Jump to content

Malware infection - need assistance please


bubhead

Recommended Posts

Hi,

I have a Win XP SP3 installation with the following issues:

  • MBAM will install and do the initial update but will not run more than 5 seconds. It simply disappears. I have tried renaming the exe file but it doesn't matter.
  • Comcast Secure backup will not run (fails communication with server).
  • Avira Antivirus will run and scan but will not update. I was able to update manually.
  • Cactus Spam filter will not run. It will not show anything on the screen.
  • Trueweather will not run. It will not show anything on the screen.
  • Google searches about trojans will fail sometimes.
  • Attempting to go directly to some security product webpages will fail.
  • Have not had specific webpage or search redirects in either Internet Explorer nor Firefox.
  • There may be other programs that fail that I have not tried.

Have been able to run Trojan Hunter, Super Antispyware, Spyware Doctor, Dr Web Cure-it, and Avira Antivirus. All except Avira found items and supposedly eradicated or quarantined them. They range from Fakealert Trojans to AuxSpy trojans to simple adware cookies. I've run most of these in safe mode.

Ran Defogger and DDS successfully. DDS logs are attached.

GMER will run but fails pretty early in the process and shuts down the system with a RPC call fault. It did this several times in a row until I gave up on it.

Thanks in advance for any assistance you may be able to provide. There may be several hours in between actions on my end as I work a lot and have to check this forum from work sometimes.

Alan

DDS.txt

Attach.txt

Link to post
Share on other sites

I got GMER to run last night - in safe mode.

Can anybody help?

Alan

DDS (Ver_10-03-17.01) - NTFSx86

Run by Alan Brown at 20:09:27.50 on Tue 09/14/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.358 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\Explorer.EXE

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe

C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Concentra\VPN Client\cvpnd.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Citrix\Secure Access Client\nsverctl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\TrojanHunter 5.1\THGuard.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\NoAds\NoAds.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe

C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\clipmt40\CLIPMT45.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Alan Brown\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/index.html

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints toolbar 2.0\Toolbar.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: SnapShotsHelper Class: {bb81c3db-2dea-4ae9-96b3-13e6661ff03b} - c:\program files\snap shots\snapbar.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Snap Shots: {8cd8ea48-d284-477e-b6df-85d1e39d855f} - c:\program files\snap shots\snapbar.dll

TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints toolbar 2.0\Toolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

uRun: [NoAds] "c:\program files\noads\NoAds.exe"

uRun: [com.codeode.cactusspamfilter] "c:\program files\cactus spam filter 2.13\cactusspamfilter.exe" -minimized

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [THGuard] "c:\program files\trojanhunter 5.1\THGuard.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alanbr~1\startm~1\programs\startup\clipmate 4.5.lnk - c:\program files\clipmt40\CLIPMT45.exe

StartupFolder: c:\docume~1\alanbr~1\startm~1\programs\startup\desktop weather authority.lnk - c:\program files\common files\desktop weather authority\TrueWeather.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ashampoo magical defrag.lnk - c:\program files\ashampoo\ashampoo magical defrag\bin\aDefragCtrl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure backup and share status.lnk - c:\program files\securebackupshare\ComcastSecureBackupSharestat.exe

uPolicies-explorer: NoFileAssociate = 0 (0x0)

mPolicies-explorer: NoFileAssociate = 0 (0x0)

IE:

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

Trusted Zone: cvtyapps.com\webapps-pdc

Trusted Zone: intuit.com\ttlc

Trusted Zone: taxactonline.com\www

Trusted Zone: turbotax.com

DPF: {181BCAB2-C89B-4E4B-9E6B-59FA67A426B5} - hxxps://webapps.cvty.com/epa/nsepa.ocx

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {36299202-09EF-4ABF-ADB9-47C599DBE779} - hxxps://admin.na3.acrobat.com/_a759220994/validator/default/LTAWvalidation.cab

DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146795585671

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://coventry.webex.com/client/wbs26-vzbprodcn/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alanbr~1\applic~1\mozilla\firefox\profiles\7lulsbu2.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com

FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=

FF - component: c:\documents and settings\alan brown\application data\mozilla\firefox\profiles\7lulsbu2.default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}\components\Engine.dll

FF - component: c:\documents and settings\alan brown\application data\mozilla\firefox\profiles\7lulsbu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: c:\documents and settings\alan brown\application data\mozilla\firefox\profiles\7lulsbu2.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll

FF - plugin: c:\documents and settings\alan brown\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\alan brown\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\alan brown\application data\mozilla\firefox\profiles\7lulsbu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbrowster.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.03.13c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-13 237632]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-9-13 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-9-13 656320]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-16 11608]

R1 cdfdrv;Cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [2008-7-27 27672]

R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [2010-3-13 54776]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-16 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-16 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-16 56816]

R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\securebackupshare\ComcastSecureBackupSharebackup.exe [2010-2-9 45896]

R2 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [2008-8-16 22808]

R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [2008-8-16 185880]

R2 nsverctl;Citrix Secure Access Client Service;c:\program files\citrix\secure access client\nsverctl.exe [2009-3-27 135168]

R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2009-3-27 73368]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2010-9-13 235472]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-10-4 8704]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-10-4 3072]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-1-14 39048]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-9-13 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-9-13 1145816]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-5-4 189792]

S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [2004-11-26 13696]

=============== Created Last 30 ================

2010-09-15 01:08:14 0 ----a-w- c:\documents and settings\alan brown\defogger_reenable

2010-09-15 01:05:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-15 01:05:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-13 19:12:44 767952 ----a-w- c:\windows\BDTSupport.dll

2010-09-13 19:12:43 882 ----a-w- c:\windows\RegSDImport.xml

2010-09-13 19:12:43 879 ----a-w- c:\windows\RegISSImport.xml

2010-09-13 19:12:43 739280 ----a-w- c:\windows\PCTBDRes.dll

2010-09-13 19:12:43 2074 ----a-w- c:\windows\UDB.zip

2010-09-13 19:12:43 1865680 ----a-w- c:\windows\PCTBDCore.dll

2010-09-13 19:12:43 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-09-13 19:12:43 131 ----a-w- c:\windows\IDB.zip

2010-09-13 19:11:10 727750 ----a-w- c:\windows\system32\drivers\Cat.DB

2010-09-13 19:11:09 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2010-09-13 19:11:09 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2010-09-13 19:11:06 247824 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-09-13 19:11:01 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-09-13 19:11:01 159296 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-09-13 19:10:50 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2010-09-13 19:10:50 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-09-13 19:10:50 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2010-09-13 19:10:50 123968 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2010-09-13 19:10:28 0 d-----w- c:\program files\PC Tools Security

2010-09-13 19:10:28 0 d-----w- c:\program files\common files\PC Tools

2010-09-13 19:10:28 0 d-----w- c:\docume~1\alanbr~1\applic~1\PC Tools

2010-09-12 17:18:47 0 d-----w- c:\documents and settings\alan brown\DoctorWeb

2010-09-11 23:44:09 0 d-sha-r- C:\cmdcons

2010-09-11 23:28:25 98816 ----a-w- c:\windows\sed.exe

2010-09-11 23:28:25 77312 ----a-w- c:\windows\MBR.exe

2010-09-11 23:28:25 256512 ----a-w- c:\windows\PEV.exe

2010-09-11 23:28:25 161792 ----a-w- c:\windows\SWREG.exe

2010-09-11 15:21:03 0 d-----w- c:\program files\Cactus Spam Filter 3.01

2010-08-30 22:19:13 720 ----a-w- c:\windows\system32\history.aaw

2010-08-30 22:19:13 2688 ----a-w- c:\windows\system32\settings.aaw

2010-08-30 14:44:17 0 d-----w- c:\program files\SpywareBlaster

2010-08-16 13:38:38 0 d-----w- c:\program files\iPod

2010-08-16 13:38:25 0 d-----w- c:\program files\iTunes

2010-08-16 13:38:25 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-20 19:23:52 9013160 ----a-w- c:\documents and settings\all users\TempComcastSecureBackupShare-update-fd7a4104d2b2d587567c73de831db04b.exe

2010-06-18 17:45:17 293376 ----a-w- c:\windows\system32\winsrv.dll

2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll

2008-08-31 02:59:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat

============= FINISH: 20:11:31.82 ===============

Ark.zip

Attach.txt

Link to post
Share on other sites

  • Root Admin

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Thanks for attempting to help, Ron.

Here is the Combofix log:

ComboFix 10-09-19.01 - Alan Brown 09/19/2010 21:35:02.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.734 [GMT -5:00]

Running from: c:\documents and settings\Alan Brown\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))

.

2010-09-16 03:39 . 2010-09-09 01:45 615568 ----a-w- c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-09-16 03:39 . 2010-09-09 01:45 640264 ----a-w- c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-09-15 01:05 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-15 01:05 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-13 19:12 . 2010-08-30 18:57 767952 ----a-w- c:\windows\BDTSupport.dll

2010-09-13 19:12 . 2010-09-02 20:00 739280 ----a-w- c:\windows\PCTBDRes.dll

2010-09-13 19:12 . 2010-09-02 20:00 1865680 ----a-w- c:\windows\PCTBDCore.dll

2010-09-13 19:12 . 2010-08-26 14:30 2074 ----a-w- c:\windows\UDB.zip

2010-09-13 19:10 . 2010-09-13 19:10 -------- d-----w- c:\documents and settings\Alan Brown\Application Data\PC Tools

2010-09-13 19:08 . 2010-09-13 19:09 76704960 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe

2010-09-12 17:18 . 2010-09-12 17:18 -------- d-----w- c:\documents and settings\Alan Brown\DoctorWeb

2010-09-11 22:24 . 2010-09-13 15:45 63488 ----a-w- c:\documents and settings\Alan Brown\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-11 22:24 . 2010-09-11 22:24 52224 ----a-w- c:\documents and settings\Alan Brown\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-11 15:21 . 2010-09-11 15:21 -------- d-----w- c:\program files\Cactus Spam Filter 3.01

2010-09-09 00:16 . 2010-06-02 15:28 865792 ----a-w- c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll

2010-08-30 14:44 . 2010-08-30 14:46 -------- d-----w- c:\program files\SpywareBlaster

2010-08-26 21:09 . 2010-08-26 21:09 -------- d-----w- c:\program files\QuickTime

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-20 02:17 . 2008-05-03 00:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-17 01:54 . 2009-05-14 00:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-14 23:56 . 2010-09-13 19:10 -------- d-----w- c:\program files\PC Tools Security

2010-09-14 22:05 . 2010-09-13 19:11 727750 ----a-w- c:\windows\system32\drivers\Cat.DB

2010-09-13 19:12 . 2010-09-13 19:10 -------- d-----w- c:\program files\Common Files\PC Tools

2010-09-13 19:10 . 2009-05-14 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-09-13 15:44 . 2009-05-14 13:06 117760 ----a-w- c:\documents and settings\Alan Brown\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-13 15:19 . 2006-05-05 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-12 00:41 . 2009-05-14 14:32 -------- d-----w- c:\program files\TrojanHunter 5.1

2010-09-11 23:53 . 2007-08-31 14:56 -------- d-----w- c:\program files\mypoints

2010-09-11 23:31 . 2009-07-06 22:54 -------- d-----w- c:\documents and settings\Alan Brown\Application Data\ZoomBrowser EX

2010-09-11 22:21 . 2009-05-16 16:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-11 20:23 . 2006-05-05 03:35 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-09 02:42 . 2009-11-23 21:56 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-05 16:55 . 2009-10-05 19:01 -------- d-----w- c:\documents and settings\Alan Brown\Application Data\HpUpdate

2010-09-03 16:28 . 2010-09-13 19:10 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2010-09-03 15:46 . 2010-09-13 00:16 2883958 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll

2010-09-01 16:21 . 2010-09-13 19:11 159296 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-09-01 15:13 . 2010-09-13 19:11 247824 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-08-31 01:06 . 2006-05-04 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink

2010-08-30 18:55 . 2006-05-05 03:22 107 ----a-w- c:\windows\Recorder.dat

2010-08-27 13:26 . 2010-09-13 19:10 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-08-27 13:26 . 2010-09-13 19:10 123968 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2010-08-26 16:57 . 2010-09-13 00:16 1364346 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll

2010-08-26 16:57 . 2010-09-13 00:16 397684 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll

2010-08-26 16:57 . 2010-09-13 00:16 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll

2010-08-23 14:36 . 2010-09-13 19:12 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-08-18 18:51 . 2010-09-13 19:11 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-08-18 11:13 . 2006-05-05 02:55 -------- d-----w- c:\documents and settings\Alan Brown\Application Data\Apple Computer

2010-08-17 13:17 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 13:39 . 2010-08-16 13:38 -------- d-----w- c:\program files\iTunes

2010-08-16 13:39 . 2010-08-16 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-16 13:38 . 2010-08-16 13:38 -------- d-----w- c:\program files\iPod

2010-08-16 13:38 . 2007-08-17 00:30 -------- d-----w- c:\program files\Common Files\Apple

2010-08-16 13:24 . 2009-06-04 19:32 -------- d-----w- c:\program files\Bonjour

2010-08-16 13:18 . 2010-08-16 13:18 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-08-14 04:00 . 2007-02-02 09:17 -------- d-----w- c:\program files\Windows Media Connect 2

2010-08-14 03:36 . 2007-09-16 21:40 -------- d-----w- c:\program files\Amazon

2010-08-14 03:36 . 2007-09-16 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon

2010-08-14 03:36 . 2006-05-02 03:06 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-10 21:58 . 2010-09-13 19:10 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2010-08-08 23:30 . 2009-05-14 22:53 -------- d-----w- c:\program files\a-squared Free

2010-08-08 02:02 . 2009-05-16 16:48 -------- d-----w- c:\program files\CCleaner

2010-08-06 23:53 . 2010-09-13 00:16 471412 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll

2010-07-29 22:54 . 2010-09-13 00:16 106868 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll

2010-07-29 19:29 . 2010-04-24 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2010-07-29 15:22 . 2006-05-04 02:25 -------- d-----w- c:\program files\NoAds

2010-07-22 15:49 . 2002-08-29 08:41 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-16 11:05 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-21 21:44 . 2010-09-13 00:16 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll

2010-07-20 19:34 . 2010-09-13 00:16 614772 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll

2010-07-20 19:34 . 2010-09-13 00:16 192887 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll

2010-07-16 19:59 . 2010-09-13 19:11 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2010-07-16 19:59 . 2010-09-13 19:11 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2010-06-30 12:31 . 2002-08-29 08:41 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2002-08-29 08:41 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2002-08-29 07:14 1851904 ----a-w- c:\windows\system32\win32k.sys

2008-10-27 16:17 . 2008-10-27 16:17 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2008-10-27 16:17 . 2008-10-27 16:17 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2008-10-27 16:17 . 2008-10-27 16:17 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll

2008-08-16 23:42 . 2008-08-16 23:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 23:42 . 2008-08-16 23:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 23:42 . 2008-08-16 23:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 23:42 . 2008-08-16 23:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 23:43 . 2008-08-16 23:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 23:42 . 2008-08-16 23:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 23:42 . 2008-08-16 23:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-10-27 16:17 . 2008-10-27 16:17 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2008-05-21 14:41 . 2008-05-21 14:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 14:41 . 2008-05-21 14:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 14:41 . 2008-05-21 14:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll

2008-06-05 19:58 . 2008-06-05 19:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 23:42 . 2008-08-16 23:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-09-11_23.54.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-20 02:18 . 2010-09-20 02:18 16384 c:\windows\temp\Perflib_Perfdata_6d8.dat

+ 2010-08-14 04:00 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll

+ 2001-08-23 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

+ 2002-08-29 08:41 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll

- 2002-08-29 08:41 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll

- 2002-08-29 08:41 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll

+ 2002-08-29 08:41 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll

+ 2006-10-19 03:47 . 2010-03-30 17:24 317440 c:\windows\system32\mp4sdecd.dll

- 2006-10-19 03:47 . 2009-01-31 01:33 317440 c:\windows\system32\MP4SDECD.dll

+ 2006-05-02 02:52 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll

+ 2002-08-29 08:41 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll

- 2002-08-29 08:41 . 2008-04-14 00:12 293376 c:\windows\system32\dllcache\winsrv.dll

- 2002-08-29 08:41 . 2008-04-14 00:12 406016 c:\windows\system32\dllcache\usp10.dll

+ 2002-08-29 08:41 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll

+ 2002-08-29 08:41 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll

+ 2010-03-30 17:24 . 2010-03-30 17:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll

+ 2008-08-13 11:00 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2006-05-05 02:32 . 2010-09-14 21:57 35552200 c:\windows\system32\MRT.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]

2009-11-20 23:17 1440768 ----a-w- c:\program files\MyPoints Toolbar 2.0\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B}]

2007-08-16 01:02 380928 ----a-w- c:\program files\Snap Shots\snapbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= "c:\program files\Snap Shots\snapbar.dll" [2007-08-16 380928]

"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-20 1440768]

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]

[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]

[HKEY_CLASSES_ROOT\TypeLib\{F57712B7-CEDB-4C0E-915B-4BB043CEF769}]

[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]

[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]

[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= "c:\program files\Snap Shots\snapbar.dll" [2007-08-16 380928]

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]

[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]

[HKEY_CLASSES_ROOT\TypeLib\{F57712B7-CEDB-4C0E-915B-4BB043CEF769}]

[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]

@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"

[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]

2010-06-18 13:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]

@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"

[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]

2010-06-18 13:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]

@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"

[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]

2010-06-18 13:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]

"NoAds"="c:\program files\NoAds\NoAds.exe" [2006-05-04 122880]

"com.codeode.cactusspamfilter"="c:\program files\Cactus Spam Filter 2.13\cactusspamfilter.exe" [2006-04-30 749568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"THGuard"="c:\program files\TrojanHunter 5.1\THGuard.exe" [2009-05-11 1061536]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704]

"nwiz"="nwiz.exe" [2004-05-14 831488]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-05-14 81920]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Alan Brown\Start Menu\Programs\Startup\

ClipMate 4.5.lnk - c:\program files\clipmt40\CLIPMT45.exe [2006-5-3 975872]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Ashampoo Magical Defrag.lnk - c:\program files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe [2008-7-6 4538672]

Secure Backup and Share Status.lnk - c:\program files\SecureBackupShare\ComcastSecureBackupSharestat.exe [2010-6-18 2374984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2007-05-11 03:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=

"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=

"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/13/2010 2:11 PM 237632]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/13/2010 2:11 PM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [9/13/2010 2:11 PM 656320]

R1 cdfdrv;Cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [7/27/2008 8:14 PM 27672]

R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [3/13/2010 9:52 PM 54776]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/16/2009 6:33 PM 108289]

R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2/9/2010 10:02 AM 45896]

R2 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [8/16/2008 8:51 PM 22808]

R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [8/16/2008 8:51 PM 185880]

R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [3/27/2009 10:11 PM 135168]

R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [3/27/2009 10:11 PM 73368]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [9/13/2010 2:12 PM 235472]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/4/2008 11:49 PM 8704]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/4/2008 11:49 PM 3072]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/14/2007 12:26 PM 39048]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [9/13/2010 2:10 PM 366840]

S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [11/26/2004 1:13 PM 13696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-11-20 20:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2008-12-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]

2008-12-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/index.html

uInternet Settings,ProxyOverride = *.local

IE:

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

Trusted Zone: cvtyapps.com\webapps-pdc

Trusted Zone: intuit.com\ttlc

Trusted Zone: taxactonline.com\www

Trusted Zone: turbotax.com

DPF: {181BCAB2-C89B-4E4B-9E6B-59FA67A426B5} - hxxps://webapps.cvty.com/epa/nsepa.ocx

DPF: {36299202-09EF-4ABF-ADB9-47C599DBE779} - hxxps://admin.na3.acrobat.com/_a759220994/validator/default/LTAWvalidation.cab

FF - ProfilePath - c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com

FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=

FF - component: c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}\components\Engine.dll

FF - component: c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll

FF - plugin: c:\documents and settings\Alan Brown\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\Alan Brown\Application Data\Move Networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbrowster.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.03.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-19 21:51

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1440)

c:\windows\system32\wininet.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3920)

c:\windows\system32\WININET.dll

c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

c:\program files\SecureBackupShare\LIBEAY32.dll

c:\program files\NoAds\NoAds.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-19 22:00:35

ComboFix-quarantined-files.txt 2010-09-20 03:00

ComboFix2.txt 2010-09-13 03:27

ComboFix3.txt 2010-09-12 00:00

Pre-Run: 28,975,099,904 bytes free

Post-Run: 29,155,373,056 bytes free

- - End Of File - - 9776683F91AABAAFF819C936A1DE58E6

Link to post
Share on other sites

  • Root Admin

Based on your description it seemed to be Malware related and it still could be but based on current CF log it looks more like you may have some core functionality of Windows that is broken.

Let's first try this TDSSkiller tool from Kaspersky - download it and run it and post back the log results please.

Then if that found nothing please continue with the steps below.

Please see the following Microsoft KB to try and correct one of the issues shown in the Event Logs

Error message: "Not enough server storage is available to process this command"

Then take a look at this article which can help to repair missing or corrupted files from an installation of Windows.

How to Perform a Windows XP Repair Install

If the problems still persist let me know please.

Link to post
Share on other sites

It wouldn't let me download the TDSSKiller, but I found it through a search and ran it but it found nothing.

Here is the log:

2010/09/20 20:12:03.0125 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41

2010/09/20 20:12:03.0125 ================================================================================

2010/09/20 20:12:03.0125 SystemInfo:

2010/09/20 20:12:03.0125

2010/09/20 20:12:03.0125 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/20 20:12:03.0125 Product type: Workstation

2010/09/20 20:12:03.0125 ComputerName: ALAN

2010/09/20 20:12:03.0125 UserName: Alan Brown

2010/09/20 20:12:03.0125 Windows directory: C:\WINDOWS

2010/09/20 20:12:03.0125 System windows directory: C:\WINDOWS

2010/09/20 20:12:03.0125 Processor architecture: Intel x86

2010/09/20 20:12:03.0125 Number of processors: 1

2010/09/20 20:12:03.0125 Page size: 0x1000

2010/09/20 20:12:03.0140 Boot type: Normal boot

2010/09/20 20:12:03.0140 ================================================================================

2010/09/20 20:12:03.0437 Initialize success

2010/09/20 20:12:20.0546 ================================================================================

2010/09/20 20:12:20.0546 Scan started

2010/09/20 20:12:20.0546 Mode: Manual;

2010/09/20 20:12:20.0546 ================================================================================

2010/09/20 20:12:22.0187 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/20 20:12:22.0234 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/20 20:12:22.0343 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/20 20:12:22.0437 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/20 20:12:22.0625 ALCXWDM (bea942ff21154fee4f71ddd477621c70) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/09/20 20:12:22.0953 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/09/20 20:12:23.0015 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/20 20:12:23.0062 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/20 20:12:23.0140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/20 20:12:23.0218 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/20 20:12:23.0312 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/09/20 20:12:23.0359 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/09/20 20:12:23.0421 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/09/20 20:12:23.0515 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/20 20:12:23.0703 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/20 20:12:23.0750 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/09/20 20:12:23.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/20 20:12:23.0890 cdfdrv (0e8a4e6989af9f30f623189a8759d39b) C:\WINDOWS\system32\DRIVERS\cdfdrv.sys

2010/09/20 20:12:23.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/20 20:12:23.0984 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/09/20 20:12:24.0015 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/09/20 20:12:24.0046 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/20 20:12:24.0218 ComcastSecureBackupShareFilter (19b917360fd65883af221d728629fe15) C:\WINDOWS\system32\DRIVERS\ComcastSecureBackupShare.sys

2010/09/20 20:12:24.0343 ctxpidmn (3c17a648e16945f25cd35aef854a143a) C:\WINDOWS\system32\DRIVERS\ctxpidmn.sys

2010/09/20 20:12:24.0406 CtxSbx (6bd1a73ccd9f02e24edd7393253ada19) C:\WINDOWS\system32\DRIVERS\CtxSbx.sys

2010/09/20 20:12:24.0468 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2010/09/20 20:12:24.0546 CVPNDRVA (762ba11f9cc5a78a916694078f5f2f88) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

2010/09/20 20:12:24.0703 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/20 20:12:24.0765 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/20 20:12:24.0843 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/20 20:12:24.0890 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/20 20:12:24.0937 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/20 20:12:25.0031 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2010/09/20 20:12:25.0109 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/20 20:12:25.0171 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys

2010/09/20 20:12:25.0218 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys

2010/09/20 20:12:25.0312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/20 20:12:25.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/20 20:12:25.0406 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/20 20:12:25.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/20 20:12:25.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/20 20:12:25.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/20 20:12:25.0671 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/20 20:12:25.0734 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/09/20 20:12:25.0781 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys

2010/09/20 20:12:25.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/20 20:12:25.0890 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/20 20:12:25.0953 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/09/20 20:12:26.0015 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/09/20 20:12:26.0062 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/09/20 20:12:26.0125 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/20 20:12:26.0250 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/20 20:12:26.0312 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\WINDOWS\system32\Drivers\ICDUSB2.sys

2010/09/20 20:12:26.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/20 20:12:26.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/20 20:12:26.0593 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/20 20:12:26.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/20 20:12:26.0703 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/20 20:12:26.0750 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/20 20:12:26.0812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/20 20:12:26.0937 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/20 20:12:27.0000 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/20 20:12:27.0046 Jukebox3 (33193d6dbdfaec78ea92b469b22ae57a) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys

2010/09/20 20:12:27.0109 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/20 20:12:27.0140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/09/20 20:12:27.0187 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/20 20:12:27.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/20 20:12:27.0406 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\WINDOWS\system32\mbmiodrvr.sys

2010/09/20 20:12:27.0484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/20 20:12:27.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/20 20:12:27.0609 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/20 20:12:27.0640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/20 20:12:27.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/20 20:12:27.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/20 20:12:27.0828 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/20 20:12:27.0859 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/20 20:12:27.0921 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/20 20:12:27.0953 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/20 20:12:27.0984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/20 20:12:28.0046 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/20 20:12:28.0078 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/09/20 20:12:28.0140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/20 20:12:28.0187 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/09/20 20:12:28.0265 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/20 20:12:28.0312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/09/20 20:12:28.0375 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/20 20:12:28.0421 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/20 20:12:28.0468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/20 20:12:28.0515 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/20 20:12:28.0578 Net6IM (4e35d1d12d3a693bde29ade679288d23) C:\WINDOWS\system32\DRIVERS\net6im51.sys

2010/09/20 20:12:28.0640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/20 20:12:28.0671 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/20 20:12:28.0781 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/20 20:12:28.0843 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/20 20:12:28.0890 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/09/20 20:12:28.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/20 20:12:29.0078 nv (a162aa83f04adb29fdcb69a1f85f1a3e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/09/20 20:12:29.0203 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/20 20:12:29.0234 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/20 20:12:29.0296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/20 20:12:29.0359 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/20 20:12:29.0421 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/20 20:12:29.0453 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/20 20:12:29.0515 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/20 20:12:29.0562 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/20 20:12:29.0671 PCTCore (8f93fb300deac55c553c2255f1d0342d) C:\WINDOWS\system32\drivers\PCTCore.sys

2010/09/20 20:12:29.0750 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys

2010/09/20 20:12:29.0812 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys

2010/09/20 20:12:30.0062 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2010/09/20 20:12:30.0171 Point32 (cf7c1868b90c90a265fc3f60ce46265b) C:\WINDOWS\system32\DRIVERS\point32.sys

2010/09/20 20:12:30.0250 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/20 20:12:30.0281 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/20 20:12:30.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/20 20:12:30.0406 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/20 20:12:30.0468 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/09/20 20:12:30.0640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/20 20:12:30.0718 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/20 20:12:30.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/20 20:12:30.0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/20 20:12:30.0859 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/20 20:12:30.0890 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/20 20:12:30.0937 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/09/20 20:12:31.0015 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/20 20:12:31.0078 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/20 20:12:31.0250 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/09/20 20:12:31.0265 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/09/20 20:12:31.0390 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/20 20:12:31.0453 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/20 20:12:31.0484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/20 20:12:31.0578 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/20 20:12:31.0687 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2010/09/20 20:12:31.0765 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2010/09/20 20:12:31.0796 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys

2010/09/20 20:12:31.0828 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys

2010/09/20 20:12:31.0859 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys

2010/09/20 20:12:31.0937 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys

2010/09/20 20:12:31.0984 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys

2010/09/20 20:12:32.0031 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys

2010/09/20 20:12:32.0093 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/09/20 20:12:32.0171 snapman (79555b34913cb5d1ea429d295c5a17ac) C:\WINDOWS\system32\DRIVERS\snapman.sys

2010/09/20 20:12:32.0250 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/20 20:12:32.0296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/20 20:12:32.0359 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/20 20:12:32.0437 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/09/20 20:12:32.0500 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/09/20 20:12:32.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/20 20:12:32.0609 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/20 20:12:32.0765 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/20 20:12:32.0875 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/20 20:12:32.0921 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/20 20:12:32.0953 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/20 20:12:33.0015 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/20 20:12:33.0093 tifsfilter (b3ee891d8c28e230421d506e363efc07) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

2010/09/20 20:12:33.0125 timounter (9dbe8fa8cb99761a476ffc034e9dbcfc) C:\WINDOWS\system32\DRIVERS\timntr.sys

2010/09/20 20:12:33.0234 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/20 20:12:33.0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/20 20:12:33.0453 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/09/20 20:12:33.0500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/20 20:12:33.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/20 20:12:33.0609 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/20 20:12:33.0656 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/09/20 20:12:33.0687 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/09/20 20:12:33.0718 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/09/20 20:12:33.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/20 20:12:33.0828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/20 20:12:33.0906 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys

2010/09/20 20:12:33.0953 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/20 20:12:34.0015 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys

2010/09/20 20:12:34.0078 vsdatant (d658e49302c382b88c8e9a08e20b2e82) C:\WINDOWS\system32\vsdatant.sys

2010/09/20 20:12:34.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/20 20:12:34.0296 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/09/20 20:12:34.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/20 20:12:34.0531 WISTechVIDCAP (0232776c73cd31c47e5139b52c6000b9) C:\WINDOWS\system32\drivers\Xstream.sys

2010/09/20 20:12:34.0640 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/09/20 20:12:34.0718 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/09/20 20:12:34.0781 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/09/20 20:12:34.0859 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/20 20:12:34.0906 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/20 20:12:34.0984 XLoader (8a73cc9a6292cf4b7b54b622ed9bd437) C:\WINDOWS\system32\Drivers\XLoader.sys

2010/09/20 20:12:35.0062 ================================================================================

2010/09/20 20:12:35.0062 Scan finished

2010/09/20 20:12:35.0062 ================================================================================

I looked at the MS KB articles but nothing there seemed to describe the symptoms I'm having.

I haven't gone down the path of a Windows repair install yet. Is that your recommendation? I still believe it is malware, but it certainly could have corrupted some Windows files. My experience with one repair install that I've done is that you can still end up with some issues, but I'm certainly no expert. If we go down that path, should I backup everything?

Thanks again.

Alan

Link to post
Share on other sites

  • Root Admin

Yes, one should always have a backup of all your personal data. Hardware failures can happen out of the blue and cause data loss that you'll never get back without a backup. Malware and Virus can also cause issues of lost data so if you're not already backing up your data on a schedule then you should be. Make sure you backup to an external source as well for safety.

Let me review this post with my colleagues and see if anything else comes to mind for them and I'll get back to you.

Link to post
Share on other sites

  • Root Admin

It should have a report to include all of those events. In any case we're looking for what we hope is the path to what we think is going on where Avira is removing the infection but not finishing up the process. So if you can get a report of all events that would be great.

Thanks.

Link to post
Share on other sites

  • Root Admin

Open Avira > Overview > reports > select the latest scan log. (not the Update or error logs), just the latest scan log where it says how many viruses and unwanted programs were found.

Rightclick that entry in reports and select: Display Report File.

I need the report where it detected the Auxspy Trojan.

Link to post
Share on other sites

Ron,

I can't find which application found the AuxSpy. I have attached 3 logs - 2 from Super Antispyware and 1 from Trojan hunter showing what they found.

========================

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 09/12/2010 at 00:57 AM

Application Version : 4.42.1000

Core Rules Database Version : 5490

Trace Rules Database Version: 3302

Scan type : Complete Scan

Total Scan Time : 01:05:37

Memory items scanned : 267

Memory threats detected : 0

Registry items scanned : 8945

Registry threats detected : 0

File items scanned : 39763

File threats detected : 576

Adware.Tracking Cookie

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.myminicardaccount[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.googleadservices[2].txt

.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.a1.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.a1.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.yieldmanager.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.specificmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.at.atwola.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.at.atwola.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.eyewonder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.eyewonder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.a.websponsors.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.web-stat.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.web-stat.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.web-stat.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.richmedia.yahoo.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

wsclick.infospace.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.hookedmediagroup.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.hookedmediagroup.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.hookedmediagroup.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.a1.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.network.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.nextag.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.nextag.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

ads.adultadvertising.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.adultfriendfinder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.playah.itsyourporn.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.imrworldwide.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.imrworldwide.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

ads1.adultadvertising.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.adserver.adtechus.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

dc.tremormedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.adecn.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.chitika.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.kontera.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.kontera.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.kontera.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

optimize.indieclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.pro-market.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.kontera.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.dmtracker.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lucidmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lucidmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lucidmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.adxpose.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

sales.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

d.mediaforceads.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.hardwareinsight.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.hardwareinsight.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lucidmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lucidmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.stats.paypal.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.clickboothlnk.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wmmikkcjsdo.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wjlyamdpoep.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.legolas-media.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.partypoker.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www.naked.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

naked.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

sexier.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.sexier.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.sexier.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.naiadsystems.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.naiadsystems.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

sales.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

server.iad.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.bs.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.at.atwola.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.bs.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

lottoseek.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

sales.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

adserver.duetads.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.videoegg.adbureau.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.mediaforge.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

server.iad.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www.myminicardaccount.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

dist.belnk.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

dist.belnk.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

dist.belnk.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

dist.belnk.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

dist.belnk.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

dist.belnk.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

ad1.clickhype.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.azjmp.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

sales.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www.clickmanage.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www.clickmanage.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

ext-us.bestofmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.xiti.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.legolas-media.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lucidmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lucidmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lockedonmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wjliohazohq.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.discount-equipment.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.discount-equipment.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.csi-tracking.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.traveladvertising.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.adserver.adtechus.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.specificmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wjmygpazahp.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wdmiuod5cao.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wdliogdzsgo.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

ads.zeusclicks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.intermundomedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.intermundomedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.s.clickability.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.s.clickability.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.friendfinder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.friendfinder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.friendfinder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.friendfinder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.friendfinder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.friendfinder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.kontera.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.bravenet.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

banner.adchemy.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

banner.adchemy.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.edgeadx.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wgmisicpibo.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

stat.onestat.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

stat.onestat.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.andomedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

stats.webstarts.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www.burstbeacon.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.nextag.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.nextag.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.nextag.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.nextag.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.nextag.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.nextag.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www5.addfreestats.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.yadro.ru [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.yadro.ru [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

publishers.clickbooth.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

publishers.clickbooth.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

publishers.clickbooth.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

publishers.clickbooth.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tripod.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tripod.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

static.freewebs.getclicky.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.hookedmediagroup.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.legolas-media.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.incentaclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.www.incentaclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

stats.townnews.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

stats.townnews.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

stats.townnews.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

stats.townnews.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.bizrate.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lucidmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lucidmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.lucidmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.a1.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.friendfinder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www.googleadservices.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

traffic.buyservices.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www.googleadservices.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.mediaplex.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.mediaplex.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tribalfusion.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.specificclick.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.specificclick.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.specificclick.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.specificclick.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.doubleclick.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.questionmarket.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.questionmarket.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.advertising.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.advertising.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.advertising.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.advertising.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.content.yieldmanager.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.mediabrandsww.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www.googleadservices.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wjny-1ldpsk.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wjmykmcpggq.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wjkyegczmhp.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wdkyugdpcap.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wjmiamajeap.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wdk4kncpchq.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wjl4knc5agp.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wdlyqmd5ifp.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.e-2dj6wjloomcjobo.stats.esomniture.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

C:\Documents and Settings\Alan Brown\Cookies\alan brown@www.findtherightschool[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.yourhitstats[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@stats.paypal[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@partners.offertrack[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@find.intelius[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@kontera[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@keywordmax[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjnyehdpalo.stats.esomniture[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@media6degrees[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@adinterax[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@tracking.keywordmax[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@discountcarinsurance[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.qsstats[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@countercentral[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@tripod[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@dmtracker[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.findawindowcontractor[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.revsci[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@pharmasuperdiscounts[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@1.tracking4rev[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@track.bestbuy[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@accounts.pkr[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@indexstats[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjl4shd5sdo.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@accounts.pkr[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.hrsaccount[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@click.office-watch[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wfmycpajsgo.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@thetrack.bostonherald[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@phantomoftheoperasoundtrack[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ad.directanetworks[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.directhomediscount[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@app.insightgrit[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.as4x.tmcs.ticketmaster[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.supermediastore[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@crackle[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@www.accountonline[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.cnn[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ssl.clickfacts[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.pathfinderdvd[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@insightexpressai[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjkyolcpogq.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@xos.adbureau[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.techguy[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@account.netzero[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@leads.encirclemedia[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjliahajmkp.stats.esomniture[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.bigfoot[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@secure.ravenmediainc[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@www.riverbelle[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@track.leadjunky[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6whliuid5kbo.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@adv.webmd[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wclougd5wfp.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.expedia[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjk4kodpmcp.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@media.nymag[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@media.nymag[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@media.nymag[3].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@lynxtrack[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@medtrackalert[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6waloaodzoep.stats.esomniture[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wflialdpokp.stats.esomniture[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@www.ecomtrack2[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@banner.onlinecasino[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@directhomediscount[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@freebingo.riverbelle[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@info.findtherightschool[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@pt.crossmediaservices[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@track.singleedge[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@www.eztrackz[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan brown@www.icadsales[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@a.websponsors[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.as4x.tmcs.ticketmaster[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.as4x.tmcs[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.as4x.tmcs[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.traderonline[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.bigfoot[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.cnn[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.gametap[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@affiliate.admtracker[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@adserving.autotrader[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@advertisersclearinghouse.aavalue[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@aff.primaryads[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@collective-media[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@banner.24ktgoldcasino[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@bizrate[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@cgm.adbureau[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@clickbank[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@collective-media[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@countrywide[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@countrywide[3].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@da-tracking[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@directhomediscount[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@dmtracker[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wfkoqidpwkq.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wfkygmdzigp.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wgkokpcjgbp.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wgmygodzebp.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjkysmdpccp.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6whmiahdzwho.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjkycpcjcfp.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjl4cpdpecq.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjlielazslp.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjloolcpkhp.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wmkiqmazoho.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wjnyujajodo.stats.esomniture[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@e-2dj6wmkieiazkfp.stats.esomniture[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@floridaangel.tripod[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@helpmefinddegrees[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@iacas.adbureau[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@incentaclick[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@insightexpressai[3].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@integraclick.integcb[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@inteletrack[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@interclick[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@kontera[3].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@link.mercent[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@loans.countrywide[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@loans.countrywide[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@lynxtrack[3].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@media.expedia[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@media.movies.ign[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@media6degrees[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@mediamegamall[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@mediasupply[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@mtracker.addthree[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@mystat.synch[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@partners.tattomedia[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@partner2profit[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@partner2profit[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@partypoker[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@precisionclick[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@publishers.clickbooth[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@publishers.clickbooth[3].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@richmedia.yahoo[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@richmedia.yahoo[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@roi.clicklab[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@sitestat.mayoclinic[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@tracking.offerstrategy[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@track.bestbuy[3].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@tracking.gajmp[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@tracking.lsfinteractive[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@trackzz[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@trafficvenuedirect[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.b-tracker[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.directhomediscount[3].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.findyour-replacementwindows[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.findasidingcontractor[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.gmbtrack[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.googleadservices[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.googleadservices[3].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.googleadservices[6].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.helpmefinddegrees[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.incentaclick[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.incentaclick[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.inteletrack[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.justthinkmedia[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.mediasupply[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.supermediastore[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.windowsmedia[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@www.xy7track[1].txt

serving-sys.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Macromedia\Flash Player\#SharedObjects\7RZCHC7J ]

.a.websponsors.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

clicks.jackpot.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

clicks.jackpot.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightfirst.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.apmebf.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.apmebf.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.adknowledge.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.adknowledge.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

stats.liutilities.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

stats.liutilities.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

www5.addfreestats.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.xiti.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.icc.intellisrv.net [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

itxt.vibrantmedia.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.nextag.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.nextag.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.nextag.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.nextag.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.nextag.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.bizrate.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.bizrate.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.bidclix.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

imp.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

imp.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

imp.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

imp.partner2profit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpresserdd.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpresserdd.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.insightexpresserdd.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.usenext.de [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.usenext.de [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.usenext.de [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.toplist.cz [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

server.cpmstar.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.adecn.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.adecn.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.maxserving.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.maxserving.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.www.admedian.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.adopt.hbmediapro.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.adopt.hbmediapro.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.optimost.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

adserve.webtoolcafe.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.partypoker.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.roiservice.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

hc2.humanclick.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

hc2.humanclick.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.tripod.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.ghostinvestigator.tripod.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

adserving.autotrader.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

www.metareward.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.metareward.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.metareward.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.www.metareward.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.metareward.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.metareward.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.crossmediaservices.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.redorbit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.redorbit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.redorbit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.redorbit.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.imrworldwide.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.imrworldwide.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

www.clickedyclick.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

www.clickedyclick.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

www.screensavers.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.i.screensavers.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.i.screensavers.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

.webpower.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

click.cashengines.com [ C:\Documents and Settings\Alan Brown\My Documents\Application Data\Mozilla\Firefox\Profiles\wfn9dnmv.default\cookies.txt ]

Trojan.Agent/Gen-FakeAlert

C:\PROGRAM FILES\SONY\DIGITAL VOICE EDITOR 2\UNINST2.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{794D9A94-3F35-4104-8166-53C3DDDB98C1}\RP374\A0047768.EXE

=================================

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 09/13/2010 at 01:19 PM

Application Version : 4.42.1000

Core Rules Database Version : 5496

Trace Rules Database Version: 3308

Scan type : Complete Scan

Total Scan Time : 01:13:36

Memory items scanned : 604

Memory threats detected : 0

Registry items scanned : 8950

Registry threats detected : 0

File items scanned : 40012

File threats detected : 78

Adware.Tracking Cookie

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@accounts.pkr[1].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ad.wsod[2].txt

C:\Documents and Settings\Alan Brown\Cookies\alan_brown@ads.digitalpressconsortium[1].txt

.kontera.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

wsclick.infospace.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www.googleadservices.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

sales.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.liveperson.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.interclick.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

mediastore.verizonwireless.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

myaccount.verizonwireless.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.chitika.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.kontera.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.kontera.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.xiti.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.collective-media.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.eyewonder.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.azjmp.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.azjmp.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.bs.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.specificmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.network.realmedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.jumps.ez-tracks.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.tacoda.net [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.at.atwola.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.at.atwola.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.rambler.ru [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

www.googleadservices.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.steelhousemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

.steelhousemedia.com [ C:\Documents and Settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\cookies.sqlite ]

Trojan.Agent/Gen-FakeAlert

C:\SYSTEM VOLUME INFORMATION\_RESTORE{794D9A94-3F35-4104-8166-53C3DDDB98C1}\RP374\A0047941.EXE

================

Hope this helps.

Alan

Trojan_hunter_2010_09_11_1937.txt

Link to post
Share on other sites

Here you go. What are you looking for?

Alan

=====================================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"="midimap.dll"

"msacm.imaadpcm"="imaadp32.acm"

"msacm.msadpcm"="msadp32.acm"

"msacm.msg711"="msg711.acm"

"msacm.msgsm610"="msgsm32.acm"

"msacm.trspch"="tssoft32.acm"

"vidc.cvid"="iccvid.dll"

"VIDC.I420"="msh263.drv"

"vidc.iv31"="ir32_32.dll"

"vidc.iv32"="ir32_32.dll"

"VIDC.IYUV"="iyuv_32.dll"

"vidc.mrle"="msrle32.dll"

"vidc.msvc"="msvidc32.dll"

"VIDC.UYVY"="msyuv.dll"

"VIDC.YUY2"="msyuv.dll"

"VIDC.YVU9"="iyvu9_32.dll"

"VIDC.YVYU"="msyuv.dll"

"wavemapper"="msacm32.drv"

"msacm.msg723"="msg723.acm"

"vidc.M263"="msh263.drv"

"vidc.M261"="msh261.drv"

"msacm.msaudio1"="msaud32.acm"

"msacm.sl_anet"="sl_anet.acm"

"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"

"wave"="wdmaud.drv"

"midi"="wdmaud.drv"

"mixer"="wdmaud.drv"

"MSVideo8"="VfWWDM32.dll"

"VIDC.WMV3"="wmv9vcm.dll"

"vidc.LEAD"="LCODCCMP.DLL"

"vidc.iv50"="ir50_32.dll"

"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"

"vidc.iv41"="ir41_32.ax"

"msacm.ac3filter"="ac3filter.acm"

"aux"="wdmaud.drv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP]

"wave"="rdpsnd.dll"

"MaxBandwidth"=dword:000056b9

"wavemapper"="msacm32.drv"

"EnableMP3Codec"=dword:00000001

"midimapper"="midimap.dll"

"mixer"="rdpsnd.dll"

Link to post
Share on other sites

  • Root Admin

Please let me know how the computer is running now. When you originally posted you could not seem to run anything but now you seem to be able to run most of the tools I've asked you to run. What do you see, or what do you experience that is still seemingly Malware related?

Please run the following. Click on START - RUN and copy/paste the following into the RUN line and click OK.

cmd /c REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v LoadAppInit_DLLs /f

This will pop up a small black DOS box very quickly and go away. It's should remove an invalid entry in the registry for you.

Also please run this so that we can see what's going on in the Event Logs again.

  1. Download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
  2. Double-click VEW.exe
  3. Under 'Select log to query', select:
    • Application
    • System

[*]Under 'Select type to list', select:

  • Error

[*] Click the radio button for 'Number of events'

[*]Type 20 in the 1 to 20 box

[*]Then click the Run button.

[*]Notepad will open with the output log.

Please post the Output log in your next reply

Link to post
Share on other sites

The machine seems to be running about the same that it was when we started. I am unable to run MBAM, Comcast Backup, Cactus Spam filter, etc. The machine is now hanging during bootup about half the time.

One interesting thing that I found today was I started up Spyware Blaster and looked at the protection status and it told me that 6 items were unprotected. I couldn't figure out which ones those were, whether they were cookies or ActiveX, but I thought that was weird. I haven't fixed that yet as I didn't want to confuse the issue.

I ran Dr Web again last night and it found AuxSpy again and another one that I didn't recognize:

[scan path] c:\program files\pc tools security\bdt\bdtupdateservice.exe

c:\program files\pc tools security\bdt\bdtupdateservice.exe probably infected with MULDROP.Trojan

Thanks for your continued help.

Alan

Here is the event viewer log:

Vino's Event Viewer v01c run on Windows XP in English

Report run at 25/09/2010 10:42:51 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 25/09/2010 2:03:48 AM

Type: error Category: 0

Event: 2006 Source: PerfNet

Unable to read Server Queue performance data from the Server service. No Server Queue performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 25/09/2010 2:03:48 AM

Type: error Category: 0

Event: 2005 Source: PerfNet

Unable to read performance data from the Server service. No Server performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 25/09/2010 2:03:47 AM

Type: error Category: 0

Event: 2006 Source: PerfNet

Unable to read Server Queue performance data from the Server service. No Server Queue performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 25/09/2010 2:03:47 AM

Type: error Category: 0

Event: 2005 Source: PerfNet

Unable to read performance data from the Server service. No Server performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 24/09/2010 10:49:45 PM

Type: error Category: 100

Event: 1000 Source: Application Error

Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 24/09/2010 10:41:07 PM

Type: error Category: 0

Event: 3009 Source: LoadPerf

Installing the performance counter strings for service WmiApRpl ((null)) failed. The Error code is the first DWORD in Data section.

Log: 'Application' Date/Time: 24/09/2010 10:41:07 PM

Type: error Category: 0

Event: 3003 Source: LoadPerf

The SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key could not be opened or accessed in order to install counter strings.The Win32 status returned by the call is the first DWORD in Data section.

Log: 'Application' Date/Time: 24/09/2010 10:40:59 PM

Type: error Category: 0

Event: 2006 Source: PerfNet

Unable to read Server Queue performance data from the Server service. No Server Queue performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 24/09/2010 10:40:59 PM

Type: error Category: 0

Event: 2005 Source: PerfNet

Unable to read performance data from the Server service. No Server performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 24/09/2010 10:40:59 PM

Type: error Category: 0

Event: 2006 Source: PerfNet

Unable to read Server Queue performance data from the Server service. No Server Queue performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 24/09/2010 10:40:59 PM

Type: error Category: 0

Event: 2005 Source: PerfNet

Unable to read performance data from the Server service. No Server performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 24/09/2010 10:40:58 PM

Type: error Category: 0

Event: 2006 Source: PerfNet

Unable to read Server Queue performance data from the Server service. No Server Queue performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 24/09/2010 10:40:58 PM

Type: error Category: 0

Event: 2005 Source: PerfNet

Unable to read performance data from the Server service. No Server performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 24/09/2010 7:03:28 PM

Type: error Category: 100

Event: 1000 Source: Application Error

Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 23/09/2010 9:32:33 PM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02791488.

Log: 'Application' Date/Time: 23/09/2010 6:36:44 AM

Type: error Category: 0

Event: 2006 Source: PerfNet

Unable to read Server Queue performance data from the Server service. No Server Queue performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 23/09/2010 6:36:44 AM

Type: error Category: 0

Event: 2005 Source: PerfNet

Unable to read performance data from the Server service. No Server performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 23/09/2010 6:36:44 AM

Type: error Category: 0

Event: 2006 Source: PerfNet

Unable to read Server Queue performance data from the Server service. No Server Queue performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 23/09/2010 6:36:44 AM

Type: error Category: 0

Event: 2005 Source: PerfNet

Unable to read performance data from the Server service. No Server performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Log: 'Application' Date/Time: 23/09/2010 6:36:43 AM

Type: error Category: 0

Event: 2006 Source: PerfNet

Unable to read Server Queue performance data from the Server service. No Server Queue performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 25/09/2010 10:30:17 AM

Type: error Category: 0

Event: 7009 Source: Service Control Manager

Timeout (30000 milliseconds) waiting for the LightScribeService Direct Disc Labeling Service service to connect.

Log: 'System' Date/Time: 25/09/2010 10:30:17 AM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The HID Input Service service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/09/2010 10:48:40 PM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The HID Input Service service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/09/2010 10:41:10 PM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The WMI Performance Adapter service terminated with the following error: Unspecified error

Log: 'System' Date/Time: 24/09/2010 7:02:22 PM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The HID Input Service service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/09/2010 7:02:22 PM

Type: error Category: 0

Event: 7009 Source: Service Control Manager

Timeout (30000 milliseconds) waiting for the Browser Defender Update Service service to connect.

Log: 'System' Date/Time: 24/09/2010 6:20:19 AM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The HID Input Service service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/09/2010 6:20:19 AM

Type: error Category: 0

Event: 7009 Source: Service Control Manager

Timeout (30000 milliseconds) waiting for the Browser Defender Update Service service to connect.

Log: 'System' Date/Time: 23/09/2010 10:33:18 PM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The HID Input Service service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 23/09/2010 10:33:18 PM

Type: error Category: 0

Event: 7009 Source: Service Control Manager

Timeout (30000 milliseconds) waiting for the Browser Defender Update Service service to connect.

Log: 'System' Date/Time: 23/09/2010 7:28:04 PM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The HID Input Service service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 23/09/2010 7:28:04 PM

Type: error Category: 0

Event: 7009 Source: Service Control Manager

Timeout (30000 milliseconds) waiting for the Browser Defender Update Service service to connect.

Log: 'System' Date/Time: 23/09/2010 5:12:11 PM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The HID Input Service service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 23/09/2010 5:12:11 PM

Type: error Category: 0

Event: 7009 Source: Service Control Manager

Timeout (30000 milliseconds) waiting for the Browser Defender Update Service service to connect.

Log: 'System' Date/Time: 23/09/2010 6:10:21 AM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The HID Input Service service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 23/09/2010 6:10:21 AM

Type: error Category: 0

Event: 7009 Source: Service Control Manager

Timeout (30000 milliseconds) waiting for the Browser Defender Update Service service to connect.

Log: 'System' Date/Time: 22/09/2010 10:52:49 PM

Type: error Category: 0

Event: 7011 Source: Service Control Manager

Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Log: 'System' Date/Time: 22/09/2010 6:05:34 PM

Type: error Category: 0

Event: 7032 Source: Service Control Manager

The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 22/09/2010 6:05:03 PM

Type: error Category: 0

Event: 10010 Source: DCOM

The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 22/09/2010 6:03:10 PM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The HID Input Service service terminated with the following error: The specified module could not be found.

Link to post
Share on other sites

  • Root Admin

    Please create a BOOTLOG
  • Delete the following file if it exists. C:\Windows\ntbtlog.txt
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
Link to post
Share on other sites

  • Root Admin

Please also go ahead and run the following.

RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any active real-time protection
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. UNcheck the rest. then Click OK.
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. (eg. desktop) then Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
  • Note: Do not run any programs while RKUnHooker is running

Link to post
Share on other sites

Here's the bootlog:

Service Pack 3 9 28 2010 18:48:28.500

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver fltmgr.sys

Loaded driver ACPI.sys

Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver pciide.sys

Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver PartMgr.sys

Loaded driver siside.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Loaded driver sr.sys

Loaded driver PCTCore.sys

Loaded driver pctDS.sys

Loaded driver pctEFA.sys

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver WudfPf.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver timntr.sys

Loaded driver snapman.sys

Loaded driver sisperf.sys

Loaded driver sisidex.sys

Loaded driver SISAGPX.sys

Loaded driver Mup.sys

Loaded driver giveio.sys

Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys

Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys

Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\system32\drivers\pfc.sys

Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS

Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS

Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys

Loaded driver \SystemRoot\system32\drivers\ALCXWDM.SYS

Loaded driver \SystemRoot\System32\DRIVERS\usbohci.sys

Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys

Loaded driver \SystemRoot\System32\DRIVERS\sisnicxp.sys

Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys

Loaded driver \SystemRoot\System32\DRIVERS\serial.sys

Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys

Loaded driver \SystemRoot\System32\DRIVERS\parport.sys

Loaded driver \SystemRoot\system32\DRIVERS\VMNetSrv.sys

Loaded driver \SystemRoot\system32\DRIVERS\dne2000.sys

Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys

Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\System32\DRIVERS\psched.sys

Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\system32\DRIVERS\net6im51.sys

Loaded driver \SystemRoot\System32\DRIVERS\rdpdr.sys

Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\System32\DRIVERS\update.sys

Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys

Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS

Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Loaded driver \SystemRoot\system32\DRIVERS\ComcastSecureBackupShare.sys

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Did not load driver \SystemRoot\System32\DRIVERS\i8042prt.sys

Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys

Loaded driver \SystemRoot\System32\drivers\vga.sys

Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys

Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys

Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys

Did not load driver \SystemRoot\System32\DRIVERS\processr.sys

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Loaded driver \??\C:\WINDOWS\system32\Drivers\vmm.sys

Loaded driver \SystemRoot\system32\DRIVERS\ssmdrv.sys

Loaded driver \SystemRoot\System32\DRIVERS\srvkp.sys

Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys

Loaded driver \??\C:\WINDOWS\system32\mbmiodrvr.sys

Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys

Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys

Loaded driver \SystemRoot\System32\Drivers\Fips.SYS

Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys

Loaded driver \SystemRoot\system32\DRIVERS\cdfdrv.sys

Loaded driver \SystemRoot\system32\DRIVERS\Wdf01000.sys

Loaded driver \SystemRoot\system32\DRIVERS\NuidFltr.sys

Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys

Loaded driver \SystemRoot\system32\DRIVERS\point32.sys

Loaded driver \SystemRoot\system32\DRIVERS\avipbb.sys

Loaded driver \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys

Loaded driver \SystemRoot\System32\Drivers\ASPI32.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\ctxpidmn.sys

Loaded driver \SystemRoot\system32\DRIVERS\CtxSbx.sys

Loaded driver \SystemRoot\system32\DRIVERS\avgntflt.sys

Loaded driver \SystemRoot\system32\DRIVERS\tifsfilt.sys

Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys

Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS

Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys

Loaded driver \SystemRoot\system32\drivers\wdmaud.sys

Loaded driver \SystemRoot\system32\drivers\sysaudio.sys

Loaded driver \SystemRoot\system32\drivers\splitter.sys

Loaded driver \SystemRoot\system32\drivers\aec.sys

Loaded driver \SystemRoot\system32\drivers\swmidi.sys

Loaded driver \SystemRoot\system32\drivers\DMusic.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \SystemRoot\system32\drivers\drmkaud.sys

Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS

Did not load driver \SystemRoot\system32\DRIVERS\avgntflt.sys

Loaded driver \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

Loaded driver \SystemRoot\System32\DRIVERS\srv.sys

Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

===========================================

And here's the log from Combofix:

ComboFix 10-09-27.05 - Alan Brown 09/28/2010 19:00:38.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.665 [GMT -5:00]

Running from: c:\documents and settings\Alan Brown\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Alan Brown\My Documents\total registry 09202010.reg

.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))

.

2010-09-16 03:39 . 2010-09-09 01:45 615568 ----a-w- c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-09-16 03:39 . 2010-09-09 01:45 640264 ----a-w- c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-09-15 01:05 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-15 01:05 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-13 19:12 . 2010-08-30 18:57 767952 ----a-w- c:\windows\BDTSupport.dll

2010-09-13 19:12 . 2010-09-02 20:00 739280 ----a-w- c:\windows\PCTBDRes.dll

2010-09-13 19:12 . 2010-09-02 20:00 1865680 ----a-w- c:\windows\PCTBDCore.dll

2010-09-13 19:12 . 2010-08-26 14:30 2074 ----a-w- c:\windows\UDB.zip

2010-09-13 19:10 . 2010-09-13 19:10 -------- d-----w- c:\documents and settings\Alan Brown\Application Data\PC Tools

2010-09-13 19:08 . 2010-09-13 19:09 76704960 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe

2010-09-12 17:18 . 2010-09-24 02:10 -------- d-----w- c:\documents and settings\Alan Brown\DoctorWeb

2010-09-11 22:24 . 2010-09-13 15:45 63488 ----a-w- c:\documents and settings\Alan Brown\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-11 22:24 . 2010-09-11 22:24 52224 ----a-w- c:\documents and settings\Alan Brown\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-11 15:21 . 2010-09-11 15:21 -------- d-----w- c:\program files\Cactus Spam Filter 3.01

2010-09-09 00:16 . 2010-06-02 15:28 865792 ----a-w- c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll

2010-08-30 14:44 . 2010-08-30 14:46 -------- d-----w- c:\program files\SpywareBlaster

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-26 15:38 . 2008-05-03 00:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-26 15:38 . 2010-09-13 19:10 -------- d-----w- c:\program files\PC Tools Security

2010-09-22 23:07 . 2009-05-14 14:32 -------- d-----w- c:\program files\TrojanHunter 5.1

2010-09-17 20:35 . 2010-09-13 00:16 631156 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll

2010-09-17 20:35 . 2010-09-13 00:16 471413 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll

2010-09-17 20:35 . 2010-09-13 00:16 1368443 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll

2010-09-17 20:35 . 2010-09-13 00:16 2916727 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll

2010-09-17 20:35 . 2010-09-13 00:16 401780 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll

2010-09-17 01:54 . 2009-05-14 00:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-14 22:05 . 2010-09-13 19:11 727750 ----a-w- c:\windows\system32\drivers\Cat.DB

2010-09-13 19:12 . 2010-09-13 19:10 -------- d-----w- c:\program files\Common Files\PC Tools

2010-09-13 19:10 . 2009-05-14 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-09-13 15:44 . 2009-05-14 13:06 117760 ----a-w- c:\documents and settings\Alan Brown\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-13 15:19 . 2006-05-05 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-11 23:53 . 2007-08-31 14:56 -------- d-----w- c:\program files\mypoints

2010-09-11 23:31 . 2009-07-06 22:54 -------- d-----w- c:\documents and settings\Alan Brown\Application Data\ZoomBrowser EX

2010-09-11 22:21 . 2009-05-16 16:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-11 20:23 . 2006-05-05 03:35 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-09 02:42 . 2009-11-23 21:56 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-05 16:55 . 2009-10-05 19:01 -------- d-----w- c:\documents and settings\Alan Brown\Application Data\HpUpdate

2010-09-03 16:28 . 2010-09-13 19:10 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2010-09-01 16:21 . 2010-09-13 19:11 159296 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-09-01 15:13 . 2010-09-13 19:11 247824 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-08-31 01:06 . 2006-05-04 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink

2010-08-30 18:55 . 2006-05-05 03:22 107 ----a-w- c:\windows\Recorder.dat

2010-08-27 13:26 . 2010-09-13 19:10 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-08-27 13:26 . 2010-09-13 19:10 123968 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2010-08-26 21:09 . 2010-08-26 21:09 -------- d-----w- c:\program files\QuickTime

2010-08-26 16:57 . 2010-09-13 00:16 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll

2010-08-23 14:36 . 2010-09-13 19:12 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-08-18 18:51 . 2010-09-13 19:11 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-08-18 11:13 . 2006-05-05 02:55 -------- d-----w- c:\documents and settings\Alan Brown\Application Data\Apple Computer

2010-08-17 13:17 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 13:39 . 2010-08-16 13:38 -------- d-----w- c:\program files\iTunes

2010-08-16 13:39 . 2010-08-16 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-16 13:38 . 2010-08-16 13:38 -------- d-----w- c:\program files\iPod

2010-08-16 13:38 . 2007-08-17 00:30 -------- d-----w- c:\program files\Common Files\Apple

2010-08-16 13:24 . 2009-06-04 19:32 -------- d-----w- c:\program files\Bonjour

2010-08-16 13:18 . 2010-08-16 13:18 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-08-14 04:00 . 2007-02-02 09:17 -------- d-----w- c:\program files\Windows Media Connect 2

2010-08-14 03:36 . 2007-09-16 21:40 -------- d-----w- c:\program files\Amazon

2010-08-14 03:36 . 2007-09-16 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon

2010-08-14 03:36 . 2006-05-02 03:06 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-10 21:58 . 2010-09-13 19:10 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2010-08-08 23:30 . 2009-05-14 22:53 -------- d-----w- c:\program files\a-squared Free

2010-08-08 02:02 . 2009-05-16 16:48 -------- d-----w- c:\program files\CCleaner

2010-07-29 22:54 . 2010-09-13 00:16 106868 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll

2010-07-22 15:49 . 2002-08-29 08:41 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-16 11:05 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-21 21:44 . 2010-09-13 00:16 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll

2010-07-20 19:34 . 2010-09-13 00:16 192887 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll

2010-07-16 19:59 . 2010-09-13 19:11 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2010-07-16 19:59 . 2010-09-13 19:11 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2008-10-27 16:17 . 2008-10-27 16:17 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2008-10-27 16:17 . 2008-10-27 16:17 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2008-10-27 16:17 . 2008-10-27 16:17 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll

2008-08-16 23:42 . 2008-08-16 23:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 23:42 . 2008-08-16 23:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 23:42 . 2008-08-16 23:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 23:42 . 2008-08-16 23:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 23:43 . 2008-08-16 23:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 23:42 . 2008-08-16 23:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 23:42 . 2008-08-16 23:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-10-27 16:17 . 2008-10-27 16:17 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2008-05-21 14:41 . 2008-05-21 14:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 14:41 . 2008-05-21 14:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 14:41 . 2008-05-21 14:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll

2008-06-05 19:58 . 2008-06-05 19:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 23:42 . 2008-08-16 23:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-09-11_23.54.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-28 23:49 . 2010-09-28 23:49 16384 c:\windows\temp\Perflib_Perfdata_7b4.dat

+ 2010-08-14 04:00 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll

+ 2001-08-23 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

+ 2002-08-29 08:41 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll

- 2002-08-29 08:41 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll

- 2002-08-29 08:41 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll

+ 2002-08-29 08:41 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll

+ 2006-10-19 03:47 . 2010-03-30 17:24 317440 c:\windows\system32\mp4sdecd.dll

- 2006-10-19 03:47 . 2009-01-31 01:33 317440 c:\windows\system32\MP4SDECD.dll

+ 2006-05-02 02:52 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll

+ 2002-08-29 08:41 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll

- 2002-08-29 08:41 . 2008-04-14 00:12 293376 c:\windows\system32\dllcache\winsrv.dll

- 2002-08-29 08:41 . 2008-04-14 00:12 406016 c:\windows\system32\dllcache\usp10.dll

+ 2002-08-29 08:41 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll

+ 2002-08-29 08:41 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll

+ 2010-03-30 17:24 . 2010-03-30 17:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll

+ 2008-08-13 11:00 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2006-05-05 02:32 . 2010-09-14 21:57 35552200 c:\windows\system32\MRT.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]

2009-11-20 23:17 1440768 ----a-w- c:\program files\MyPoints Toolbar 2.0\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B}]

2007-08-16 01:02 380928 ----a-w- c:\program files\Snap Shots\snapbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= "c:\program files\Snap Shots\snapbar.dll" [2007-08-16 380928]

"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-20 1440768]

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]

[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]

[HKEY_CLASSES_ROOT\TypeLib\{F57712B7-CEDB-4C0E-915B-4BB043CEF769}]

[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]

[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]

[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= "c:\program files\Snap Shots\snapbar.dll" [2007-08-16 380928]

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]

[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]

[HKEY_CLASSES_ROOT\TypeLib\{F57712B7-CEDB-4C0E-915B-4BB043CEF769}]

[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]

@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"

[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]

2010-06-18 13:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]

@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"

[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]

2010-06-18 13:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]

@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"

[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]

2010-06-18 13:48 2224456 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]

"NoAds"="c:\program files\NoAds\NoAds.exe" [2006-05-04 122880]

"com.codeode.cactusspamfilter"="c:\program files\Cactus Spam Filter 2.13\cactusspamfilter.exe" [2006-04-30 749568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"THGuard"="c:\program files\TrojanHunter 5.1\THGuard.exe" [2009-05-11 1061536]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704]

"nwiz"="nwiz.exe" [2004-05-14 831488]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-05-14 81920]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Alan Brown\Start Menu\Programs\Startup\

ClipMate 4.5.lnk - c:\program files\clipmt40\CLIPMT45.exe [2006-5-3 975872]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Ashampoo Magical Defrag.lnk - c:\program files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe [2008-7-6 4538672]

Secure Backup and Share Status.lnk - c:\program files\SecureBackupShare\ComcastSecureBackupSharestat.exe [2010-6-18 2374984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2007-05-11 03:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=

"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=

"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/13/2010 2:11 PM 237632]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/13/2010 2:11 PM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [9/13/2010 2:11 PM 656320]

R1 cdfdrv;Cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [7/27/2008 8:14 PM 27672]

R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [3/13/2010 9:52 PM 54776]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/16/2009 6:33 PM 108289]

R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2/9/2010 10:02 AM 45896]

R2 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [8/16/2008 8:51 PM 22808]

R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [8/16/2008 8:51 PM 185880]

R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [3/27/2009 10:11 PM 135168]

R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [3/27/2009 10:11 PM 73368]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/4/2008 11:49 PM 8704]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/4/2008 11:49 PM 3072]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/14/2007 12:26 PM 39048]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [9/13/2010 2:10 PM 366840]

S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [11/26/2004 1:13 PM 13696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-11-20 20:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2008-12-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]

2008-12-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/index.html

uInternet Settings,ProxyOverride = *.local

IE:

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

Trusted Zone: cvtyapps.com\webapps-pdc

Trusted Zone: intuit.com\ttlc

Trusted Zone: taxactonline.com\www

Trusted Zone: turbotax.com

DPF: {181BCAB2-C89B-4E4B-9E6B-59FA67A426B5} - hxxps://webapps.cvty.com/epa/nsepa.ocx

DPF: {36299202-09EF-4ABF-ADB9-47C599DBE779} - hxxps://admin.na3.acrobat.com/_a759220994/validator/default/LTAWvalidation.cab

FF - ProfilePath - c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com

FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=

FF - component: c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}\components\Engine.dll

FF - component: c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll

FF - plugin: c:\documents and settings\Alan Brown\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\Alan Brown\Application Data\Move Networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\Alan Brown\Application Data\Mozilla\Firefox\Profiles\7lulsbu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbrowster.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.03.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-28 19:16

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)

c:\windows\system32\wininet.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

Completion time: 2010-09-28 19:24:50

ComboFix-quarantined-files.txt 2010-09-29 00:24

ComboFix2.txt 2010-09-20 03:00

ComboFix3.txt 2010-09-13 03:27

ComboFix4.txt 2010-09-12 00:00

Pre-Run: 29,405,626,368 bytes free

Post-Run: 29,421,875,200 bytes free

- - End Of File - - 7720AC7CEE8CE59BFD5256A6948D7DBE

========================================================

I'll run RKUnhooker next.

Thanks again

Alan

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.