed was not able to follow instructions given. No choice to quarantine selected items. Only choices were "Manage Allowed Items", "View Scan Log", "Remove Threats", "Cancel".

Closed SuperAntiSpyware, rebooted and moved on to Malwarebytes.

Installed Malwarebytes but did not appear to update from update file downloaded to thumb drive on another computer.

Malwarebytes scan log below:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
BCB :: TOSHIBA-USER [administrator]

8/22/2012 1:00:32 AM
mbam-log-2012-08-22 (01-00-32).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391263
Time elapsed: 3 hour(s), 19 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\SuperAntiSpyware\Updates\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)

Re: espeak911 colexity777 37.220.36.44 22nd August 2012, 4:02 pm

NOTE

Phony antivirus program now resident on my laptop.

SpeedyPC Pro

Created August 18, 2012 7:40:55 PM
Has a desktop shortcut and appeared in tray before Malwarebytes deleted malicious files.

SpeedyPC Pro appears to still be installed on laptop. It is still included on the list of installed programs although it does not appear in my tray at the moment.

Malwarebytes does not appear to find anything suspicious about SpeedyPC Pro.

I will now await further instructions.

Also, I uninstalled SpywareHunter4 after completing the above steps.

Re: espeak911 colexity777 37.220.36.44 22nd August 2012, 4:27 pm

TrendMicro Titanium continues to block attempts to connect to several sites.

http://espeak911.com/x/
http://colexity777.com/x/
http://37.220.36.44/x/

These attempts have slowed down to about one attempt every two minutes as compared to two attempts per minutes earlier.

I took a photo of my laptop screen when the SpeedyPC Pro was running. How do I upload the photo so you can see it?

Re: espeak911 colexity777 37.220.36.44 22nd August 2012, 7:00 pm

SuperAntiSpyware update file later found by Malwarebytes to be infected!!

How are you transferring the programs from the library to your computer; USB or CD?

Those sites are non-existant.

I took a photo of my laptop screen when the SpeedyPC Pro was running. How do I upload the photo so you can see it?

How to post screenshots or images

SpeedyPC Pro is just a nuisance program which is useless. You can uninstall it.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

espeak911 colexity777 37.220.36.44 NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

espeak911 colexity777 37.220.36.44 NSIS_extraction

espeak911 colexity777 37.220.36.44 NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

espeak911 colexity777 37.220.36.44 RcAuto1

espeak911 colexity777 37.220.36.44 RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

espeak911 colexity777 37.220.36.44 Whatnext

espeak911 colexity777 37.220.36.44 Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Re: espeak911 colexity777 37.220.36.44 22nd August 2012, 7:16 pm

Superdave wrote:

SuperAntiSpyware update file later found by Malwarebytes to be infected!!

How are you transferring the programs from the library to your computer; USB or CD?

USB (thumb drive). I don't think I am able to burn a CD on the library's computer but I will find out and will do that if it is possible.

Re: espeak911 colexity777 37.220.36.44 22nd August 2012, 9:42 pm

Security Check by screen 317 log:

Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
AOL Spyware Protection
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 9.0.115.0 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (3.0.10) Firefox out of Date!
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
BCB Desktop Aug 2012 espeak911 virus SecurityCheck\Screen317 SecurityCheck\SecurityCheck.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

ComboFix log:

ComboFix 12-08-22.03 - BCB 08/22/2012 15:00:36.2.2 - x86
Running from: c:\documents and settings\BCB\Desktop\Aug 2012 espeak911 virus\ComboFix\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\BCB\WINDOWS
c:\documents and settings\Default User\WINDOWS
C:\Internet Explorer
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\service
c:\windows\system32\service\02102010_TIS17_SfFniAU.log
c:\windows\system32\service\06122010_TIS17_SfFniAU.log
c:\windows\system32\service\25012011_TIS17_SfFniAU.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 06:45 . 2012-08-22 06:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-22 06:45 . 2012-07-03 19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 01:25 . 2012-08-22 01:25 -------- d-----w- c:\documents and settings\BCB\Application Data\SUPERAntiSpyware.com
2012-08-22 01:25 . 2012-08-22 01:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-22 01:25 . 2012-08-22 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-19 01:59 . 2012-08-19 01:59 -------- d-----w- c:\program files\Enigma Software Group
2012-08-19 01:58 . 2012-08-22 15:05 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-19 01:58 . 2012-08-19 01:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-19 01:41 . 2012-08-19 01:41 -------- d-----w- c:\documents and settings\BCB\Application Data\DriverCure
2012-08-19 01:41 . 2012-08-19 01:41 -------- d-----w- c:\documents and settings\BCB\Application Data\SpeedyPC Software
2012-08-19 01:40 . 2012-08-22 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-08-17 04:32 . 2012-08-20 03:44 -------- d-----w- C:\2012 Election
2012-07-29 06:35 . 2012-07-29 06:36 -------- d-----w- C:\Barber Shop
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 19:45 . 2012-04-16 16:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 19:45 . 2011-05-20 01:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2006-07-19 00:46 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2006-07-19 02:32 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2006-07-19 00:48 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-07-19 00:48 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2006-07-19 00:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2006-07-19 00:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-07-19 00:47 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2008-08-21 19:40 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-07-19 00:47 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-07-19 00:47 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-03 16:44 . 2011-05-30 04:51 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-06-02 21:19 . 2007-07-31 01:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2007-07-31 01:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2006-07-19 02:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2006-07-19 02:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2006-07-19 02:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 21:19 . 2007-07-31 01:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2007-07-31 01:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2006-07-19 02:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2006-07-19 02:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2006-07-19 00:46 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2007-07-31 01:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2006-07-19 02:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2006-07-19 02:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2006-07-19 00:46 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"TFncKy"="TFncKy.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 700416]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2006-01-20 1122412]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-20 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [2007-01-17 46632]
"ScanSoft PDF Professional 4-reminder"="c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" [2006-11-16 35368]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-12 18782720]
"T3Mon"="c:\program files\FLIR Systems\QuickView\T3Mon.exe" [2004-04-26 266240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-06 1304824]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-07-22 296096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153363098\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FLIR Systems\\QuickView\\QuickView.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/5/2012 2:05 PM 68368]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 12:50 PM 98816]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [3/5/2007 10:16 PM 16194]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [3/5/2012 1:57 PM 200632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2011 10:53 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/16/2012 10:16 AM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/17/2010 5:05 PM 1684736]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [6/17/2010 12:22 PM 23456]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FLIRUSBNET;FLIR USB Network Adapter;c:\windows\system32\drivers\FLIRUSB.sys [9/19/2003 2:08 PM 20992]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2011 10:53 AM 136176]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [3/5/2007 10:16 PM 449888]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 10:52 AM 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [7/8/2010 10:52 AM 176384]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 9:29 PM 32408]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:45]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 16:52]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 16:52]
.
2012-08-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 18:00]
.
2012-08-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 18:00]
.
2012-08-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 709e9f33-52d1-40f1-b122-75da7806aae9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a075a8e1-dbe1-49dc-892b-e2b5118fde95.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://yme.music.yahoo.com/uninstallForm.asp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
FF - ProfilePath - c:\documents and settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-HijackThis - c:\documents and settings\BCB\Desktop\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-22 15:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541080G9SA00 rev.MB4OC60R -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A3E42E2
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\WININET.dll
.
Completion time: 2012-08-22 15:18:55
ComboFix-quarantined-files.txt 2012-08-22 21:18
ComboFix2.txt 2010-09-10 07:22
.
Pre-Run: 12,618,219,520 bytes free
Post-Run: 13,432,659,968 bytes free
.
- - End Of File - - 6242428104C6671AE43CBC37B14C0174

NOTE:

Malware continues to attempt to connect to the three non-existant sites about once every two minutes.

System appears to heve slowed down after running Security Check and ComboFix.

Re: espeak911 colexity777 37.220.36.44 23rd August 2012, 7:30 pm

USB (thumb drive). I don't think I am able to burn a CD on the library's computer but I will find out and will do that if it is possible.

Your thumb drive could be infected.
Why do you still have to use the computer at the library? Can't you get on-line with your computer?

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

espeak911 colexity777 37.220.36.44 AswMBR_Scan

espeak911 colexity777 37.220.36.44 AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

espeak911 colexity777 37.220.36.44 AswMBR_SaveLog

espeak911 colexity777 37.220.36.44 AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply

Re: espeak911 colexity777 37.220.36.44 24th August 2012, 12:30 am

[quote="Superdave"]

Why do you still have to use the computer at the library? Can't you get on-line with your computer?

I am able to get on-line now.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-23 18:20:27
-----------------------------
18:20:27.734 OS Version: Windows 5.1.2600 Service Pack 3
18:20:27.734 Number of processors: 2 586 0xE08
18:20:27.734 ComputerName: TOSHIBA-USER UserName: BCB
18:20:31.312 Initialize success
18:20:59.624 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:20:59.624 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
18:20:59.624 Device \Driver\atapi -> DriverStartIo 8a68a2e2
18:20:59.624 Disk 0 MBR read successfully
18:20:59.624 Disk 0 MBR scan
18:20:59.624 Disk 0 Windows XP default MBR code
18:20:59.624 Disk 0 MBR hidden
18:20:59.624 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
18:20:59.640 Disk 0 scanning sectors +156296385
18:20:59.687 Disk 0 scanning C:\WINDOWS\system32\drivers
18:21:09.734 Service scanning
18:21:30.312 Modules scanning
18:21:38.406 Disk 0 trace - called modules:
18:21:38.406 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a68a4b1]<<
18:21:38.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a76fab8]
18:21:38.421 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008d[0x8a730268]
18:21:38.421 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a773940]
18:21:38.421 \Driver\atapi[0x8a74b218] -> IRP_MJ_CREATE -> 0x8a68a4b1
18:21:38.421 Scan finished successfully
18:24:22.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\aswMBR_8-23\Log\MBR.dat"
18:24:22.312 The log file has been saved successfully to "C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\aswMBR_8-23\Log\aswMBR.txt"

Re: espeak911 colexity777 37.220.36.44 24th August 2012, 12:55 am

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

***************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Re: espeak911 colexity777 37.220.36.44 24th August 2012, 3:15 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 9B4D5000
Module End: 9B4ED000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: 9BD23000
Module End: 9BD25000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: 8A470C34
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateMutant
Address: 8A63473C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateProcess
Address: 8A18122C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateProcessEx
Address: 8A2A474C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 8A2F21E4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 8A1ED354
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: 8A45EEDC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: 8A44DC14
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDuplicateObject
Address: 8A14809C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 8A2D084C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 8A315184
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 8A2BD334
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 8A31D324
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRenameKey
Address: 8A4720B4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: 8A4727B4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 8A3F8F54
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: 8A42A0EC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8A29FAA4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 8A52B0FC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 8A3EF6E4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: PsGetThreadWin32Thread
At Address: 804E6BFC
Jump To: F5806135
Module Name: _unknown_

Hooked Function: PsGetProcessWin32Process
At Address: 804E6BFC
Jump To: F5806135
Module Name: _unknown_

Hooked Function: PsGetCurrentProcessSessionId
At Address: 804EA47C
Jump To: 72CF044B
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Re: espeak911 colexity777 37.220.36.44 24th August 2012, 4:14 am

I am currently able to get on-line and go to google.com (and Google News) but I cannot:

* sign in at Google
* conduct a search on Google

Re: espeak911 colexity777 37.220.36.44 24th August 2012, 7:24 pm

I am currently able to get on-line and go to google.com (and Google News) but I cannot:

* sign in at Google
* conduct a search on Google

You might try uninstalling and re-installing Google.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the espeak911 colexity777 37.220.36.44 EsetOnline

espeak911 colexity777 37.220.36.44 EsetOnline

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

espeak911 colexity777 37.220.36.44 EsetAcceptTerms

•Click the espeak911 colexity777 37.220.36.44 EsetStart

button.
•Accept any security warnings from your browser.
•Check espeak911 colexity777 37.220.36.44 EsetScanArchives

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push espeak911 colexity777 37.220.36.44 EsetListThreats

espeak911 colexity777 37.220.36.44 EsetListThreats

•Push

espeak911 colexity777 37.220.36.44 EsetExport

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the espeak911 colexity777 37.220.36.44 EsetBack

espeak911 colexity777 37.220.36.44 EsetBack

button.
•Push espeak911 colexity777 37.220.36.44 EsetFinish

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Re: espeak911 colexity777 37.220.36.44 25th August 2012, 12:38 am

Results of ESET scan:

No threats found. No report to generate or post.

I am still infected because the malware continues to try to connect to the three nonexistant web sites.

Re: espeak911 colexity777 37.220.36.44 25th August 2012, 1:28 am

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

Re: espeak911 colexity777 37.220.36.44 25th August 2012, 2:03 am

OTL logfile created on: 8/24/2012 7:49:15 PM - Run 4
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\OTL
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.27% Memory free
2.58 Gb Paging File | 1.90 Gb Available in Paging File | 73.67% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 11.90 Gb Free Space | 15.97% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: BCB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 18:02:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus\OTL\OTL.com
PRC - [2012/07/22 09:43:39 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/02/27 07:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 14:58:12 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2011/08/02 14:58:12 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/08/02 17:52:46 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/03 03:07:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/07/03 02:57:04 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/07/02 23:50:32 | 000,700,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 13:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2006/04/25 18:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/03/16 14:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/03/02 16:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 13:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2006/01/20 16:14:20 | 001,122,412 | ---- | M] ( ) -- C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
PRC - [2005/12/16 03:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/05 23:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/08/16 12:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/21 19:38:24 | 000,901,120 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 22:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 14:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/04/26 13:26:14 | 000,266,240 | ---- | M] (FLIR Systems) -- C:\Program Files\FLIR Systems\QuickView\T3Mon.exe
PRC - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/08/02 14:58:14 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
MOD - [2011/08/02 14:58:14 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2011/08/02 14:58:12 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/08/02 14:58:12 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2011/08/02 14:58:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_36.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
MOD - [2006/07/02 23:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 23:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/23 15:07:08 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/01/17 19:52:10 | 000,659,456 | ---- | M] () -- C:\Program Files\NETGEAR\WG511SCU\Utility\UIResource.dll
MOD - [2006/01/04 19:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005/11/23 15:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2004/07/20 18:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2004/04/26 13:25:16 | 000,003,584 | ---- | M] () -- c:\Program Files\FLIR Systems\QuickView\Resources\T3Mon.En

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/08/14 13:45:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SYSPREP\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BCB\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/06/03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011/08/02 14:58:24 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 05:14:08 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/07/12 05:13:54 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/07/12 05:13:42 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_000.sys -- (NWUSBPort_000)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/06/17 12:22:52 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/04/14 21:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/11/16 18:34:26 | 005,955,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/03/30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2006/08/25 17:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/22 11:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/07/13 11:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/07/03 01:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/28 17:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/28 12:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 17:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/03/18 08:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 19:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/12/19 15:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2005/12/19 15:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/10/20 15:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 15:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/07/25 18:48:36 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg511nd5.sys -- (NETGEAR_WG511_SERVICE)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 14:08:20 | 000,020,992 | ---- | M] (FLIR Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FLIRUSB.sys -- (FLIRUSBNET)
DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/11 19:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/27 07:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/03/05 14:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/27 07:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/22 09:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 09:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/23 20:43:12 | 000,000,000 | ---D | M]

[2009/10/14 00:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/23 20:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/05 03:15:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/25 16:39:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/08/23 20:43:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/07/22 09:44:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/08/23 20:42:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1464\6.6.1081\FIREFOXEXTENSION
[2012/07/22 09:43:48 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gears.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/08/22 15:13:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe ( )
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ScanSoft PDF Professional 4-reminder] C:\Program Files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [T3Mon] C:\Program Files\FLIR Systems\QuickView\T3Mon.exe (FLIR Systems)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283916496671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD89D79-D72C-4FB1-95C4-33FDAF4732F2}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 20:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/24 13:33:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/23 20:43:12 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/23 20:43:12 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/23 20:43:12 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/23 20:43:11 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/23 19:54:40 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/23 19:45:50 | 000,000,000 | ---D | C] -- C:\Java
[2012/08/22 14:56:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/22 14:56:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/22 14:56:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/22 14:56:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/22 14:55:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/22 00:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/22 00:45:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/22 00:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/21 19:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\SUPERAntiSpyware.com
[2012/08/21 19:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/08/21 19:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/08/21 19:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/19 17:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Desktop\Aug 2012 espeak911 virus
[2012/08/18 19:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/18 19:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/08/18 19:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\DriverCure
[2012/08/18 19:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\SpeedyPC Software
[2012/08/18 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/08/18 09:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/18 09:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/08/16 22:32:09 | 000,000,000 | ---D | C] -- C:\2012 Election
[2012/08/05 19:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\My Documents\Backup IE and Outlook Express
[2012/07/29 00:35:55 | 000,000,000 | ---D | C] -- C:\Barber Shop
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/24 19:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/24 19:26:01 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a075a8e1-dbe1-49dc-892b-e2b5118fde95.job
[2012/08/24 19:12:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/24 12:06:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/08/24 11:48:31 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2012/08/24 11:48:10 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/24 11:48:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/24 11:48:00 | 2137,034,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/23 21:09:52 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2012/08/23 20:42:49 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/23 20:42:49 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/23 20:42:49 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/23 20:42:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/23 20:42:48 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/23 20:42:48 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/23 20:07:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/23 19:54:00 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/22 23:23:35 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\Microsoft Excel.lnk
[2012/08/22 15:13:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/22 10:16:02 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/22 02:00:05 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 709e9f33-52d1-40f1-b122-75da7806aae9.job
[2012/08/22 00:57:41 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 19:25:16 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/21 18:22:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/16 12:37:59 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 02:34:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 13:45:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/14 13:45:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/28 23:40:07 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/07/26 11:21:08 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/22 14:56:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/22 14:56:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/22 14:56:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/22 14:56:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/22 14:56:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/22 00:45:56 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 19:26:21 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a075a8e1-dbe1-49dc-892b-e2b5118fde95.job
[2012/08/21 19:26:20 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 709e9f33-52d1-40f1-b122-75da7806aae9.job
[2012/08/21 19:25:16 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/20 12:28:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/17 21:18:32 | 000,034,776 | ---- | C] () -- C:\WINDOWS\System32\ClientPropertyPageLIB.dll
[2012/05/17 21:16:58 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2012/05/17 21:16:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2012/05/17 21:16:55 | 012,033,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2012/05/17 21:16:54 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2012/05/17 21:16:54 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2012/03/05 13:59:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat
[2011/05/29 22:51:09 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/09/10 03:02:42 | 000,003,033 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/22 23:54:30 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\housecall.guid.cache
[2010/08/15 01:02:02 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml
[2008/02/13 01:50:36 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2006/12/14 03:02:10 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 03:02:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\fusioncache.dat

========== Custom Scans ==========

< :OTL >

< >

< IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} >

< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} >

< IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 >

< IE - HKCU\..\SearchScopes,DefaultScope = {C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5} >

< IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC >

< IE - HKCU\..\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz= >

< >

< :COMMANDS >

< [resethosts] >

< [purity] >

< [start explorer] >

< >

< >

< End of report >

Re: espeak911 colexity777 37.220.36.44 25th August 2012, 4:56 pm

Laptop has frozen a couple of times the last day or two.

SAS scan indicates Trojan.Agent/Gen-Nullo[Short]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/25/2012 at 05:12 AM

Application Version : 5.5.1012

Core Rules Database Version : 9123
Trace Rules Database Version: 6935

Scan type : Complete Scan
Total Scan Time : 03:05:03

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 529
Memory threats detected : 0
Registry items scanned : 35497
Registry threats detected : 0
File items scanned : 126175
File threats detected : 399

Adware.Tracking Cookie
C:\Documents and Settings\BCB\Cookies\bcb@a.total-media[1].txt [ /a.total-media ]
C:\Documents and Settings\BCB\Cookies\bcb@ad-beta.thehill[1].txt [ /ad-beta.thehill ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.blockshopper[1].txt [ /ad.blockshopper ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.ench.kyodonews[1].txt [ /ad.ench.kyodonews ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.epochtimes[2].txt [ /ad.epochtimes ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.telegraf[1].txt [ /ad.telegraf ]
C:\Documents and Settings\BCB\Cookies\bcb@ad1.adtitan[1].txt [ /ad1.adtitan ]
C:\Documents and Settings\BCB\Cookies\bcb@ad4.adfarm1.adition[2].txt [ /ad4.adfarm1.adition ]
C:\Documents and Settings\BCB\Cookies\bcb@adcentriconline[2].txt [ /adcentriconline ]
C:\Documents and Settings\BCB\Cookies\bcb@adecn[1].txt [ /adecn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.abovetopsecret[1].txt [ /ads.abovetopsecret ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.apn.co[2].txt [ /ads.apn.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.artsopolis[1].txt [ /ads.artsopolis ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.associatedcontent[2].txt [ /ads.associatedcontent ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.bleepingcomputer[1].txt [ /ads.bleepingcomputer ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.cnn[2].txt [ /ads.cnn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.coastalcourier[2].txt [ /ads.coastalcourier ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.comcorpusa[1].txt [ /ads.comcorpusa ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.dixcom[1].txt [ /ads.dixcom ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.foodbuzz[1].txt [ /ads.foodbuzz ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.heraldnet[1].txt [ /ads.heraldnet ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.imgur[2].txt [ /ads.imgur ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.madeinwork[2].txt [ /ads.madeinwork ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.mail[1].txt [ /ads.mail ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.n-ws[1].txt [ /ads.n-ws ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.news-gazette[2].txt [ /ads.news-gazette ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.oregonnewsjournal[2].txt [ /ads.oregonnewsjournal ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pgatour[2].txt [ /ads.pgatour ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pixiq[2].txt [ /ads.pixiq ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.react2media[2].txt [ /ads.react2media ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcmdb[1].txt [ /ads.tcmdb ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcm[1].txt [ /ads.tcm ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.telegraph.co[1].txt [ /ads.telegraph.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thefrisky[1].txt [ /ads.thefrisky ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thesmokinggun[1].txt [ /ads.thesmokinggun ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tmnetads[1].txt [ /ads.tmnetads ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.trutv[1].txt [ /ads.trutv ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.wabi[2].txt [ /ads.wabi ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.xtra[1].txt [ /ads.xtra ]
C:\Documents and Settings\BCB\Cookies\bcb@adserv.brandaffinity[1].txt [ /adserv.brandaffinity ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.clicklish[2].txt [ /adserver.clicklish ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.neworleans[2].txt [ /adserver.neworleans ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.nsadev[1].txt [ /adserver.nsadev ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.whiznews[1].txt [ /adserver.whiznews ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver2.news-journalonline[1].txt [ /adserver2.news-journalonline ]
C:\Documents and Settings\BCB\Cookies\bcb@advertising.goldseek[2].txt [ /advertising.goldseek ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.brighthouse[1].txt [ /adverts.brighthouse ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.timesofmalta[1].txt [ /adverts.timesofmalta ]
C:\Documents and Settings\BCB\Cookies\bcb@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\BCB\Cookies\bcb@allbritton.122.2o7[1].txt [ /allbritton.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@am-newyokmint-live.122.2o7[1].txt [ /am-newyokmint-live.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@amex-insights[1].txt [ /amex-insights ]
C:\Documents and Settings\BCB\Cookies\bcb@analytics.rogersmedia[1].txt [ /analytics.rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@apnonline.112.2o7[1].txt [ /apnonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@arkansasonline.112.2o7[1].txt [ /arkansasonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@asianmedia[2].txt [ /asianmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@atlanticmedia.122.2o7[1].txt [ /atlanticmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bannerads.forsythnews[2].txt [ /bannerads.forsythnews ]
C:\Documents and Settings\BCB\Cookies\bcb@banners.andomedia[2].txt [ /banners.andomedia ]
C:\Documents and Settings\BCB\Cookies\bcb@banners1.sninews[1].txt [ /banners1.sninews ]
C:\Documents and Settings\BCB\Cookies\bcb@bassproshops.122.2o7[1].txt [ /bassproshops.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@beacon.dmsinsights[1].txt [ /beacon.dmsinsights ]
C:\Documents and Settings\BCB\Cookies\bcb@beacons.hottraffic[1].txt [ /beacons.hottraffic ]
C:\Documents and Settings\BCB\Cookies\bcb@bellglobemediapublishing.122.2o7[1].txt [ /bellglobemediapublishing.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@biglots.112.2o7[1].txt [ /biglots.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@blethenmaine.112.2o7[1].txt [ /blethenmaine.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bluemango.solution.weborama[2].txt [ /bluemango.solution.weborama ]
C:\Documents and Settings\BCB\Cookies\bcb@bonniercorp.122.2o7[1].txt [ /bonniercorp.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@brighthouse.122.2o7[1].txt [ /brighthouse.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@buycom.122.2o7[1].txt [ /buycom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@c.gigcount[1].txt [ /c.gigcount ]
C:\Documents and Settings\BCB\Cookies\bcb@canoe.112.2o7[1].txt [ /canoe.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@care2.112.2o7[1].txt [ /care2.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbcnewmedia.112.2o7[1].txt [ /cbcnewmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbsdigitalmedia.112.2o7[1].txt [ /cbsdigitalmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn1.trafficmp[1].txt [ /cdn1.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn4.specificclick[2].txt [ /cdn4.specificclick ]
C:\Documents and Settings\BCB\Cookies\bcb@centralmediaserver[2].txt [ /centralmediaserver ]
C:\Documents and Settings\BCB\Cookies\bcb@chicagosuntimes.122.2o7[1].txt [ /chicagosuntimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@click2houston[2].txt [ /click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@clickbooth[1].txt [ /clickbooth ]
C:\Documents and Settings\BCB\Cookies\bcb@clickondetroit[1].txt [ /clickondetroit ]
C:\Documents and Settings\BCB\Cookies\bcb@cmn.adbureau[2].txt [ /cmn.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@cms.trafficmp[1].txt [ /cms.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@csm.rotator.hadj7.adjuggler[2].txt [ /csm.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@dailyheraldpaddockpublication.112.2o7[1].txt [ /dailyheraldpaddockpublication.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@dmtracker[2].txt [ /dmtracker ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aek4sgczcao.stats.esomniture[2].txt [ /e-2dj6aek4sgczcao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekiqidjmgp.stats.esomniture[2].txt [ /e-2dj6aekiqidjmgp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekoslcjagp.stats.esomniture[2].txt [ /e-2dj6aekoslcjagp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekygkajidq.stats.esomniture[2].txt [ /e-2dj6aekygkajidq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykmazalp.stats.esomniture[2].txt [ /e-2dj6aekykmazalp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykoajwgq.stats.esomniture[1].txt [ /e-2dj6aekykoajwgq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekyukdpwep.stats.esomniture[2].txt [ /e-2dj6aekyukdpwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aelielczmlo.stats.esomniture[1].txt [ /e-2dj6aelielczmlo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aeliklcjwkp.stats.esomniture[2].txt [ /e-2dj6aeliklcjwkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wakokhdpidp.stats.esomniture[2].txt [ /e-2dj6wakokhdpidp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6walogjdzmfo.stats.esomniture[2].txt [ /e-2dj6walogjdzmfo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wamysod5gap.stats.esomniture[2].txt [ /e-2dj6wamysod5gap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wbliojdjedp.stats.esomniture[2].txt [ /e-2dj6wbliojdjedp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wckycgdzecq.stats.esomniture[2].txt [ /e-2dj6wckycgdzecq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wcl4woc5mdp.stats.esomniture[2].txt [ /e-2dj6wcl4woc5mdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdkiagcjako.stats.esomniture[2].txt [ /e-2dj6wdkiagcjako.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdlionazmkp.stats.esomniture[2].txt [ /e-2dj6wdlionazmkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdmigiazadp.stats.esomniture[2].txt [ /e-2dj6wdmigiazadp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4ehcpcgo.stats.esomniture[2].txt [ /e-2dj6wfk4ehcpcgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4qpc5mbp.stats.esomniture[2].txt [ /e-2dj6wfk4qpc5mbp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkicjazsho.stats.esomniture[1].txt [ /e-2dj6wfkicjazsho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkygjczogp.stats.esomniture[2].txt [ /e-2dj6wfkygjczogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkyuiczkbq.stats.esomniture[2].txt [ /e-2dj6wfkyuiczkbq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfliuldpieq.stats.esomniture[2].txt [ /e-2dj6wfliuldpieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoaicjokq.stats.esomniture[2].txt [ /e-2dj6wgkoaicjokq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoomdpgfq.stats.esomniture[2].txt [ /e-2dj6wgkoomdpgfq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4khazwbo.stats.esomniture[2].txt [ /e-2dj6wjk4khazwbo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4kidjklp.stats.esomniture[2].txt [ /e-2dj6wjk4kidjklp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4ojazkao.stats.esomniture[2].txt [ /e-2dj6wjk4ojazkao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4uldpikq.stats.esomniture[1].txt [ /e-2dj6wjk4uldpikq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkokic5wdp.stats.esomniture[2].txt [ /e-2dj6wjkokic5wdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkoqid5clp.stats.esomniture[1].txt [ /e-2dj6wjkoqid5clp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajcdo.stats.esomniture[2].txt [ /e-2dj6wjkyanajcdo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajwep.stats.esomniture[2].txt [ /e-2dj6wjkyanajwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkycic5gho.stats.esomniture[2].txt [ /e-2dj6wjkycic5gho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyckdpklo.stats.esomniture[2].txt [ /e-2dj6wjkyckdpklo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkygpd5efq.stats.esomniture[2].txt [ /e-2dj6wjkygpd5efq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkykjc5efp.stats.esomniture[2].txt [ /e-2dj6wjkykjc5efp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyknczwgo.stats.esomniture[2].txt [ /e-2dj6wjkyknczwgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqndzwlp.stats.esomniture[2].txt [ /e-2dj6wjkyqndzwlp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqpc5ieq.stats.esomniture[2].txt [ /e-2dj6wjkyqpc5ieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyundpadq.stats.esomniture[2].txt [ /e-2dj6wjkyundpadq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkywkczaeq.stats.esomniture[1].txt [ /e-2dj6wjkywkczaeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4cncpiap.stats.esomniture[2].txt [ /e-2dj6wjl4cncpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4eic5ogp.stats.esomniture[2].txt [ /e-2dj6wjl4eic5ogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4qjdzibp.stats.esomniture[2].txt [ /e-2dj6wjl4qjdzibp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliegcpmhp.stats.esomniture[2].txt [ /e-2dj6wjliegcpmhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlikgajgho.stats.esomniture[2].txt [ /e-2dj6wjlikgajgho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliohd5mhq.stats.esomniture[1].txt [ /e-2dj6wjliohd5mhq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlychczggp.stats.esomniture[2].txt [ /e-2dj6wjlychczggp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlyemdzwao.stats.esomniture[2].txt [ /e-2dj6wjlyemdzwao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiohdzkhp.stats.esomniture[2].txt [ /e-2dj6wjmiohdzkhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiumczcco.stats.esomniture[2].txt [ /e-2dj6wjmiumczcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmychajcdp.stats.esomniture[1].txt [ /e-2dj6wjmychajcdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1gczab.stats.esomniture[1].txt [ /e-2dj6wjny-1gczab.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1pcjml.stats.esomniture[1].txt [ /e-2dj6wjny-1pcjml.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyagc5gao.stats.esomniture[1].txt [ /e-2dj6wjnyagc5gao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyamczmcq.stats.esomniture[2].txt [ /e-2dj6wjnyamczmcq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycldjahq.stats.esomniture[2].txt [ /e-2dj6wjnycldjahq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycndzcco.stats.esomniture[2].txt [ /e-2dj6wjnycndzcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycoajacp.stats.esomniture[1].txt [ /e-2dj6wjnycoajacp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycocpodp.stats.esomniture[2].txt [ /e-2dj6wjnycocpodp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyegd5ekp.stats.esomniture[2].txt [ /e-2dj6wjnyegd5ekp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyejdjkcp.stats.esomniture[2].txt [ /e-2dj6wjnyejdjkcp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygldpoap.stats.esomniture[1].txt [ /e-2dj6wjnygldpoap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygmajmgo.stats.esomniture[2].txt [ /e-2dj6wjnygmajmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyonc5sko.stats.esomniture[2].txt [ /e-2dj6wjnyonc5sko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyooc5oeo.stats.esomniture[2].txt [ /e-2dj6wjnyooc5oeo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopaziko.stats.esomniture[2].txt [ /e-2dj6wjnyopaziko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopc5gco.stats.esomniture[2].txt [ /e-2dj6wjnyopc5gco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqgcpmgo.stats.esomniture[2].txt [ /e-2dj6wjnyqgcpmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqpc5ieo.stats.esomniture[2].txt [ /e-2dj6wjnyqpc5ieo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnywgcjgdq.stats.esomniture[2].txt [ /e-2dj6wjnywgcjgdq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoejcpofo.stats.esomniture[2].txt [ /e-2dj6wmkoejcpofo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoeoazweo.stats.esomniture[2].txt [ /e-2dj6wmkoeoazweo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4qjc5ocq.stats.esomniture[2].txt [ /e-2dj6wml4qjc5ocq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4ugcpiap.stats.esomniture[2].txt [ /e-2dj6wml4ugcpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wnmywpdpkeq.stats.esomniture[2].txt [ /e-2dj6wnmywpdpkeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@earthlink.122.2o7[2].txt [ /earthlink.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@edgeadx[2].txt [ /edgeadx ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-emmiscommunications.hitbox[2].txt [ /ehg-emmiscommunications.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-mgnlimited.hitbox[1].txt [ /ehg-mgnlimited.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@enterprisemediagroup.112.2o7[1].txt [ /enterprisemediagroup.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@entrepreneur[2].txt [ /entrepreneur ]
C:\Documents and Settings\BCB\Cookies\bcb@eveningpostdigital.112.2o7[1].txt [ /eveningpostdigital.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@ewstv.112.2o7[1].txt [ /ewstv.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@examinercom.122.2o7[1].txt [ /examinercom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@f.blogads[1].txt [ /f.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@f2network.112.2o7[1].txt [ /f2network.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@fim.122.2o7[1].txt [ /fim.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@find.myrecipes[1].txt [ /find.myrecipes ]
C:\Documents and Settings\BCB\Cookies\bcb@findarticles[2].txt [ /findarticles ]
C:\Documents and Settings\BCB\Cookies\bcb@findlinks.addresses[2].txt [ /findlinks.addresses ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.adn[2].txt [ /findnsave.adn ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.mercedsunstar[1].txt [ /findnsave.mercedsunstar ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.thenewstribune[1].txt [ /findnsave.thenewstribune ]
C:\Documents and Settings\BCB\Cookies\bcb@firsttracksonline[1].txt [ /firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@forum.rotator.hadj7.adjuggler[2].txt [ /forum.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@foxinteractivemedia.122.2o7[1].txt [ /foxinteractivemedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@friendquestions[1].txt [ /friendquestions ]
C:\Documents and Settings\BCB\Cookies\bcb@g.blogads[2].txt [ /g.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[1].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[2].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@generalelectric.112.2o7[1].txt [ /generalelectric.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@gsicace.112.2o7[1].txt [ /gsicace.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hammacher.112.2o7[1].txt [ /hammacher.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@harpo.122.2o7[1].txt [ /harpo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@haymarketbusinesspublications.122.2o7[1].txt [ /haymarketbusinesspublications.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@healthgrades.112.2o7[1].txt [ /healthgrades.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearst.112.2o7[1].txt [ /hearst.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearstmagazines.112.2o7[1].txt [ /hearstmagazines.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@highbeam.122.2o7[1].txt [ /highbeam.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@htmlgear.tripod[1].txt [ /htmlgear.tripod ]
C:\Documents and Settings\BCB\Cookies\bcb@hurricanetrack[1].txt [ /hurricanetrack ]
C:\Documents and Settings\BCB\Cookies\bcb@idfact.adservinginternational[2].txt [ /idfact.adservinginternational ]
C:\Documents and Settings\BCB\Cookies\bcb@idgenterprise.112.2o7[1].txt [ /idgenterprise.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@imagevenue.advertserve[2].txt [ /imagevenue.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@imrworldwide[1].txt [ /imrworldwide ]
C:\Documents and Settings\BCB\Cookies\bcb@in.getclicky[1].txt [ /in.getclicky ]
C:\Documents and Settings\BCB\Cookies\bcb@inl.adbureau[2].txt [ /inl.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@interchangecorporation.122.2o7[1].txt [ /interchangecorporation.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@invitemedia[2].txt [ /invitemedia ]
C:\Documents and Settings\BCB\Cookies\bcb@ipcmedia.122.2o7[1].txt [ /ipcmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@journalregistercompany.122.2o7[1].txt [ /journalregistercompany.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@jra.advertserve[1].txt [ /jra.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@kontera[1].txt [ /kontera ]
C:\Documents and Settings\BCB\Cookies\bcb@leeenterprises.112.2o7[1].txt [ /leeenterprises.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[10].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[11].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[4].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[8].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[9].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@lockedonmedia[2].txt [ /lockedonmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[3].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[4].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@magellan.highcountrync[1].txt [ /magellan.highcountrync ]
C:\Documents and Settings\BCB\Cookies\bcb@media.angelfire.lycos[1].txt [ /media.angelfire.lycos ]
C:\Documents and Settings\BCB\Cookies\bcb@media.mtvnservices[2].txt [ /media.mtvnservices ]
C:\Documents and Settings\BCB\Cookies\bcb@media.theage.com[1].txt [ /media.theage.com ]
C:\Documents and Settings\BCB\Cookies\bcb@media.www.deltacollegian[2].txt [ /media.www.deltacollegian ]
C:\Documents and Settings\BCB\Cookies\bcb@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\BCB\Cookies\bcb@mediadecoder.blogs.nytimes[2].txt [ /mediadecoder.blogs.nytimes ]
C:\Documents and Settings\BCB\Cookies\bcb@mediaonenetwork[1].txt [ /mediaonenetwork ]
C:\Documents and Settings\BCB\Cookies\bcb@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@mlbam.112.2o7[1].txt [ /mlbam.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@molawyersmedia[1].txt [ /molawyersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@montgomeryadvertiser[1].txt [ /montgomeryadvertiser ]
C:\Documents and Settings\BCB\Cookies\bcb@msnbc.112.2o7[2].txt [ /msnbc.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nandomedia.112.2o7[1].txt [ /nandomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@netcentral.advertserve[1].txt [ /netcentral.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@network.alluremedia.com[2].txt [ /network.alluremedia.com ]
C:\Documents and Settings\BCB\Cookies\bcb@newsday.122.2o7[1].txt [ /newsday.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@newsquestdigitalmedia.122.2o7[1].txt [ /newsquestdigitalmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nexstar.122.2o7[1].txt [ /nexstar.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@northjersey.112.2o7[1].txt [ /northjersey.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pajamasmedia[1].txt [ /pajamasmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pennwellcorp.112.2o7[1].txt [ /pennwellcorp.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pentonmedia.122.2o7[1].txt [ /pentonmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@piercecountyherald[3].txt [ /piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@pmamedia.sitescout[1].txt [ /pmamedia.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@premiumtv.122.2o7[2].txt [ /premiumtv.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@r.unicornmedia[1].txt [ /r.unicornmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@rainbowmedia.122.2o7[1].txt [ /rainbowmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@rogersmedia[1].txt [ /rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@samsclub.112.2o7[1].txt [ /samsclub.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoadmc.122.2o7[1].txt [ /saxoadmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoeverett.122.2o7[1].txt [ /saxoeverett.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxofosters.122.2o7[1].txt [ /saxofosters.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxotoledo.122.2o7[1].txt [ /saxotoledo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@skinsecretsexposed[2].txt [ /skinsecretsexposed ]
C:\Documents and Settings\BCB\Cookies\bcb@smokinggun.122.2o7[1].txt [ /smokinggun.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@sonyelectronicssupportus.112.2o7[1].txt [ /sonyelectronicssupportus.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@specificmedia[2].txt [ /specificmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@sportingnews.122.2o7[1].txt [ /sportingnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stat.onestat[2].txt [ /stat.onestat ]
C:\Documents and Settings\BCB\Cookies\bcb@stateofgeorgia.122.2o7[1].txt [ /stateofgeorgia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stats-newyork1.bloxcms[3].txt [ /stats-newyork1.bloxcms ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.dallasnews[1].txt [ /stats.dallasnews ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.hostclear[1].txt [ /stats.hostclear ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.justhost[1].txt [ /stats.justhost ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.synapa[1].txt [ /stats.synapa ]
C:\Documents and Settings\BCB\Cookies\bcb@statsadv.dadapro[1].txt [ /statsadv.dadapro ]
C:\Documents and Settings\BCB\Cookies\bcb@stocks.advertserve[1].txt [ /stocks.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@stpetersburgtimes.122.2o7[1].txt [ /stpetersburgtimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@surveymonkey.122.2o7[1].txt [ /surveymonkey.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tangomedia.112.2o7[1].txt [ /tangomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@thecountdownclock[2].txt [ /thecountdownclock ]
C:\Documents and Settings\BCB\Cookies\bcb@timeinc.122.2o7[1].txt [ /timeinc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@timesofindia.indiatimes[2].txt [ /timesofindia.indiatimes ]
C:\Documents and Settings\BCB\Cookies\bcb@torstardigital.122.2o7[1].txt [ /torstardigital.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.foxnews[2].txt [ /tracking.foxnews ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.hostgator[2].txt [ /tracking.hostgator ]
C:\Documents and Settings\BCB\Cookies\bcb@trackit.sitescout[2].txt [ /trackit.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@traffic.prod.cobaltgroup[1].txt [ /traffic.prod.cobaltgroup ]
C:\Documents and Settings\BCB\Cookies\bcb@tribuneinteractive.122.2o7[1].txt [ /tribuneinteractive.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trinitymirror.112.2o7[1].txt [ /trinitymirror.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trvlnet.adbureau[1].txt [ /trvlnet.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@twc.rotator.hadj7.adjuggler[2].txt [ /twc.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@twctsg.122.2o7[1].txt [ /twctsg.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usatoday1.112.2o7[1].txt [ /usatoday1.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usnews.122.2o7[1].txt [ /usnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@videoegg.adbureau[1].txt [ /videoegg.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@vpmc.122.2o7[1].txt [ /vpmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@walmart.112.2o7[1].txt [ /walmart.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@webmasterplan[2].txt [ /webmasterplan ]
C:\Documents and Settings\BCB\Cookies\bcb@wpni.112.2o7[1].txt [ /wpni.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@www.3dstats[1].txt [ /www.3dstats ]
C:\Documents and Settings\BCB\Cookies\bcb@www.click2houston[1].txt [ /www.click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@www.firsttracksonline[2].txt [ /www.firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@www.piercecountyherald[1].txt [ /www.piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@www.seeclickfix[1].txt [ /www.seeclickfix ]
C:\Documents and Settings\BCB\Cookies\bcb@www.visitor-track[1].txt [ /www.visitor-track ]
C:\Documents and Settings\BCB\Cookies\bcb@www3.addfreestats[2].txt [ /www3.addfreestats ]
C:\Documents and Settings\BCB\Cookies\bcb@xiti[1].txt [ /xiti ]
C:\Documents and Settings\BCB\Cookies\bcb@yieldmanager[2].txt [ /yieldmanager ]
C:\Documents and Settings\BCB\Cookies\bcb@zbox.zanox[1].txt [ /zbox.zanox ]
C:\Documents and Settings\BCB\Cookies\XB32BA2G.txt [ /at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\AMRKM6AW.txt [ /imrworldwide.com ]
C:\Documents and Settings\BCB\Cookies\SW34JD00.txt [ /ads.pointroll.com ]
C:\Documents and Settings\BCB\Cookies\DGE01A2J.txt [ /a1.interclick.com ]
C:\Documents and Settings\BCB\Cookies\OW9AJ3GF.txt [ /lucidmedia.com ]
C:\Documents and Settings\BCB\Cookies\FHQGU425.txt [ /c.atdmt.com ]
C:\Documents and Settings\BCB\Cookies\4IYTV9EJ.txt [ /findnsave.sacbee.com ]
C:\Documents and Settings\BCB\Cookies\BSJL0C3B.txt [ /adxpose.com ]
C:\Documents and Settings\BCB\Cookies\SGZ2EX4C.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\BCB\Cookies\P5B2A9VS.txt [ /ads.adultwebads.net ]
C:\Documents and Settings\BCB\Cookies\JBHNZOOU.txt [ /advertising.com ]
C:\Documents and Settings\BCB\Cookies\EHV58CFM.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\2RCXGZYD.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\BCB\Cookies\354784MQ.txt [ /zedo.com ]
C:\Documents and Settings\BCB\Cookies\PJ0WDKP7.txt [ /pointroll.com ]
C:\Documents and Settings\BCB\Cookies\LVJY18A7.txt [ /tribalfusion.com ]
C:\Documents and Settings\BCB\Cookies\RH1BR3ZL.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\BCB\Cookies\F8Q8O3LT.txt [ /insightexpressai.com ]
C:\Documents and Settings\BCB\Cookies\C5NHM6C1.txt [ /yieldmanager.net ]
C:\Documents and Settings\BCB\Cookies\RA0AOWK3.txt [ /invitemedia.com ]
C:\Documents and Settings\BCB\Cookies\VKW0L7NA.txt [ /survey.g.doubleclick.net ]
C:\Documents and Settings\BCB\Cookies\3S7ZTAG6.txt [ /apmebf.com ]
C:\Documents and Settings\BCB\Cookies\KO0CUATR.txt [ /saymedia.com ]
C:\Documents and Settings\BCB\Cookies\MYZ20EY3.txt [ /histats.com ]
C:\Documents and Settings\BCB\Cookies\6KU2PTLO.txt [ /adinterax.com ]
C:\Documents and Settings\BCB\Cookies\QVK258UP.txt [ /statcounter.com ]
C:\Documents and Settings\BCB\Cookies\2WCX1CY3.txt [ /collective-media.net ]
C:\Documents and Settings\BCB\Cookies\XG7OU6N9.txt [ /ads.cnn.com ]
C:\Documents and Settings\BCB\Cookies\HCB4AD84.txt [ /overture.com ]
C:\Documents and Settings\BCB\Cookies\RICF4ZSW.txt [ /doubleclick.net ]
C:\Documents and Settings\BCB\Cookies\GX6236ZZ.txt [ /media6degrees.com ]
C:\Documents and Settings\BCB\Cookies\Z4OQ191S.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\BCB\Cookies\ANXYIR0Z.txt [ /ads.undertone.com ]
C:\Documents and Settings\BCB\Cookies\2DA62X2F.txt [ /fastclick.net ]
C:\Documents and Settings\BCB\Cookies\E90C78V8.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\BCB\Cookies\BK5JIRJS.txt [ /2o7.net ]
C:\Documents and Settings\BCB\Cookies\LDFIWSDS.txt [ /realmedia.com ]
C:\Documents and Settings\BCB\Cookies\IT9UH1I6.txt [ /legolas-media.com ]
C:\Documents and Settings\BCB\Cookies\VYVDKG7N.txt [ /questionmarket.com ]
C:\Documents and Settings\BCB\Cookies\YXVNBLWB.txt [ /kanoodle.com ]
C:\Documents and Settings\BCB\Cookies\ZQSW8B6M.txt [ /adbrite.com ]
C:\Documents and Settings\BCB\Cookies\VCW6X5C7.txt [ /www.googleadservices.com ]
C:\Documents and Settings\BCB\Cookies\TQK7U9P0.txt [ /accounts.google.com ]
C:\Documents and Settings\BCB\Cookies\R7TKUXG3.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\BCB\Cookies\JDHALWFC.txt [ /serving-sys.com ]
C:\Documents and Settings\BCB\Cookies\FV0MVQRK.txt [ /casalemedia.com ]
C:\Documents and Settings\BCB\Cookies\ZHDB8IL5.txt [ /ad.360yield.com ]
C:\Documents and Settings\BCB\Cookies\X9GZ20UT.txt [ /mediaplex.com ]
C:\Documents and Settings\BCB\Cookies\BGQE1R2L.txt [ /ar.atwola.com ]
C:\Documents and Settings\BCB\Cookies\YS9UISIY.txt [ /interclick.com ]
C:\Documents and Settings\BCB\Cookies\0JK6DFAQ.txt [ /eset.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\4C54UY5E.txt [ /ru4.com ]
C:\Documents and Settings\BCB\Cookies\02B561PJ.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\6OJ59MBR.txt [ /atdmt.com ]
C:\Documents and Settings\BCB\Cookies\GCQ7O1PQ.txt [ /ads.wheresgeorge.com ]
C:\Documents and Settings\BCB\Cookies\QVUSXH0R.txt [ /stats.townnews.com ]
C:\Documents and Settings\BCB\Cookies\JNB0BVUN.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\BCB\Cookies\NE4SAKNV.txt [ /earthlink.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\KVR9MW7S.txt [ /kontera.com ]
C:\Documents and Settings\BCB\Cookies\9ZJIOFWK.txt [ /clickorlando.com ]
C:\Documents and Settings\BCB\Cookies\PV1X47G2.txt [ /gntbcstglobal.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\I1BF3VQO.txt [ /rtst.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\6CPQBJRQ.txt [ /www.clickorlando.com ]
C:\Documents and Settings\BCB\Cookies\H599CV5W.txt [ /ads.gainesvilletimes.com ]
C:\Documents and Settings\BCB\Cookies\AA3LVW9N.txt [ /countrymusic.about.com ]
C:\Documents and Settings\BCB\Cookies\58WSV02I.txt [ /mycountdown.org ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\IBUTFFT1.txt [ Cookie:bcb@4.docs.google.com/comments/d/AAHRpnXto8RlTI8e-uP8k25Ll2y6TJR12tk_ITTUgseXMKDZztbuAOIXCoQ_29yiT8oWtiwnQNRZQ17tOFgKZHyxu8j7e0oX0aRtTuuOLk8ul8MBJp0eVdh1hZwc9Wk0zzXO36XZgbBJe ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\D45T22TO.txt [ Cookie:bcb@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\JZWDK2YR.txt [ Cookie:bcb@raproducts.org/click/ ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\35IB4D6E.txt [ Cookie:bcb@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\DH01I0U4.txt [ Cookie:bcb@www.google.com/accounts ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkyaocjefo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wcmiumcpefp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjk4elc5kfo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.earthlink.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VBLRHRP5 ]

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP3\A0000282.EXE

Re: espeak911 colexity777 37.220.36.44 25th August 2012, 7:39 pm

The OTL fix wasn't done correctly. Please go back and review the instructions to run the fix.

Re: espeak911 colexity777 37.220.36.44 25th August 2012, 8:05 pm

My mistake. I clicked 'Run Scan' instead of 'Run Fix'.

Below is the Run Fix log:

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8DBF877-CD18-4D67-BFE6-D0AA3B789BB5}\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08252012_140043

Re: espeak911 colexity777 37.220.36.44 25th August 2012, 8:17 pm

Malware continues to attempt to connect to nonexisant web sites. And still unable to conduct a Google search.

Re: espeak911 colexity777 37.220.36.44 25th August 2012, 10:08 pm

I going to check with a colleague about this problem.

Re: espeak911 colexity777 37.220.36.44 25th August 2012, 10:36 pm

Thank you very much. By the way, the above problems persist after rebooting.

Re: espeak911 colexity777 37.220.36.44 26th August 2012, 11:49 pm

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Re: espeak911 colexity777 37.220.36.44 27th August 2012, 1:40 am

Thanks a million. That may have done it. TDSSKiller report below.

A very quick check indicates that I can now search using Google and the malware does not appear to be attempting to connect to the three nonexistant web sites. I will monitor things and let you know if any problems return.

Trend Micro stepped in (a little late to the show) and deleted three or four files TDSSKiller had placed in qurantine. I don't suppose it matters how they were deleted, just that they were identified, quarantined and deleted.

TDSSKiller report:

19:03:36.0828 8020 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:03:36.0843 8020 ============================================================
19:03:36.0843 8020 Current date / time: 2012/08/26 19:03:36.0843
19:03:36.0843 8020 SystemInfo:
19:03:36.0843 8020
19:03:36.0843 8020 OS Version: 5.1.2600 ServicePack: 3.0
19:03:36.0843 8020 Product type: Workstation
19:03:36.0843 8020 ComputerName: TOSHIBA-USER
19:03:36.0843 8020 UserName: BCB
19:03:36.0843 8020 Windows directory: C:\WINDOWS
19:03:36.0843 8020 System windows directory: C:\WINDOWS
19:03:36.0843 8020 Processor architecture: Intel x86
19:03:36.0843 8020 Number of processors: 2
19:03:36.0843 8020 Page size: 0x1000
19:03:36.0843 8020 Boot type: Normal boot
19:03:36.0843 8020 ============================================================
19:03:40.0671 8020 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:03:40.0687 8020 ============================================================
19:03:40.0687 8020 \Device\Harddisk0\DR0:
19:03:40.0687 8020 MBR partitions:
19:03:40.0687 8020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
19:03:40.0687 8020 ============================================================
19:03:40.0734 8020 C: <-> \Device\Harddisk0\DR0\Partition1
19:03:40.0734 8020 ============================================================
19:03:40.0734 8020 Initialize success
19:03:40.0734 8020 ============================================================
19:11:30.0031 7228 ============================================================
19:11:30.0031 7228 Scan started
19:11:30.0031 7228 Mode: Manual;
19:11:30.0031 7228 ============================================================
19:11:31.0265 7228 ================ Scan system memory ========================
19:11:35.0875 7228 System memory - ok
19:11:35.0875 7228 ================ Scan services =============================
19:11:36.0015 7228 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:11:36.0062 7228 !SASCORE - ok
19:11:36.0265 7228 Abiosdsk - ok
19:11:36.0265 7228 abp480n5 - ok
19:11:36.0328 7228 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:11:36.0343 7228 ACPI - ok
19:11:36.0343 7228 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:11:36.0343 7228 ACPIEC - ok
19:11:36.0453 7228 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
19:11:36.0484 7228 AdobeActiveFileMonitor5.0 - ok
19:11:36.0593 7228 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:11:36.0593 7228 AdobeFlashPlayerUpdateSvc - ok
19:11:36.0593 7228 adpu160m - ok
19:11:36.0671 7228 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:11:36.0687 7228 aec - ok
19:11:36.0734 7228 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:11:36.0734 7228 AFD - ok
19:11:36.0812 7228 [ 4458FCB8A00DA31FDCC086449274C40D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:11:36.0843 7228 AgereSoftModem - ok
19:11:36.0843 7228 Aha154x - ok
19:11:36.0859 7228 aic78u2 - ok
19:11:36.0859 7228 aic78xx - ok
19:11:36.0937 7228 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:11:36.0937 7228 Alerter - ok
19:11:36.0968 7228 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:11:36.0968 7228 ALG - ok
19:11:36.0984 7228 AliIde - ok
19:11:37.0125 7228 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
19:11:37.0156 7228 Ambfilt - ok
19:11:37.0171 7228 amsint - ok
19:11:37.0312 7228 [ FEB0B5022C012A4A68DABCB711FAFF03 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
19:11:37.0312 7228 Amsp - ok
19:11:37.0421 7228 [ AA2770FD967DAB91A597619C4EADC0C9 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
19:11:37.0421 7228 AOL ACS - ok
19:11:37.0468 7228 [ 7FB54900AA9792AB6307C699EC1859D4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
19:11:37.0500 7228 AOL TopSpeedMonitor - ok
19:11:37.0546 7228 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:11:37.0546 7228 AppMgmt - ok
19:11:37.0562 7228 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:11:37.0578 7228 Arp1394 - ok
19:11:37.0578 7228 asc - ok
19:11:37.0578 7228 asc3350p - ok
19:11:37.0593 7228 asc3550 - ok
19:11:37.0765 7228 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:11:37.0843 7228 aspnet_state - ok
19:11:37.0890 7228 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:11:37.0890 7228 AsyncMac - ok
19:11:37.0953 7228 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:11:37.0953 7228 atapi - ok
19:11:37.0953 7228 Atdisk - ok
19:11:38.0000 7228 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:11:38.0000 7228 Atmarpc - ok
19:11:38.0062 7228 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:11:38.0062 7228 AudioSrv - ok
19:11:38.0125 7228 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:11:38.0125 7228 audstub - ok
19:11:38.0203 7228 [ F62B70D3209E38A6C19A03109A25B903 ] AWINDIS5 C:\WINDOWS\system32\AWINDIS5.SYS
19:11:38.0234 7228 AWINDIS5 - ok
19:11:38.0281 7228 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:11:38.0281 7228 Beep - ok
19:11:38.0312 7228 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:11:38.0328 7228 BITS - ok
19:11:38.0375 7228 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:11:38.0375 7228 Browser - ok
19:11:38.0578 7228 catchme - ok
19:11:38.0593 7228 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:11:38.0593 7228 cbidf2k - ok
19:11:38.0640 7228 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:11:38.0656 7228 CCDECODE - ok
19:11:38.0656 7228 cd20xrnt - ok
19:11:38.0671 7228 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:11:38.0671 7228 Cdaudio - ok
19:11:38.0718 7228 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:11:38.0750 7228 Cdfs - ok
19:11:38.0765 7228 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:11:38.0765 7228 Cdrom - ok
19:11:38.0968 7228 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
19:11:38.0984 7228 CFSvcs - ok
19:11:38.0984 7228 Changer - ok
19:11:39.0031 7228 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:11:39.0031 7228 CiSvc - ok
19:11:39.0078 7228 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:11:39.0078 7228 ClipSrv - ok
19:11:39.0125 7228 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:11:39.0140 7228 clr_optimization_v2.0.50727_32 - ok
19:11:39.0140 7228 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:11:39.0140 7228 CmBatt - ok
19:11:39.0156 7228 CmdIde - ok
19:11:39.0156 7228 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:11:39.0156 7228 Compbatt - ok
19:11:39.0171 7228 COMSysApp - ok
19:11:39.0171 7228 Cpqarray - ok
19:11:39.0203 7228 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:11:39.0203 7228 CryptSvc - ok
19:11:39.0203 7228 dac2w2k - ok
19:11:39.0218 7228 dac960nt - ok
19:11:39.0296 7228 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:11:39.0296 7228 DcomLaunch - ok
19:11:39.0343 7228 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:11:39.0359 7228 Dhcp - ok
19:11:39.0406 7228 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:11:39.0406 7228 Disk - ok
19:11:39.0421 7228 dmadmin - ok
19:11:39.0484 7228 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:11:39.0500 7228 dmboot - ok
19:11:39.0515 7228 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:11:39.0515 7228 dmio - ok
19:11:39.0531 7228 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:11:39.0531 7228 dmload - ok
19:11:39.0578 7228 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:11:39.0578 7228 dmserver - ok
19:11:39.0593 7228 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:11:39.0609 7228 DMusic - ok
19:11:39.0656 7228 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:11:39.0656 7228 Dnscache - ok
19:11:39.0750 7228 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:11:39.0765 7228 Dot3svc - ok
19:11:39.0765 7228 dpti2o - ok
19:11:39.0796 7228 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:11:39.0796 7228 drmkaud - ok
19:11:39.0828 7228 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
19:11:39.0843 7228 DrvAgent32 - ok
19:11:39.0906 7228 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
19:11:39.0906 7228 DVD-RAM_Service - ok
19:11:39.0937 7228 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:11:39.0937 7228 EapHost - ok
19:11:40.0187 7228 [ B03BCD810A2EE089FA08E47B5200BE31 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
19:11:40.0187 7228 ehRecvr - ok
19:11:40.0250 7228 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
19:11:40.0250 7228 ehSched - ok
19:11:40.0296 7228 [ 66029E6C4B19223C24D8710EED3AAEAB ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
19:11:40.0312 7228 EMSCR - ok
19:11:40.0359 7228 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:11:40.0375 7228 ERSvc - ok
19:11:40.0390 7228 [ 9F0FA60836E1D1148CC0C1B6E67AA6F7 ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
19:11:40.0390 7228 ESDCR - ok
19:11:40.0437 7228 esgiguard - ok
19:11:40.0453 7228 [ D9DA881BE71B74B328471CCF28B5F0A9 ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
19:11:40.0468 7228 ESMCR - ok
19:11:40.0515 7228 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:11:40.0515 7228 Eventlog - ok
19:11:40.0578 7228 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:11:40.0593 7228 EventSystem - ok
19:11:40.0687 7228 [ 2B1284C4EC97CC204F8430F5CCC2992F ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
19:11:40.0703 7228 EvtEng - ok
19:11:40.0750 7228 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:11:40.0781 7228 Fastfat - ok
19:11:40.0828 7228 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:11:40.0843 7228 FastUserSwitchingCompatibility - ok
19:11:40.0890 7228 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:11:40.0906 7228 Fax - ok
19:11:40.0968 7228 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:11:40.0968 7228 Fdc - ok
19:11:41.0031 7228 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:11:41.0031 7228 Fips - ok
19:11:41.0093 7228 [ E3B56ACF65DCDC4393C55CDBBF10F486 ] FLIRUSBNET C:\WINDOWS\system32\DRIVERS\FLIRUSB.sys
19:11:41.0109 7228 FLIRUSBNET - ok
19:11:41.0140 7228 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:11:41.0156 7228 Flpydisk - ok
19:11:41.0218 7228 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:11:41.0234 7228 FltMgr - ok
19:11:41.0328 7228 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:11:41.0343 7228 FontCache3.0.0.0 - ok
19:11:41.0390 7228 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:11:41.0390 7228 Fs_Rec - ok
19:11:41.0421 7228 [ 782F67CFC6C362257916BBB50BC55DE9 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
19:11:41.0437 7228 FTDIBUS - ok
19:11:41.0437 7228 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:11:41.0437 7228 Ftdisk - ok
19:11:41.0484 7228 [ 4A995111F44CD6F35775865903F4F41E ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
19:11:41.0484 7228 FTSER2K - ok
19:11:41.0531 7228 [ B969A0706E677997798C8F9B5CFD00BD ] GearAspiWDM C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
19:11:41.0531 7228 GearAspiWDM - ok
19:11:41.0546 7228 [ 17B77D83C53AE007C11ED811D992E727 ] GEARSecurity C:\WINDOWS\system32\gearsec.exe
19:11:41.0578 7228 GEARSecurity - ok
19:11:41.0593 7228 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:11:41.0593 7228 Gpc - ok
19:11:41.0734 7228 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:11:41.0734 7228 gupdate - ok
19:11:41.0734 7228 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:11:41.0734 7228 gupdatem - ok
19:11:41.0812 7228 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:11:41.0828 7228 gusvc - ok
19:11:41.0843 7228 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:11:41.0859 7228 HDAudBus - ok
19:11:42.0031 7228 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:11:42.0078 7228 helpsvc - ok
19:11:42.0109 7228 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:11:42.0125 7228 HidServ - ok
19:11:42.0156 7228 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:11:42.0156 7228 HidUsb - ok
19:11:42.0203 7228 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:11:42.0218 7228 hkmsvc - ok
19:11:42.0218 7228 hpn - ok
19:11:42.0265 7228 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:11:42.0281 7228 HTTP - ok
19:11:42.0312 7228 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:11:42.0312 7228 HTTPFilter - ok
19:11:42.0328 7228 i2omgmt - ok
19:11:42.0328 7228 i2omp - ok
19:11:42.0343 7228 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:11:42.0343 7228 i8042prt - ok
19:11:42.0453 7228 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:11:42.0468 7228 ialm - ok
19:11:42.0562 7228 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:11:42.0578 7228 IDriverT - ok
19:11:42.0671 7228 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:11:42.0703 7228 idsvc - ok
19:11:42.0718 7228 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:11:42.0734 7228 Imapi - ok
19:11:42.0828 7228 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:11:42.0843 7228 ImapiService - ok
19:11:42.0843 7228 ini910u - ok
19:11:43.0359 7228 [ 4D8B60B116E8213E44CC7797B648F277 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:11:43.0671 7228 IntcAzAudAddService - ok
19:11:43.0671 7228 IntelIde - ok
19:11:43.0734 7228 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:11:43.0734 7228 intelppm - ok
19:11:43.0781 7228 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:11:43.0781 7228 Ip6Fw - ok
19:11:43.0828 7228 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:11:43.0828 7228 IpFilterDriver - ok
19:11:43.0843 7228 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:11:43.0859 7228 IpInIp - ok
19:11:43.0906 7228 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:11:43.0906 7228 IpNat - ok
19:11:43.0984 7228 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:11:43.0984 7228 IPSec - ok
19:11:44.0015 7228 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:11:44.0031 7228 IRENUM - ok
19:11:44.0078 7228 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:11:44.0078 7228 isapnp - ok
19:11:44.0140 7228 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
19:11:44.0140 7228 Iviaspi - ok
19:11:44.0203 7228 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:11:44.0203 7228 Kbdclass - ok
19:11:44.0234 7228 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:11:44.0234 7228 kmixer - ok
19:11:44.0265 7228 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:11:44.0265 7228 KSecDD - ok
19:11:44.0312 7228 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:11:44.0328 7228 lanmanserver - ok
19:11:44.0390 7228 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:11:44.0390 7228 lanmanworkstation - ok
19:11:44.0406 7228 lbrtfdc - ok
19:11:44.0421 7228 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:11:44.0421 7228 LmHosts - ok
19:11:44.0484 7228 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
19:11:44.0484 7228 McrdSvc - ok
19:11:44.0515 7228 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
19:11:44.0515 7228 meiudf - ok
19:11:44.0531 7228 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:11:44.0546 7228 Messenger - ok
19:11:44.0578 7228 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
19:11:44.0593 7228 MHN - ok
19:11:44.0640 7228 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:11:44.0656 7228 MHNDRV - ok
19:11:44.0656 7228 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:11:44.0656 7228 mnmdd - ok
19:11:44.0687 7228 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:11:44.0703 7228 mnmsrvc - ok
19:11:44.0734 7228 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:11:44.0734 7228 Modem - ok
19:11:44.0953 7228 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
19:11:44.0984 7228 Monfilt - ok
19:11:45.0015 7228 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:11:45.0015 7228 Mouclass - ok
19:11:45.0078 7228 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:11:45.0078 7228 mouhid - ok
19:11:45.0125 7228 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:11:45.0125 7228 MountMgr - ok
19:11:45.0140 7228 mraid35x - ok
19:11:45.0140 7228 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:11:45.0156 7228 MRxDAV - ok
19:11:45.0218 7228 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:11:45.0234 7228 MRxSmb - ok
19:11:45.0281 7228 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:11:45.0281 7228 MSDTC - ok
19:11:45.0296 7228 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:11:45.0296 7228 Msfs - ok
19:11:45.0312 7228 MSIServer - ok
19:11:45.0328 7228 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:11:45.0328 7228 MSKSSRV - ok
19:11:45.0390 7228 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:11:45.0390 7228 MSPCLOCK - ok
19:11:45.0406 7228 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:11:45.0406 7228 MSPQM - ok
19:11:45.0421 7228 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:11:45.0421 7228 mssmbios - ok
19:11:45.0468 7228 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:11:45.0468 7228 MSTEE - ok
19:11:45.0484 7228 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:11:45.0484 7228 Mup - ok
19:11:45.0515 7228 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:11:45.0531 7228 NABTSFEC - ok
19:11:45.0578 7228 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:11:45.0578 7228 napagent - ok
19:11:45.0625 7228 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:11:45.0625 7228 NDIS - ok
19:11:45.0656 7228 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:11:45.0656 7228 NdisIP - ok
19:11:45.0703 7228 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:11:45.0703 7228 NdisTapi - ok
19:11:45.0718 7228 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:11:45.0718 7228 Ndisuio - ok
19:11:45.0734 7228 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:11:45.0750 7228 NdisWan - ok
19:11:45.0796 7228 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:11:45.0796 7228 NDProxy - ok
19:11:45.0906 7228 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:11:45.0906 7228 NetBIOS - ok
19:11:46.0000 7228 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:11:46.0000 7228 NetBT - ok
19:11:46.0078 7228 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:11:46.0078 7228 NetDDE - ok
19:11:46.0078 7228 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:11:46.0093 7228 NetDDEdsdm - ok
19:11:46.0093 7228 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
19:11:46.0093 7228 Netdevio - ok
19:11:46.0140 7228 [ 8A91FD656D0832195EAFB6CB45B06C27 ] NETGEAR_WG511_SERVICE C:\WINDOWS\system32\DRIVERS\wg511nd5.sys
19:11:46.0156 7228 NETGEAR_WG511_SERVICE - ok
19:11:46.0187 7228 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:11:46.0203 7228 Netlogon - ok
19:11:46.0218 7228 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:11:46.0218 7228 Netman - ok
19:11:46.0281 7228 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:11:46.0281 7228 NetTcpPortSharing - ok
19:11:46.0421 7228 [ F886500C285AF271FDD33BF8BA7B32EF ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
19:11:46.0453 7228 NETw3x32 - ok
19:11:46.0500 7228 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:11:46.0500 7228 NIC1394 - ok
19:11:46.0531 7228 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:11:46.0546 7228 Nla - ok
19:11:46.0640 7228 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
19:11:46.0656 7228 NMSAccess - ok
19:11:46.0703 7228 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:11:46.0718 7228 Npfs - ok
19:11:46.0734 7228 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:11:46.0750 7228 Ntfs - ok
19:11:46.0765 7228 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:11:46.0765 7228 NtLmSsp - ok
19:11:46.0828 7228 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:11:46.0859 7228 NtmsSvc - ok
19:11:46.0890 7228 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:11:46.0890 7228 Null - ok
19:11:46.0984 7228 [ C83766C4A147159254FF16F1A6C9DC6E ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
19:11:47.0000 7228 NWADI - ok
19:11:47.0062 7228 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:11:47.0062 7228 NwlnkFlt - ok
19:11:47.0078 7228 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:11:47.0093 7228 NwlnkFwd - ok
19:11:47.0125 7228 [ 224131778C92AEE8C13AFAC5FBFF19CA ] NWUSBCDFIL C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
19:11:47.0125 7228 NWUSBCDFIL - ok
19:11:47.0187 7228 [ C7FB1635508D0009489A0F7E7743468A ] NWUSBModem_000 C:\WINDOWS\system32\DRIVERS\nwusbmdm_000.sys
19:11:47.0203 7228 NWUSBModem_000 - ok
19:11:47.0218 7228 [ C7FB1635508D0009489A0F7E7743468A ] NWUSBPort2_000 C:\WINDOWS\system32\DRIVERS\nwusbser2_000.sys
19:11:47.0218 7228 NWUSBPort2_000 - ok
19:11:47.0250 7228 [ C7FB1635508D0009489A0F7E7743468A ] NWUSBPort_000 C:\WINDOWS\system32\DRIVERS\nwusbser_000.sys
19:11:47.0250 7228 NWUSBPort_000 - ok
19:11:47.0296 7228 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:11:47.0296 7228 ohci1394 - ok
19:11:47.0390 7228 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:11:47.0390 7228 ose - ok
19:11:47.0437 7228 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:11:47.0437 7228 Parport - ok
19:11:47.0453 7228 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:11:47.0453 7228 PartMgr - ok
19:11:47.0468 7228 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:11:47.0468 7228 ParVdm - ok
19:11:47.0484 7228 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:11:47.0484 7228 PCI - ok
19:11:47.0500 7228 PCIDump - ok
19:11:47.0500 7228 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:11:47.0500 7228 PCIIde - ok
19:11:47.0546 7228 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:11:47.0546 7228 Pcmcia - ok
19:11:47.0562 7228 PDCOMP - ok
19:11:47.0562 7228 PDFRAME - ok
19:11:47.0578 7228 PDRELI - ok
19:11:47.0578 7228 PDRFRAME - ok
19:11:47.0593 7228 perc2 - ok
19:11:47.0593 7228 perc2hib - ok
19:11:47.0640 7228 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
19:11:47.0640 7228 Pfc - ok
19:11:47.0656 7228 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:11:47.0671 7228 PlugPlay - ok
19:11:47.0687 7228 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:11:47.0687 7228 PolicyAgent - ok
19:11:47.0703 7228 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:11:47.0703 7228 PptpMiniport - ok
19:11:47.0703 7228 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:11:47.0718 7228 ProtectedStorage - ok
19:11:47.0718 7228 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:11:47.0718 7228 PSched - ok
19:11:47.0765 7228 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:11:47.0765 7228 Ptilink - ok
19:11:47.0781 7228 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:11:47.0781 7228 PxHelp20 - ok
19:11:47.0781 7228 ql1080 - ok
19:11:47.0796 7228 Ql10wnt - ok
19:11:47.0796 7228 ql12160 - ok
19:11:47.0812 7228 ql1240 - ok
19:11:47.0812 7228 ql1280 - ok
19:11:47.0828 7228 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:11:47.0828 7228 RasAcd - ok
19:11:47.0859 7228 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:11:47.0921 7228 RasAuto - ok
19:11:47.0953 7228 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:11:47.0953 7228 Rasl2tp - ok
19:11:48.0046 7228 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:11:48.0046 7228 RasMan - ok
19:11:48.0062 7228 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:11:48.0062 7228 RasPppoe - ok
19:11:48.0062 7228 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:11:48.0078 7228 Raspti - ok
19:11:48.0109 7228 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:11:48.0109 7228 Rdbss - ok
19:11:48.0156 7228 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:11:48.0156 7228 RDPCDD - ok
19:11:48.0218 7228 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:11:48.0234 7228 rdpdr - ok
19:11:48.0296 7228 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:11:48.0296 7228 RDPWD - ok
19:11:48.0343 7228 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:11:48.0343 7228 RDSessMgr - ok
19:11:48.0375 7228 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:11:48.0390 7228 redbook - ok
19:11:48.0453 7228 [ C35EC743558ED20FBC99C47616F9415E ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
19:11:48.0484 7228 RegSrvc - ok
19:11:48.0515 7228 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:11:48.0531 7228 RemoteAccess - ok
19:11:48.0562 7228 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:11:48.0562 7228 RemoteRegistry - ok
19:11:48.0593 7228 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:11:48.0593 7228 RpcLocator - ok
19:11:48.0640 7228 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:11:48.0640 7228 RpcSs - ok
19:11:48.0703 7228 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:11:48.0703 7228 RSVP - ok
19:11:48.0765 7228 [ 0E74171EE80A8640DE564B72DBBB397B ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:11:48.0765 7228 RTLE8023xp - ok
19:11:48.0828 7228 [ D72566C2E6A9EE9BA5B0D1F855AF74CF ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
19:11:48.0843 7228 S24EventMonitor - ok
19:11:48.0875 7228 [ D4661148E44816B6501BE8F4466D65B0 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:11:48.0875 7228 s24trans - ok
19:11:48.0906 7228 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:11:48.0921 7228 SamSs - ok
19:11:49.0062 7228 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:11:49.0062 7228 SASDIFSV - ok
19:11:49.0093 7228 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:11:49.0171 7228 SASKUTIL - ok
19:11:49.0203 7228 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:11:49.0203 7228 SCardSvr - ok
19:11:49.0265 7228 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:11:49.0265 7228 Schedule - ok
19:11:49.0328 7228 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:11:49.0328 7228 sdbus - ok
19:11:49.0375 7228 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:11:49.0390 7228 Secdrv - ok
19:11:49.0390 7228 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:11:49.0390 7228 seclogon - ok
19:11:49.0421 7228 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:11:49.0421 7228 SENS - ok
19:11:49.0453 7228 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:11:49.0453 7228 Serenum - ok
19:11:49.0484 7228 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:11:49.0484 7228 Serial - ok
19:11:49.0546 7228 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:11:49.0546 7228 Sfloppy - ok
19:11:49.0609 7228 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:11:49.0625 7228 SharedAccess - ok
19:11:49.0640 7228 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:11:49.0656 7228 ShellHWDetection - ok
19:11:49.0656 7228 Simbad - ok
19:11:49.0703 7228 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:11:49.0703 7228 SLIP - ok
19:11:49.0750 7228 SMNDIS5 - ok
19:11:49.0796 7228 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
19:11:50.0046 7228 SMSIVZAM5 - ok
19:11:50.0906 7228 [ B64C7DC23A9C173E5766120BECAA01D9 ] SNP2STD C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
19:11:51.0968 7228 SNP2STD - ok
19:11:51.0984 7228 Sparrow - ok
19:11:52.0015 7228 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:11:52.0015 7228 splitter - ok
19:11:52.0078 7228 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:11:52.0093 7228 Spooler - ok
19:11:52.0156 7228 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:11:52.0156 7228 sr - ok
19:11:52.0218 7228 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:11:52.0218 7228 srservice - ok
19:11:52.0296 7228 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:11:52.0296 7228 Srv - ok
19:11:52.0312 7228 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:11:52.0328 7228 SSDPSRV - ok
19:11:52.0359 7228 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
19:11:52.0359 7228 StarOpen - ok
19:11:52.0437 7228 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:11:52.0437 7228 stisvc - ok
19:11:52.0468 7228 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:11:52.0468 7228 streamip - ok
19:11:52.0468 7228 SVRPEDRV - ok
19:11:52.0515 7228 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:11:52.0515 7228 swenum - ok
19:11:52.0531 7228 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:11:52.0531 7228 swmidi - ok
19:11:52.0546 7228 SwPrv - ok
19:11:52.0609 7228 [ 486A64AABD88E4E174681E89E9736BC9 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
19:11:52.0609 7228 Swupdtmr - ok
19:11:52.0625 7228 symc810 - ok
19:11:52.0625 7228 symc8xx - ok
19:11:52.0625 7228 sym_hi - ok
19:11:52.0640 7228 sym_u3 - ok
19:11:52.0703 7228 [ A6CC8C28D5AAD4179EF32F05BED55E91 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:11:52.0703 7228 SynTP - ok
19:11:52.0718 7228 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:11:52.0718 7228 sysaudio - ok
19:11:52.0765 7228 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:11:52.0765 7228 SysmonLog - ok
19:11:52.0828 7228 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:11:52.0828 7228 TapiSrv - ok
19:11:52.0937 7228 [ 36772B5EAAAF42DB5C5EE6EEB0EC0AF7 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
19:11:52.0953 7228 TAPPSRV - ok
19:11:53.0000 7228 [ 7147B0575BCC93A6AB7D5C90F47C0B9F ] tbiosdrv C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
19:11:53.0000 7228 tbiosdrv - ok
19:11:53.0078 7228 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:11:53.0125 7228 Tcpip - ok
19:11:53.0140 7228 [ FC6FE02F400308606A911640E72326B5 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
19:11:53.0156 7228 TcUsb - ok
19:11:53.0156 7228 [ CC1D7BC6A3632C55EE6D8877E9B936F3 ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
19:11:53.0156 7228 tdcmdpst - ok
19:11:53.0171 7228 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:11:53.0171 7228 TDPIPE - ok
19:11:53.0218 7228 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:11:53.0218 7228 TDTCP - ok
19:11:53.0250 7228 [ 09AA3CF863793F92276B39E74878C386 ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
19:11:53.0265 7228 tdudf - ok
19:11:53.0296 7228 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:11:53.0296 7228 TermDD - ok
19:11:53.0328 7228 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:11:53.0343 7228 TermService - ok
19:11:53.0359 7228 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:11:53.0375 7228 Themes - ok
19:11:53.0406 7228 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:11:53.0421 7228 TlntSvr - ok
19:11:53.0468 7228 [ E8E528896FF2595CFADA88749CD72EF8 ] tmactmon C:\WINDOWS\system32\DRIVERS\tmactmon.sys
19:11:53.0468 7228 tmactmon - ok
19:11:53.0484 7228 [ 1837512D4AAB862BD297A2EF035FBA14 ] tmcomm C:\WINDOWS\system32\DRIVERS\tmcomm.sys
19:11:53.0500 7228 tmcomm - ok
19:11:53.0515 7228 [ DBAC510D1C7CC66B7A78EB2264F3072E ] tmevtmgr C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
19:11:53.0515 7228 tmevtmgr - ok
19:11:53.0531 7228 [ A6E20B094A8D3E3F46D10BBE7E1EBB82 ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
19:11:53.0531 7228 tmtdi - ok
19:11:53.0578 7228 [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
19:11:53.0593 7228 TODDSrv - ok
19:11:53.0593 7228 TosIde - ok
19:11:53.0640 7228 [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
19:11:53.0640 7228 tosrfec - ok
19:11:53.0687 7228 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:11:53.0687 7228 TrkWks - ok
19:11:53.0750 7228 [ 676DB15DDF2E0FF6EC03068DEA428B8B ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
19:11:53.0750 7228 TVALD - ok
19:11:53.0765 7228 [ 546DFBA6486569120D33F7AD6E94EFDD ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
19:11:53.0765 7228 Tvs - ok
19:11:53.0828 7228 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:11:53.0828 7228 Udfs - ok
19:11:53.0828 7228 ultra - ok
19:11:53.0906 7228 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:11:53.0921 7228 UMWdf - ok
19:11:54.0015 7228 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:11:54.0015 7228 Update - ok
19:11:54.0062 7228 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:11:54.0093 7228 upnphost - ok
19:11:54.0109 7228 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:11:54.0140 7228 UPS - ok
19:11:54.0187 7228 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:11:54.0187 7228 usbccgp - ok
19:11:54.0250 7228 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:11:54.0250 7228 usbehci - ok
19:11:54.0312 7228 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:11:54.0312 7228 usbhub - ok
19:11:54.0375 7228 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:11:54.0390 7228 usbscan - ok
19:11:54.0437 7228 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:11:54.0437 7228 USBSTOR - ok
19:11:54.0437 7228 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:11:54.0437 7228 usbuhci - ok
19:11:54.0515 7228 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:11:54.0515 7228 VgaSave - ok
19:11:54.0515 7228 ViaIde - ok
19:11:54.0578 7228 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:11:54.0578 7228 VolSnap - ok
19:11:54.0625 7228 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:11:54.0640 7228 VSS - ok
19:11:54.0671 7228 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:11:54.0687 7228 W32Time - ok
19:11:54.0734 7228 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:11:54.0734 7228 Wanarp - ok
19:11:54.0765 7228 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:11:54.0765 7228 wanatw - ok
19:11:54.0781 7228 WDICA - ok
19:11:54.0812 7228 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:11:54.0812 7228 wdmaud - ok
19:11:54.0828 7228 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:11:54.0843 7228 WebClient - ok
19:11:55.0000 7228 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:11:55.0000 7228 winmgmt - ok
19:11:55.0046 7228 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:11:55.0046 7228 WmdmPmSN - ok
19:11:55.0281 7228 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:11:55.0296 7228 Wmi - ok
19:11:55.0328 7228 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:11:55.0328 7228 WmiApSrv - ok
19:11:55.0375 7228 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:11:55.0375 7228 WS2IFSL - ok
19:11:55.0421 7228 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:11:55.0437 7228 wscsvc - ok
19:11:55.0468 7228 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:11:55.0468 7228 WSTCODEC - ok
19:11:55.0500 7228 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:11:55.0500 7228 wuauserv - ok
19:11:55.0578 7228 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:11:55.0593 7228 WZCSVC - ok
19:11:55.0625 7228 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:11:55.0625 7228 xmlprov - ok
19:11:55.0656 7228 ================ Scan global ===============================
19:11:55.0703 7228 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:11:55.0765 7228 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:11:55.0781 7228 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:11:55.0812 7228 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:11:55.0812 7228 [Global] - ok
19:11:55.0812 7228 ================ Scan MBR ==================================
19:11:55.0843 7228 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
19:11:55.0843 7228 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:11:55.0875 7228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:11:55.0875 7228 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:11:55.0875 7228 ================ Scan VBR ==================================
19:11:55.0890 7228 [ D734112D03CB1CF131F0B81D1536C198 ] \Device\Harddisk0\DR0\Partition1
19:11:55.0890 7228 \Device\Harddisk0\DR0\Partition1 - ok
19:11:55.0890 7228 ============================================================
19:11:55.0890 7228 Scan finished
19:11:55.0890 7228 ============================================================
19:11:55.0906 7572 Detected object count: 1
19:11:55.0906 7572 Actual detected object count: 1
19:13:46.0531 7572 \Device\Harddisk0\DR0\# - copied to quarantine
19:13:46.0562 7572 \Device\Harddisk0\DR0 - copied to quarantine
19:13:46.0640 7572 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:13:46.0687 7572 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:13:47.0078 7572 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:13:47.0203 7572 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:13:47.0359 7572 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:13:47.0578 7572 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:13:47.0734 7572 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:13:47.0859 7572 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:13:47.0906 7572 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:13:47.0937 7572 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:13:47.0968 7572 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:14:07.0109 7572 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:14:08.0343 7572 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:14:08.0437 7572 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:14:12.0953 7572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:14:14.0140 7572 \Device\Harddisk0\DR0 - ok
19:14:14.0140 7572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

Re: espeak911 colexity777 37.220.36.44 27th August 2012, 1:51 am

Ok, give it a day or two and come back and we can so some cleanup.

Re: espeak911 colexity777 37.220.36.44 27th August 2012, 2:08 am

Superdave wrote:

Ok, give it a day or two and come back and we can so some cleanup.

Will do. No problems so far.

Re: espeak911 colexity777 37.220.36.44 29th August 2012, 6:43 am

So far so good. At this point I think the problem is gone and I THANK YOU!! No further attempts to connect to the nonexistent web sites, no more phony AV programs and I am able to search using Google.

In a couple of days I will be going to the Gulf Coast to do disaster inspections for FEMA. I don't know how long I will be gone (it could be several weeks) and I will not be taking this laptop. When I get back I will test out this laptop further and report back to you.

GeekPolice rocks!!

Re: espeak911 colexity777 37.220.36.44 29th August 2012, 11:19 pm

Ok. Keep safe in the Gulf Coast and please check in when you're back and we'll do some cleanup.

Re: espeak911 colexity777 37.220.36.44 30th August 2012, 8:02 pm

Still on standby for Isaac.

SAS scan indicates some concerns remain. See SAS log below.

Trend Micro recognized and deleted tsk002.dta. This file apparently was in TDSSKiller quarantine. TM identified it as TROJ_GEN.R11C8HS.

Not sure if the threats identified by SAS remain after TM deleted that file.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/30/2012 at 05:25 AM

Application Version : 5.5.1012

Core Rules Database Version : 9149
Trace Rules Database Version: 6961

Scan type : Complete Scan
Total Scan Time : 03:19:17

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 542
Memory threats detected : 0
Registry items scanned : 35498
Registry threats detected : 0
File items scanned : 128526
File threats detected : 436

Adware.Tracking Cookie
C:\Documents and Settings\BCB\Cookies\bcb@a.total-media[1].txt [ /a.total-media ]
C:\Documents and Settings\BCB\Cookies\bcb@ad-beta.thehill[1].txt [ /ad-beta.thehill ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.blockshopper[1].txt [ /ad.blockshopper ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.ench.kyodonews[1].txt [ /ad.ench.kyodonews ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.epochtimes[2].txt [ /ad.epochtimes ]
C:\Documents and Settings\BCB\Cookies\bcb@ad.telegraf[1].txt [ /ad.telegraf ]
C:\Documents and Settings\BCB\Cookies\bcb@ad1.adtitan[1].txt [ /ad1.adtitan ]
C:\Documents and Settings\BCB\Cookies\bcb@ad4.adfarm1.adition[2].txt [ /ad4.adfarm1.adition ]
C:\Documents and Settings\BCB\Cookies\bcb@adcentriconline[2].txt [ /adcentriconline ]
C:\Documents and Settings\BCB\Cookies\bcb@adecn[1].txt [ /adecn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.abovetopsecret[1].txt [ /ads.abovetopsecret ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.apn.co[2].txt [ /ads.apn.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.artsopolis[1].txt [ /ads.artsopolis ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.associatedcontent[2].txt [ /ads.associatedcontent ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.bleepingcomputer[1].txt [ /ads.bleepingcomputer ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.cnn[2].txt [ /ads.cnn ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.coastalcourier[2].txt [ /ads.coastalcourier ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.comcorpusa[1].txt [ /ads.comcorpusa ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.dixcom[1].txt [ /ads.dixcom ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.foodbuzz[1].txt [ /ads.foodbuzz ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.heraldnet[1].txt [ /ads.heraldnet ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.imgur[2].txt [ /ads.imgur ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.madeinwork[2].txt [ /ads.madeinwork ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.mail[1].txt [ /ads.mail ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.n-ws[1].txt [ /ads.n-ws ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.news-gazette[2].txt [ /ads.news-gazette ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.oregonnewsjournal[2].txt [ /ads.oregonnewsjournal ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pgatour[2].txt [ /ads.pgatour ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.pixiq[2].txt [ /ads.pixiq ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.react2media[2].txt [ /ads.react2media ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcmdb[1].txt [ /ads.tcmdb ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tcm[1].txt [ /ads.tcm ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.telegraph.co[1].txt [ /ads.telegraph.co ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thefrisky[1].txt [ /ads.thefrisky ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.thesmokinggun[1].txt [ /ads.thesmokinggun ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.tmnetads[1].txt [ /ads.tmnetads ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.trutv[1].txt [ /ads.trutv ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.wabi[2].txt [ /ads.wabi ]
C:\Documents and Settings\BCB\Cookies\bcb@ads.xtra[1].txt [ /ads.xtra ]
C:\Documents and Settings\BCB\Cookies\bcb@adserv.brandaffinity[1].txt [ /adserv.brandaffinity ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.clicklish[2].txt [ /adserver.clicklish ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.neworleans[2].txt [ /adserver.neworleans ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.nsadev[1].txt [ /adserver.nsadev ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver.whiznews[1].txt [ /adserver.whiznews ]
C:\Documents and Settings\BCB\Cookies\bcb@adserver2.news-journalonline[1].txt [ /adserver2.news-journalonline ]
C:\Documents and Settings\BCB\Cookies\bcb@advertising.goldseek[2].txt [ /advertising.goldseek ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.brighthouse[1].txt [ /adverts.brighthouse ]
C:\Documents and Settings\BCB\Cookies\bcb@adverts.timesofmalta[1].txt [ /adverts.timesofmalta ]
C:\Documents and Settings\BCB\Cookies\bcb@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\BCB\Cookies\bcb@allbritton.122.2o7[1].txt [ /allbritton.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@am-newyokmint-live.122.2o7[1].txt [ /am-newyokmint-live.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@amex-insights[1].txt [ /amex-insights ]
C:\Documents and Settings\BCB\Cookies\bcb@analytics.rogersmedia[1].txt [ /analytics.rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@apnonline.112.2o7[1].txt [ /apnonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@arkansasonline.112.2o7[1].txt [ /arkansasonline.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@asianmedia[2].txt [ /asianmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@atlanticmedia.122.2o7[1].txt [ /atlanticmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bannerads.forsythnews[2].txt [ /bannerads.forsythnews ]
C:\Documents and Settings\BCB\Cookies\bcb@banners.andomedia[2].txt [ /banners.andomedia ]
C:\Documents and Settings\BCB\Cookies\bcb@banners1.sninews[1].txt [ /banners1.sninews ]
C:\Documents and Settings\BCB\Cookies\bcb@bassproshops.122.2o7[1].txt [ /bassproshops.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@beacon.dmsinsights[1].txt [ /beacon.dmsinsights ]
C:\Documents and Settings\BCB\Cookies\bcb@beacons.hottraffic[1].txt [ /beacons.hottraffic ]
C:\Documents and Settings\BCB\Cookies\bcb@bellglobemediapublishing.122.2o7[1].txt [ /bellglobemediapublishing.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@biglots.112.2o7[1].txt [ /biglots.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@blethenmaine.112.2o7[1].txt [ /blethenmaine.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@bluemango.solution.weborama[2].txt [ /bluemango.solution.weborama ]
C:\Documents and Settings\BCB\Cookies\bcb@bonniercorp.122.2o7[1].txt [ /bonniercorp.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@brighthouse.122.2o7[1].txt [ /brighthouse.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@buycom.122.2o7[1].txt [ /buycom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@c.gigcount[1].txt [ /c.gigcount ]
C:\Documents and Settings\BCB\Cookies\bcb@canoe.112.2o7[1].txt [ /canoe.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@care2.112.2o7[1].txt [ /care2.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbcnewmedia.112.2o7[1].txt [ /cbcnewmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cbsdigitalmedia.112.2o7[1].txt [ /cbsdigitalmedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn1.trafficmp[1].txt [ /cdn1.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@cdn4.specificclick[2].txt [ /cdn4.specificclick ]
C:\Documents and Settings\BCB\Cookies\bcb@centralmediaserver[2].txt [ /centralmediaserver ]
C:\Documents and Settings\BCB\Cookies\bcb@chicagosuntimes.122.2o7[1].txt [ /chicagosuntimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@click2houston[2].txt [ /click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@clickbooth[1].txt [ /clickbooth ]
C:\Documents and Settings\BCB\Cookies\bcb@clickondetroit[1].txt [ /clickondetroit ]
C:\Documents and Settings\BCB\Cookies\bcb@cmn.adbureau[2].txt [ /cmn.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@cms.trafficmp[1].txt [ /cms.trafficmp ]
C:\Documents and Settings\BCB\Cookies\bcb@csm.rotator.hadj7.adjuggler[2].txt [ /csm.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@dailyheraldpaddockpublication.112.2o7[1].txt [ /dailyheraldpaddockpublication.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@dmtracker[2].txt [ /dmtracker ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aek4sgczcao.stats.esomniture[2].txt [ /e-2dj6aek4sgczcao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekiqidjmgp.stats.esomniture[2].txt [ /e-2dj6aekiqidjmgp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekoslcjagp.stats.esomniture[2].txt [ /e-2dj6aekoslcjagp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekygkajidq.stats.esomniture[2].txt [ /e-2dj6aekygkajidq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykmazalp.stats.esomniture[2].txt [ /e-2dj6aekykmazalp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekykoajwgq.stats.esomniture[1].txt [ /e-2dj6aekykoajwgq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aekyukdpwep.stats.esomniture[2].txt [ /e-2dj6aekyukdpwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aelielczmlo.stats.esomniture[1].txt [ /e-2dj6aelielczmlo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6aeliklcjwkp.stats.esomniture[2].txt [ /e-2dj6aeliklcjwkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wakokhdpidp.stats.esomniture[2].txt [ /e-2dj6wakokhdpidp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6walogjdzmfo.stats.esomniture[2].txt [ /e-2dj6walogjdzmfo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wamysod5gap.stats.esomniture[2].txt [ /e-2dj6wamysod5gap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wbliojdjedp.stats.esomniture[2].txt [ /e-2dj6wbliojdjedp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wckycgdzecq.stats.esomniture[2].txt [ /e-2dj6wckycgdzecq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wcl4woc5mdp.stats.esomniture[2].txt [ /e-2dj6wcl4woc5mdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdkiagcjako.stats.esomniture[2].txt [ /e-2dj6wdkiagcjako.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdlionazmkp.stats.esomniture[2].txt [ /e-2dj6wdlionazmkp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wdmigiazadp.stats.esomniture[2].txt [ /e-2dj6wdmigiazadp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4ehcpcgo.stats.esomniture[2].txt [ /e-2dj6wfk4ehcpcgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfk4qpc5mbp.stats.esomniture[2].txt [ /e-2dj6wfk4qpc5mbp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkicjazsho.stats.esomniture[1].txt [ /e-2dj6wfkicjazsho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkygjczogp.stats.esomniture[2].txt [ /e-2dj6wfkygjczogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfkyuiczkbq.stats.esomniture[2].txt [ /e-2dj6wfkyuiczkbq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wfliuldpieq.stats.esomniture[2].txt [ /e-2dj6wfliuldpieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoaicjokq.stats.esomniture[2].txt [ /e-2dj6wgkoaicjokq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wgkoomdpgfq.stats.esomniture[2].txt [ /e-2dj6wgkoomdpgfq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4khazwbo.stats.esomniture[2].txt [ /e-2dj6wjk4khazwbo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4kidjklp.stats.esomniture[2].txt [ /e-2dj6wjk4kidjklp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4ojazkao.stats.esomniture[2].txt [ /e-2dj6wjk4ojazkao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjk4uldpikq.stats.esomniture[1].txt [ /e-2dj6wjk4uldpikq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkokic5wdp.stats.esomniture[2].txt [ /e-2dj6wjkokic5wdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkoqid5clp.stats.esomniture[1].txt [ /e-2dj6wjkoqid5clp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajcdo.stats.esomniture[2].txt [ /e-2dj6wjkyanajcdo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyanajwep.stats.esomniture[2].txt [ /e-2dj6wjkyanajwep.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkycic5gho.stats.esomniture[2].txt [ /e-2dj6wjkycic5gho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyckdpklo.stats.esomniture[2].txt [ /e-2dj6wjkyckdpklo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkygpd5efq.stats.esomniture[2].txt [ /e-2dj6wjkygpd5efq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkykjc5efp.stats.esomniture[2].txt [ /e-2dj6wjkykjc5efp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyknczwgo.stats.esomniture[2].txt [ /e-2dj6wjkyknczwgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqndzwlp.stats.esomniture[2].txt [ /e-2dj6wjkyqndzwlp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyqpc5ieq.stats.esomniture[2].txt [ /e-2dj6wjkyqpc5ieq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkyundpadq.stats.esomniture[2].txt [ /e-2dj6wjkyundpadq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjkywkczaeq.stats.esomniture[1].txt [ /e-2dj6wjkywkczaeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4cncpiap.stats.esomniture[2].txt [ /e-2dj6wjl4cncpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4eic5ogp.stats.esomniture[2].txt [ /e-2dj6wjl4eic5ogp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjl4qjdzibp.stats.esomniture[2].txt [ /e-2dj6wjl4qjdzibp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliegcpmhp.stats.esomniture[2].txt [ /e-2dj6wjliegcpmhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlikgajgho.stats.esomniture[2].txt [ /e-2dj6wjlikgajgho.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjliohd5mhq.stats.esomniture[1].txt [ /e-2dj6wjliohd5mhq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlychczggp.stats.esomniture[2].txt [ /e-2dj6wjlychczggp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjlyemdzwao.stats.esomniture[2].txt [ /e-2dj6wjlyemdzwao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiohdzkhp.stats.esomniture[2].txt [ /e-2dj6wjmiohdzkhp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmiumczcco.stats.esomniture[2].txt [ /e-2dj6wjmiumczcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjmychajcdp.stats.esomniture[1].txt [ /e-2dj6wjmychajcdp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1gczab.stats.esomniture[1].txt [ /e-2dj6wjny-1gczab.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjny-1pcjml.stats.esomniture[1].txt [ /e-2dj6wjny-1pcjml.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyagc5gao.stats.esomniture[1].txt [ /e-2dj6wjnyagc5gao.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyamczmcq.stats.esomniture[2].txt [ /e-2dj6wjnyamczmcq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycldjahq.stats.esomniture[2].txt [ /e-2dj6wjnycldjahq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycndzcco.stats.esomniture[2].txt [ /e-2dj6wjnycndzcco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycoajacp.stats.esomniture[1].txt [ /e-2dj6wjnycoajacp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnycocpodp.stats.esomniture[2].txt [ /e-2dj6wjnycocpodp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyegd5ekp.stats.esomniture[2].txt [ /e-2dj6wjnyegd5ekp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyejdjkcp.stats.esomniture[2].txt [ /e-2dj6wjnyejdjkcp.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygldpoap.stats.esomniture[1].txt [ /e-2dj6wjnygldpoap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnygmajmgo.stats.esomniture[2].txt [ /e-2dj6wjnygmajmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyonc5sko.stats.esomniture[2].txt [ /e-2dj6wjnyonc5sko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyooc5oeo.stats.esomniture[2].txt [ /e-2dj6wjnyooc5oeo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopaziko.stats.esomniture[2].txt [ /e-2dj6wjnyopaziko.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyopc5gco.stats.esomniture[2].txt [ /e-2dj6wjnyopc5gco.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqgcpmgo.stats.esomniture[2].txt [ /e-2dj6wjnyqgcpmgo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnyqpc5ieo.stats.esomniture[2].txt [ /e-2dj6wjnyqpc5ieo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wjnywgcjgdq.stats.esomniture[2].txt [ /e-2dj6wjnywgcjgdq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoejcpofo.stats.esomniture[2].txt [ /e-2dj6wmkoejcpofo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wmkoeoazweo.stats.esomniture[2].txt [ /e-2dj6wmkoeoazweo.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4qjc5ocq.stats.esomniture[2].txt [ /e-2dj6wml4qjc5ocq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wml4ugcpiap.stats.esomniture[2].txt [ /e-2dj6wml4ugcpiap.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@e-2dj6wnmywpdpkeq.stats.esomniture[2].txt [ /e-2dj6wnmywpdpkeq.stats.esomniture ]
C:\Documents and Settings\BCB\Cookies\bcb@earthlink.122.2o7[2].txt [ /earthlink.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@edgeadx[2].txt [ /edgeadx ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-emmiscommunications.hitbox[2].txt [ /ehg-emmiscommunications.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@ehg-mgnlimited.hitbox[1].txt [ /ehg-mgnlimited.hitbox ]
C:\Documents and Settings\BCB\Cookies\bcb@enterprisemediagroup.112.2o7[1].txt [ /enterprisemediagroup.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@entrepreneur[2].txt [ /entrepreneur ]
C:\Documents and Settings\BCB\Cookies\bcb@eveningpostdigital.112.2o7[1].txt [ /eveningpostdigital.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@ewstv.112.2o7[1].txt [ /ewstv.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@examinercom.122.2o7[1].txt [ /examinercom.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@f.blogads[1].txt [ /f.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@f2network.112.2o7[1].txt [ /f2network.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@fim.122.2o7[1].txt [ /fim.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@find.myrecipes[1].txt [ /find.myrecipes ]
C:\Documents and Settings\BCB\Cookies\bcb@findarticles[2].txt [ /findarticles ]
C:\Documents and Settings\BCB\Cookies\bcb@findlinks.addresses[2].txt [ /findlinks.addresses ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.adn[2].txt [ /findnsave.adn ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.mercedsunstar[1].txt [ /findnsave.mercedsunstar ]
C:\Documents and Settings\BCB\Cookies\bcb@findnsave.thenewstribune[1].txt [ /findnsave.thenewstribune ]
C:\Documents and Settings\BCB\Cookies\bcb@firsttracksonline[1].txt [ /firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@forum.rotator.hadj7.adjuggler[2].txt [ /forum.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@foxinteractivemedia.122.2o7[1].txt [ /foxinteractivemedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@friendquestions[1].txt [ /friendquestions ]
C:\Documents and Settings\BCB\Cookies\bcb@g.blogads[2].txt [ /g.blogads ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[1].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@gdfp.g.doubleclick[2].txt [ /gdfp.g.doubleclick ]
C:\Documents and Settings\BCB\Cookies\bcb@generalelectric.112.2o7[1].txt [ /generalelectric.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@gsicace.112.2o7[1].txt [ /gsicace.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hammacher.112.2o7[1].txt [ /hammacher.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@harpo.122.2o7[1].txt [ /harpo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@haymarketbusinesspublications.122.2o7[1].txt [ /haymarketbusinesspublications.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@healthgrades.112.2o7[1].txt [ /healthgrades.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearst.112.2o7[1].txt [ /hearst.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@hearstmagazines.112.2o7[1].txt [ /hearstmagazines.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@highbeam.122.2o7[1].txt [ /highbeam.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@htmlgear.tripod[1].txt [ /htmlgear.tripod ]
C:\Documents and Settings\BCB\Cookies\bcb@hurricanetrack[1].txt [ /hurricanetrack ]
C:\Documents and Settings\BCB\Cookies\bcb@idfact.adservinginternational[2].txt [ /idfact.adservinginternational ]
C:\Documents and Settings\BCB\Cookies\bcb@idgenterprise.112.2o7[1].txt [ /idgenterprise.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@imagevenue.advertserve[2].txt [ /imagevenue.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@imrworldwide[1].txt [ /imrworldwide ]
C:\Documents and Settings\BCB\Cookies\bcb@in.getclicky[1].txt [ /in.getclicky ]
C:\Documents and Settings\BCB\Cookies\bcb@inl.adbureau[2].txt [ /inl.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@interchangecorporation.122.2o7[1].txt [ /interchangecorporation.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@invitemedia[2].txt [ /invitemedia ]
C:\Documents and Settings\BCB\Cookies\bcb@ipcmedia.122.2o7[1].txt [ /ipcmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@journalregistercompany.122.2o7[1].txt [ /journalregistercompany.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@jra.advertserve[1].txt [ /jra.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@kontera[1].txt [ /kontera ]
C:\Documents and Settings\BCB\Cookies\bcb@leeenterprises.112.2o7[1].txt [ /leeenterprises.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[10].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[11].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[4].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[8].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@liveperson[9].txt [ /liveperson ]
C:\Documents and Settings\BCB\Cookies\bcb@lockedonmedia[2].txt [ /lockedonmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[3].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@lucidmedia[4].txt [ /lucidmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@magellan.highcountrync[1].txt [ /magellan.highcountrync ]
C:\Documents and Settings\BCB\Cookies\bcb@media.angelfire.lycos[1].txt [ /media.angelfire.lycos ]
C:\Documents and Settings\BCB\Cookies\bcb@media.mtvnservices[2].txt [ /media.mtvnservices ]
C:\Documents and Settings\BCB\Cookies\bcb@media.theage.com[1].txt [ /media.theage.com ]
C:\Documents and Settings\BCB\Cookies\bcb@media.www.deltacollegian[2].txt [ /media.www.deltacollegian ]
C:\Documents and Settings\BCB\Cookies\bcb@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\BCB\Cookies\bcb@mediadecoder.blogs.nytimes[2].txt [ /mediadecoder.blogs.nytimes ]
C:\Documents and Settings\BCB\Cookies\bcb@mediaonenetwork[1].txt [ /mediaonenetwork ]
C:\Documents and Settings\BCB\Cookies\bcb@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@mlbam.112.2o7[1].txt [ /mlbam.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@molawyersmedia[1].txt [ /molawyersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@montgomeryadvertiser[1].txt [ /montgomeryadvertiser ]
C:\Documents and Settings\BCB\Cookies\bcb@msnbc.112.2o7[2].txt [ /msnbc.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nandomedia.112.2o7[1].txt [ /nandomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@netcentral.advertserve[1].txt [ /netcentral.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@network.alluremedia.com[2].txt [ /network.alluremedia.com ]
C:\Documents and Settings\BCB\Cookies\bcb@newsday.122.2o7[1].txt [ /newsday.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@newsquestdigitalmedia.122.2o7[1].txt [ /newsquestdigitalmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@nexstar.122.2o7[1].txt [ /nexstar.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@northjersey.112.2o7[1].txt [ /northjersey.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pajamasmedia[1].txt [ /pajamasmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pennwellcorp.112.2o7[1].txt [ /pennwellcorp.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@pentonmedia.122.2o7[1].txt [ /pentonmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@piercecountyherald[3].txt [ /piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@pmamedia.sitescout[1].txt [ /pmamedia.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@premiumtv.122.2o7[2].txt [ /premiumtv.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@r.unicornmedia[1].txt [ /r.unicornmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@rainbowmedia.122.2o7[1].txt [ /rainbowmedia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@rogersmedia[1].txt [ /rogersmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@samsclub.112.2o7[1].txt [ /samsclub.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoadmc.122.2o7[1].txt [ /saxoadmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxoeverett.122.2o7[1].txt [ /saxoeverett.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxofosters.122.2o7[1].txt [ /saxofosters.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@saxotoledo.122.2o7[1].txt [ /saxotoledo.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@skinsecretsexposed[2].txt [ /skinsecretsexposed ]
C:\Documents and Settings\BCB\Cookies\bcb@smokinggun.122.2o7[1].txt [ /smokinggun.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@sonyelectronicssupportus.112.2o7[1].txt [ /sonyelectronicssupportus.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@specificmedia[2].txt [ /specificmedia ]
C:\Documents and Settings\BCB\Cookies\bcb@sportingnews.122.2o7[1].txt [ /sportingnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stat.onestat[2].txt [ /stat.onestat ]
C:\Documents and Settings\BCB\Cookies\bcb@stateofgeorgia.122.2o7[1].txt [ /stateofgeorgia.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@stats-newyork1.bloxcms[3].txt [ /stats-newyork1.bloxcms ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.dallasnews[1].txt [ /stats.dallasnews ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.hostclear[1].txt [ /stats.hostclear ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.justhost[1].txt [ /stats.justhost ]
C:\Documents and Settings\BCB\Cookies\bcb@stats.synapa[1].txt [ /stats.synapa ]
C:\Documents and Settings\BCB\Cookies\bcb@statsadv.dadapro[1].txt [ /statsadv.dadapro ]
C:\Documents and Settings\BCB\Cookies\bcb@stocks.advertserve[1].txt [ /stocks.advertserve ]
C:\Documents and Settings\BCB\Cookies\bcb@stpetersburgtimes.122.2o7[1].txt [ /stpetersburgtimes.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@surveymonkey.122.2o7[1].txt [ /surveymonkey.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tangomedia.112.2o7[1].txt [ /tangomedia.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@thecountdownclock[2].txt [ /thecountdownclock ]
C:\Documents and Settings\BCB\Cookies\bcb@timeinc.122.2o7[1].txt [ /timeinc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@timesofindia.indiatimes[2].txt [ /timesofindia.indiatimes ]
C:\Documents and Settings\BCB\Cookies\bcb@torstardigital.122.2o7[1].txt [ /torstardigital.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.foxnews[2].txt [ /tracking.foxnews ]
C:\Documents and Settings\BCB\Cookies\bcb@tracking.hostgator[2].txt [ /tracking.hostgator ]
C:\Documents and Settings\BCB\Cookies\bcb@trackit.sitescout[2].txt [ /trackit.sitescout ]
C:\Documents and Settings\BCB\Cookies\bcb@traffic.prod.cobaltgroup[1].txt [ /traffic.prod.cobaltgroup ]
C:\Documents and Settings\BCB\Cookies\bcb@tribuneinteractive.122.2o7[1].txt [ /tribuneinteractive.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trinitymirror.112.2o7[1].txt [ /trinitymirror.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@trvlnet.adbureau[1].txt [ /trvlnet.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@twc.rotator.hadj7.adjuggler[2].txt [ /twc.rotator.hadj7.adjuggler ]
C:\Documents and Settings\BCB\Cookies\bcb@twctsg.122.2o7[1].txt [ /twctsg.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usatoday1.112.2o7[1].txt [ /usatoday1.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@usnews.122.2o7[1].txt [ /usnews.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@videoegg.adbureau[1].txt [ /videoegg.adbureau ]
C:\Documents and Settings\BCB\Cookies\bcb@vpmc.122.2o7[1].txt [ /vpmc.122.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@walmart.112.2o7[1].txt [ /walmart.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@webmasterplan[2].txt [ /webmasterplan ]
C:\Documents and Settings\BCB\Cookies\bcb@wpni.112.2o7[1].txt [ /wpni.112.2o7 ]
C:\Documents and Settings\BCB\Cookies\bcb@www.3dstats[1].txt [ /www.3dstats ]
C:\Documents and Settings\BCB\Cookies\bcb@www.click2houston[1].txt [ /www.click2houston ]
C:\Documents and Settings\BCB\Cookies\bcb@www.firsttracksonline[2].txt [ /www.firsttracksonline ]
C:\Documents and Settings\BCB\Cookies\bcb@www.piercecountyherald[1].txt [ /www.piercecountyherald ]
C:\Documents and Settings\BCB\Cookies\bcb@www.seeclickfix[1].txt [ /www.seeclickfix ]
C:\Documents and Settings\BCB\Cookies\bcb@www.visitor-track[1].txt [ /www.visitor-track ]
C:\Documents and Settings\BCB\Cookies\bcb@www3.addfreestats[2].txt [ /www3.addfreestats ]
C:\Documents and Settings\BCB\Cookies\bcb@xiti[1].txt [ /xiti ]
C:\Documents and Settings\BCB\Cookies\bcb@yieldmanager[2].txt [ /yieldmanager ]
C:\Documents and Settings\BCB\Cookies\bcb@zbox.zanox[1].txt [ /zbox.zanox ]
C:\Documents and Settings\BCB\Cookies\UNQIO8UU.txt [ /stats.townnews.com ]
C:\Documents and Settings\BCB\Cookies\C7JGB7PR.txt [ /c4.zedo.com ]
C:\Documents and Settings\BCB\Cookies\QGT7VU24.txt [ /journalregistercompany.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\R3FUL3K3.txt [ /usatoday1.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\XB32BA2G.txt [ /at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\AMRKM6AW.txt [ /imrworldwide.com ]
C:\Documents and Settings\BCB\Cookies\ZZ6XC431.txt [ /ad2.adfarm1.adition.com ]
C:\Documents and Settings\BCB\Cookies\P2RRX9OM.txt [ /ads.pointroll.com ]
C:\Documents and Settings\BCB\Cookies\N282H5IB.txt [ /a1.interclick.com ]
C:\Documents and Settings\BCB\Cookies\2IETOEWY.txt [ /lucidmedia.com ]
C:\Documents and Settings\BCB\Cookies\YZ3B8MS4.txt [ /c.atdmt.com ]
C:\Documents and Settings\BCB\Cookies\4IYTV9EJ.txt [ /findnsave.sacbee.com ]
C:\Documents and Settings\BCB\Cookies\BSJL0C3B.txt [ /adxpose.com ]
C:\Documents and Settings\BCB\Cookies\9BIWHLJO.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\BCB\Cookies\LBQQK29C.txt [ /ads.adultwebads.net ]
C:\Documents and Settings\BCB\Cookies\S18ZCBX5.txt [ /advertising.com ]
C:\Documents and Settings\BCB\Cookies\KKG7KT5S.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\833O1GEK.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\BCB\Cookies\2ESKDTBK.txt [ /zedo.com ]
C:\Documents and Settings\BCB\Cookies\YRVVICKK.txt [ /pointroll.com ]
C:\Documents and Settings\BCB\Cookies\P967QC2E.txt [ /tribalfusion.com ]
C:\Documents and Settings\BCB\Cookies\CA00NYP7.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\BCB\Cookies\M6H5R6NR.txt [ /insightexpressai.com ]
C:\Documents and Settings\BCB\Cookies\SHCQBS3D.txt [ /yieldmanager.net ]
C:\Documents and Settings\BCB\Cookies\DUCFW2X2.txt [ /invitemedia.com ]
C:\Documents and Settings\BCB\Cookies\VKW0L7NA.txt [ /survey.g.doubleclick.net ]
C:\Documents and Settings\BCB\Cookies\KA6NC0N7.txt [ /cbsdigitalmedia.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\3S7ZTAG6.txt [ /apmebf.com ]
C:\Documents and Settings\BCB\Cookies\KO0CUATR.txt [ /saymedia.com ]
C:\Documents and Settings\BCB\Cookies\MYZ20EY3.txt [ /histats.com ]
C:\Documents and Settings\BCB\Cookies\GGJOWK0L.txt [ /s.clickability.com ]
C:\Documents and Settings\BCB\Cookies\376TLEO4.txt [ /burstnet.com ]
C:\Documents and Settings\BCB\Cookies\DXK51NMH.txt [ /ads.fdma-media.com ]
C:\Documents and Settings\BCB\Cookies\6KU2PTLO.txt [ /adinterax.com ]
C:\Documents and Settings\BCB\Cookies\D7OE1ZEK.txt [ /yadro.ru ]
C:\Documents and Settings\BCB\Cookies\IAO8WAHB.txt [ /statcounter.com ]
C:\Documents and Settings\BCB\Cookies\M1RYX1YV.txt [ /collective-media.net ]
C:\Documents and Settings\BCB\Cookies\XG7OU6N9.txt [ /ads.cnn.com ]
C:\Documents and Settings\BCB\Cookies\NE4KC6PU.txt [ /overture.com ]
C:\Documents and Settings\BCB\Cookies\VDUZ1CTU.txt [ /doubleclick.net ]
C:\Documents and Settings\BCB\Cookies\4HPSZ2JB.txt [ /media6degrees.com ]
C:\Documents and Settings\BCB\Cookies\YHTJITLC.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\BCB\Cookies\ANXYIR0Z.txt [ /ads.undertone.com ]
C:\Documents and Settings\BCB\Cookies\Q8AGJ9BR.txt [ /fastclick.net ]
C:\Documents and Settings\BCB\Cookies\RPKR1K2A.txt [ /premiumtv.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\ZOF1LHXV.txt [ /2o7.net ]
C:\Documents and Settings\BCB\Cookies\G2H4R3XZ.txt [ /realmedia.com ]
C:\Documents and Settings\BCB\Cookies\CJKQ2UJM.txt [ /legolas-media.com ]
C:\Documents and Settings\BCB\Cookies\4IHMYK3P.txt [ /revsci.net ]
C:\Documents and Settings\BCB\Cookies\903JB8G3.txt [ /questionmarket.com ]
C:\Documents and Settings\BCB\Cookies\YXVNBLWB.txt [ /kanoodle.com ]
C:\Documents and Settings\BCB\Cookies\NS7PLKFN.txt [ /adbrite.com ]
C:\Documents and Settings\BCB\Cookies\VCW6X5C7.txt [ /www.googleadservices.com ]
C:\Documents and Settings\BCB\Cookies\TQK7U9P0.txt [ /accounts.google.com ]
C:\Documents and Settings\BCB\Cookies\SXW0YJVI.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\BCB\Cookies\J43QC3ZK.txt [ /adtech.de ]
C:\Documents and Settings\BCB\Cookies\JOX16A33.txt [ /serving-sys.com ]
C:\Documents and Settings\BCB\Cookies\GI0F76WE.txt [ /casalemedia.com ]
C:\Documents and Settings\BCB\Cookies\2505O1CO.txt [ /ad.360yield.com ]
C:\Documents and Settings\BCB\Cookies\1G9AAJM3.txt [ /clickbooth.com ]
C:\Documents and Settings\BCB\Cookies\EGBH7JW6.txt [ /mediaplex.com ]
C:\Documents and Settings\BCB\Cookies\BGQE1R2L.txt [ /ar.atwola.com ]
C:\Documents and Settings\BCB\Cookies\PPWCFQG3.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\BCB\Cookies\15B3E1B4.txt [ /interclick.com ]
C:\Documents and Settings\BCB\Cookies\0JK6DFAQ.txt [ /eset.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\IOLQHCIK.txt [ /ru4.com ]
C:\Documents and Settings\BCB\Cookies\02B561PJ.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\BCB\Cookies\21M5VCRL.txt [ /atdmt.com ]
C:\Documents and Settings\BCB\Cookies\GCQ7O1PQ.txt [ /ads.wheresgeorge.com ]
C:\Documents and Settings\BCB\Cookies\QVUSXH0R.txt [ /stats.townnews.com ]
C:\Documents and Settings\BCB\Cookies\GKM60GC8.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\BCB\Cookies\KTMHA7WR.txt [ /www.burstnet.com ]
C:\Documents and Settings\BCB\Cookies\IE23140D.txt [ /earthlink.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\KVR9MW7S.txt [ /kontera.com ]
C:\Documents and Settings\BCB\Cookies\9ZJIOFWK.txt [ /clickorlando.com ]
C:\Documents and Settings\BCB\Cookies\8ABQMFHV.txt [ /adfarm1.adition.com ]
C:\Documents and Settings\BCB\Cookies\TQYOLMT7.txt [ /mediaforceltd.go2jump.org ]
C:\Documents and Settings\BCB\Cookies\FKKL5237.txt [ /adlegend.com ]
C:\Documents and Settings\BCB\Cookies\PV1X47G2.txt [ /gntbcstglobal.112.2o7.net ]
C:\Documents and Settings\BCB\Cookies\1UMGBJE5.txt [ /pro-market.net ]
C:\Documents and Settings\BCB\Cookies\I1BF3VQO.txt [ /rtst.122.2o7.net ]
C:\Documents and Settings\BCB\Cookies\6CPQBJRQ.txt [ /www.clickorlando.com ]
C:\Documents and Settings\BCB\Cookies\H599CV5W.txt [ /ads.gainesvilletimes.com ]
C:\Documents and Settings\BCB\Cookies\AA3LVW9N.txt [ /countrymusic.about.com ]
C:\Documents and Settings\BCB\Cookies\58WSV02I.txt [ /mycountdown.org ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\IBUTFFT1.txt [ Cookie:bcb@4.docs.google.com/comments/d/AAHRpnXto8RlTI8e-uP8k25Ll2y6TJR12tk_ITTUgseXMKDZztbuAOIXCoQ_29yiT8oWtiwnQNRZQ17tOFgKZHyxu8j7e0oX0aRtTuuOLk8ul8MBJp0eVdh1hZwc9Wk0zzXO36XZgbBJe ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\Q9L3JG1P.txt [ Cookie:bcb@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\JZWDK2YR.txt [ Cookie:bcb@raproducts.org/click/ ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\35IB4D6E.txt [ Cookie:bcb@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\BCB\Cookies\DH01I0U4.txt [ Cookie:bcb@www.google.com/accounts ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\B70LQP15.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SNG8A5K3.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\U11MKS8B.txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\19PL0WEJ.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\EFXXXTXE.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZQD33IQ0.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0GN4JXC0.txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\A1356LLA.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XW64PXXS.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\G7905EN5.txt [ Cookie:system@adjuggler.com/ ]
cloudfront.mediamatters.org [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96MX99A5 ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkyaocjefo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wcmiumcpefp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjk4elc5kfo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.earthlink.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\54GEMTTM.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BCB\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VBLRHRP5 ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8U54TQD5 ]

Trace.Known Threat Sources
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\RPHTFM4R\crossdomain[1].xml [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\8GICOI7J\8727aaf2ee90e_2176330[1].flv [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\S9XTMZWL\259c2f3865062_2176470[1].mp4 [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\BNO9Y4F3\51b6bc5fbbdc2_2176478[1].mp4 [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\RPHTFM4R\7922f78e7b923_2176462[1].mp4 [ cache:wista ]

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP3\A0000282.EXE

Re: espeak911 colexity777 37.220.36.44 30th August 2012, 10:20 pm

The infections in quarantine will disappear when we remove those tools. As for SAS it will be a good idea to keep SAS and MBAM on your computer, if you have room for them. Update them and run them on a regular basis. Let's clean up the rest of them.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

espeak911 colexity777 37.220.36.44 Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
**************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Re: espeak911 colexity777 37.220.36.44 31st August 2012, 7:17 am

Got the call to head to New Orleans. I won't be able to follow the above tasks until I return, which could be a few weeks. I will pick this up when I get back home.

Thanks again.

Re: espeak911 colexity777 37.220.36.44 31st August 2012, 7:26 pm

You're welcome. Stay safe.

Re: espeak911 colexity777 37.220.36.44 13th October 2012, 5:30 am

OK. I am back home now and I have a new problem. I will start a new thread for my new problem with view.atdmt (sometimes cannot use the 'Back' button).

Thanks again for the help on the original problem.

Re: espeak911 colexity777 37.220.36.44 13th October 2012, 6:56 pm

Hobo wrote:

OK. I am back home now and I have a new problem. I will start a new thread for my new problem with view.atdmt (sometimes cannot use the 'Back' button).

Thanks again for the help on the original problem.

We'll be watching for it.

Re: espeak911 colexity777 37.220.36.44

Permissions in this forum:

You cannot reply to topics in this forum

espeak911 colexity777 37.220.36.44

descriptionespeak911 colexity777 37.220.36.44 20th August 2012, 1:25 am

descriptionRe: espeak911 colexity777 37.220.36.44 20th August 2012, 1:25 am

descriptionRe: espeak911 colexity777 37.220.36.44 20th August 2012, 1:26 am

descriptionRe: espeak911 colexity777 37.220.36.44 20th August 2012, 1:27 am

descriptionRe: espeak911 colexity777 37.220.36.44 21st August 2012, 1:02 am

descriptionRe: espeak911 colexity777 37.220.36.44 21st August 2012, 11:03 pm

descriptionRe: espeak911 colexity777 37.220.36.44 22nd August 2012, 3:45 pm

descriptionRe: espeak911 colexity777 37.220.36.44 22nd August 2012, 3:52 pm

descriptionRe: espeak911 colexity777 37.220.36.44 22nd August 2012, 4:02 pm

descriptionRe: espeak911 colexity777 37.220.36.44 22nd August 2012, 4:27 pm

descriptionRe: espeak911 colexity777 37.220.36.44 22nd August 2012, 7:00 pm

descriptionRe: espeak911 colexity777 37.220.36.44 22nd August 2012, 7:16 pm

descriptionRe: espeak911 colexity777 37.220.36.44 22nd August 2012, 9:42 pm

descriptionRe: espeak911 colexity777 37.220.36.44 23rd August 2012, 7:30 pm

descriptionRe: espeak911 colexity777 37.220.36.44 24th August 2012, 12:30 am

descriptionRe: espeak911 colexity777 37.220.36.44 24th August 2012, 12:55 am

descriptionRe: espeak911 colexity777 37.220.36.44 24th August 2012, 3:15 am

descriptionRe: espeak911 colexity777 37.220.36.44 24th August 2012, 4:14 am

descriptionRe: espeak911 colexity777 37.220.36.44 24th August 2012, 7:24 pm

descriptionRe: espeak911 colexity777 37.220.36.44 25th August 2012, 12:38 am

descriptionRe: espeak911 colexity777 37.220.36.44 25th August 2012, 1:28 am

descriptionRe: espeak911 colexity777 37.220.36.44 25th August 2012, 2:03 am

descriptionRe: espeak911 colexity777 37.220.36.44 25th August 2012, 4:56 pm

descriptionRe: espeak911 colexity777 37.220.36.44 25th August 2012, 7:39 pm

descriptionRe: espeak911 colexity777 37.220.36.44 25th August 2012, 8:05 pm

descriptionRe: espeak911 colexity777 37.220.36.44 25th August 2012, 8:17 pm

descriptionRe: espeak911 colexity777 37.220.36.44 25th August 2012, 10:08 pm

descriptionRe: espeak911 colexity777 37.220.36.44 25th August 2012, 10:36 pm

descriptionRe: espeak911 colexity777 37.220.36.44 26th August 2012, 11:49 pm

descriptionRe: espeak911 colexity777 37.220.36.44 27th August 2012, 1:40 am

descriptionRe: espeak911 colexity777 37.220.36.44 27th August 2012, 1:51 am

descriptionRe: espeak911 colexity777 37.220.36.44 27th August 2012, 2:08 am

descriptionRe: espeak911 colexity777 37.220.36.44 29th August 2012, 6:43 am

descriptionRe: espeak911 colexity777 37.220.36.44 29th August 2012, 11:19 pm

descriptionRe: espeak911 colexity777 37.220.36.44 30th August 2012, 8:02 pm

descriptionRe: espeak911 colexity777 37.220.36.44 30th August 2012, 10:20 pm

descriptionRe: espeak911 colexity777 37.220.36.44 31st August 2012, 7:17 am

descriptionRe: espeak911 colexity777 37.220.36.44 31st August 2012, 7:26 pm

descriptionRe: espeak911 colexity777 37.220.36.44 13th October 2012, 5:30 am

descriptionRe: espeak911 colexity777 37.220.36.44 13th October 2012, 6:56 pm

descriptionRe: espeak911 colexity777 37.220.36.44